Analysis
-
max time kernel
198s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
21/11/2022, 14:22
General
-
Target
6fc88d7cb2d98e0cb231698e02744734fdfd89b4dd7bd4c52612a4578e028f21.exe
-
Size
72KB
-
MD5
20e84a854ac3bbee9ce9caa35e1a9f80
-
SHA1
df0250ee70a07474caf2e4a866c9c89634a46646
-
SHA256
6fc88d7cb2d98e0cb231698e02744734fdfd89b4dd7bd4c52612a4578e028f21
-
SHA512
3010dce38e3000c929077992c2799a15c01a4a01e5c7988ae2bcb2c7a3c1e7a490066e53e0b99770408a1ff7e91f0f3c973f1c370f6ada9039b793e4a8763ca0
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2Q:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrPk
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6fc88d7cb2d98e0cb231698e02744734fdfd89b4dd7bd4c52612a4578e028f21.exe"C:\Users\Admin\AppData\Local\Temp\6fc88d7cb2d98e0cb231698e02744734fdfd89b4dd7bd4c52612a4578e028f21.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\30871968\backup.exeC:\Users\Admin\AppData\Local\Temp\30871968\backup.exe C:\Users\Admin\AppData\Local\Temp\30871968\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\backup.exe\backup.exe \3⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\Admin\backup.exeC:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\data.exe"C:\Program Files\Common Files\data.exe" C:\Program Files\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\backup.exe"C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵
- Modifies visibility of file extensions in Explorer
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VC\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VGX\7⤵
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\SpeechEngines\backup.exe"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe"C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
-
-
-
-
C:\Program Files\DVD Maker\backup.exe"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\DVD Maker\de-DE\backup.exe"C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\DVD Maker\en-US\backup.exe"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\es-ES\backup.exe"C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\6⤵
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\fr-FR\backup.exe"C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\6⤵
-
-
C:\Program Files\DVD Maker\it-IT\backup.exe"C:\Program Files\DVD Maker\it-IT\backup.exe" C:\Program Files\DVD Maker\it-IT\6⤵
-
-
C:\Program Files\DVD Maker\ja-JP\backup.exe"C:\Program Files\DVD Maker\ja-JP\backup.exe" C:\Program Files\DVD Maker\ja-JP\6⤵
-
-
C:\Program Files\DVD Maker\Shared\backup.exe"C:\Program Files\DVD Maker\Shared\backup.exe" C:\Program Files\DVD Maker\Shared\6⤵
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\8⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\9⤵
-
-
-
C:\Program Files\Google\Chrome\Application\Dictionaries\backup.exe"C:\Program Files\Google\Chrome\Application\Dictionaries\backup.exe" C:\Program Files\Google\Chrome\Application\Dictionaries\8⤵
-
-
C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe"C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\8⤵
-
-
-
-
-
C:\Program Files\Internet Explorer\update.exe"C:\Program Files\Internet Explorer\update.exe" C:\Program Files\Internet Explorer\5⤵
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
-
-
C:\Program Files\Microsoft Games\backup.exe"C:\Program Files\Microsoft Games\backup.exe" C:\Program Files\Microsoft Games\5⤵
-
-
C:\Program Files\Microsoft Office\System Restore.exe"C:\Program Files\Microsoft Office\System Restore.exe" C:\Program Files\Microsoft Office\5⤵
-
-
C:\Program Files\Mozilla Firefox\backup.exe"C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\5⤵
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
-
-
C:\Program Files (x86)\Microsoft Analysis Services\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\5⤵
-
-
C:\Program Files (x86)\Microsoft Office\backup.exe"C:\Program Files (x86)\Microsoft Office\backup.exe" C:\Program Files (x86)\Microsoft Office\5⤵
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\6⤵
-
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
-
-
C:\Users\Admin\Favorites\backup.exeC:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\6⤵
-
-
C:\Users\Admin\Links\backup.exeC:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\6⤵
-
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
C:\Users\Public\Documents\backup.exeC:\Users\Public\Documents\backup.exe C:\Users\Public\Documents\6⤵
-
-
C:\Users\Public\Downloads\backup.exeC:\Users\Public\Downloads\backup.exe C:\Users\Public\Downloads\6⤵
-
-
C:\Users\Public\Music\backup.exeC:\Users\Public\Music\backup.exe C:\Users\Public\Music\6⤵
-
-
C:\Users\Public\Pictures\backup.exeC:\Users\Public\Pictures\backup.exe C:\Users\Public\Pictures\6⤵
-
-
-
-
C:\Windows\System Restore.exe"C:\Windows\System Restore.exe" C:\Windows\4⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeC:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD5a14d9f7b7b20b07b48be7f16115c34e7
SHA1f89c6c678af830bd420022ee9187e5c74948a29a
SHA25667170ef5996544e8b2714775d689992b0c2c824f57e1d22ec1e3a0055e5f806f
SHA512e6e44ba23bf6980e589403329a2ad53dcd4d79d39b914f71bb1dae30ebadc6ec78c2ee6e73df8338d9506bf94b711c6444479f618c94daafc889ac95c5fd04c2
-
Filesize
72KB
MD55c34e2aa76917c95eac96eec23635ded
SHA17263c7afa0a6adae7fa3541d59d392198f08d0ce
SHA256d0ae80543d221b8aba4287c01b94ef689a482090d83b93b64c0f191c8a0662ca
SHA512b31371380ff6da1d39d5dbaf8fa8bd79770ad97c73b87506334acaddf731e3bf7c2ad414b98c488ae6f85a8fb4d181c5136516595b64ff1646c3fac2b90fde48
-
Filesize
72KB
MD55c34e2aa76917c95eac96eec23635ded
SHA17263c7afa0a6adae7fa3541d59d392198f08d0ce
SHA256d0ae80543d221b8aba4287c01b94ef689a482090d83b93b64c0f191c8a0662ca
SHA512b31371380ff6da1d39d5dbaf8fa8bd79770ad97c73b87506334acaddf731e3bf7c2ad414b98c488ae6f85a8fb4d181c5136516595b64ff1646c3fac2b90fde48
-
Filesize
72KB
MD545ce198b15dd8af4c5290ed41304374d
SHA1b0c63943c379645eaa36852d59e2f9e39d4b7a1b
SHA25688e8dbbd76d5aafe69e177496f642d740a786ea694f262b5c7b3ae0ced3e1000
SHA5124de22ff98ca886764cb76ffba077ef1c86a5f311febb9ca4bed26868be26202c25bcce589b684afc9a9c54fd65c1dd6dfc129bcf021fbf7a6fd094341b128c43
-
Filesize
72KB
MD56cb4bd55a29a7009e5d07dd24e95cd0c
SHA1afc05433a7483a7f8a21684d9e785ac8c93384d2
SHA2563cb1562da8662155c67f70f6701cd31030e7328850cf700e6af20d4840127dbb
SHA51290f592f63640664d452cd9be0e65be1cebbd359fd9ee18dc14b0364632dc880b961fbee6ab7035f1985881084fa40ce15b73efe0daea055364f5e435e0d55fd7
-
Filesize
72KB
MD56cb4bd55a29a7009e5d07dd24e95cd0c
SHA1afc05433a7483a7f8a21684d9e785ac8c93384d2
SHA2563cb1562da8662155c67f70f6701cd31030e7328850cf700e6af20d4840127dbb
SHA51290f592f63640664d452cd9be0e65be1cebbd359fd9ee18dc14b0364632dc880b961fbee6ab7035f1985881084fa40ce15b73efe0daea055364f5e435e0d55fd7
-
Filesize
72KB
MD5fba2cedc6501c725eb86b4bd019a0648
SHA182e0165f393f1356150350f90864bd5a24c4c983
SHA25682b59d5adf3d9004d2c82c29cd75fca535ce58c6f3f4c07faee2075dee263670
SHA5127c6c16ac31d97c47dcacabd38482770c90f706905123a92c4bb8f634a32330f6bc138141eaa3307b3e52fe9770376db5a6f7d2b8e003903c1484e926ce280f13
-
Filesize
72KB
MD52a28b4999ba2dc6a263f88c53ae07b41
SHA1c52d7ee2496f42140cc597cba58a9a2632ebbf3f
SHA2569c197362940335fbfddff1184f3bdd9a31c2357f7e13c047da1bd7c6c25a12f7
SHA51227ec3bb2c9582eefbae0b493ddca80ca670d1f986935ccea8b094d1fe04cbcfc5b9b5cada43ee713fcdca6c4cf5b83182f8dcd4f13b5ee24e14ea027c8cfc35d
-
Filesize
72KB
MD52a28b4999ba2dc6a263f88c53ae07b41
SHA1c52d7ee2496f42140cc597cba58a9a2632ebbf3f
SHA2569c197362940335fbfddff1184f3bdd9a31c2357f7e13c047da1bd7c6c25a12f7
SHA51227ec3bb2c9582eefbae0b493ddca80ca670d1f986935ccea8b094d1fe04cbcfc5b9b5cada43ee713fcdca6c4cf5b83182f8dcd4f13b5ee24e14ea027c8cfc35d
-
Filesize
72KB
MD5b13caa49142b4ab99a118a2054b2d606
SHA1a3b5512c2817ade3b2dcf41a975e6bbf7402a6b9
SHA2569b793d92392c889b472e6ebb3754ca226ced520da9a1f9a2feb5156f018d7667
SHA51257b14afbd98de0429768ca4d027b909e1724a2f75704c6a49cca2d5a9642be9a7be23b7cfbfa69483655f57baad76e126eaf3832ac2f1ef5591ea4934e315a8d
-
Filesize
72KB
MD5fba2cedc6501c725eb86b4bd019a0648
SHA182e0165f393f1356150350f90864bd5a24c4c983
SHA25682b59d5adf3d9004d2c82c29cd75fca535ce58c6f3f4c07faee2075dee263670
SHA5127c6c16ac31d97c47dcacabd38482770c90f706905123a92c4bb8f634a32330f6bc138141eaa3307b3e52fe9770376db5a6f7d2b8e003903c1484e926ce280f13
-
Filesize
72KB
MD5fba2cedc6501c725eb86b4bd019a0648
SHA182e0165f393f1356150350f90864bd5a24c4c983
SHA25682b59d5adf3d9004d2c82c29cd75fca535ce58c6f3f4c07faee2075dee263670
SHA5127c6c16ac31d97c47dcacabd38482770c90f706905123a92c4bb8f634a32330f6bc138141eaa3307b3e52fe9770376db5a6f7d2b8e003903c1484e926ce280f13
-
Filesize
72KB
MD5b13caa49142b4ab99a118a2054b2d606
SHA1a3b5512c2817ade3b2dcf41a975e6bbf7402a6b9
SHA2569b793d92392c889b472e6ebb3754ca226ced520da9a1f9a2feb5156f018d7667
SHA51257b14afbd98de0429768ca4d027b909e1724a2f75704c6a49cca2d5a9642be9a7be23b7cfbfa69483655f57baad76e126eaf3832ac2f1ef5591ea4934e315a8d
-
Filesize
72KB
MD53dceae0cfc8a66055a251e58f2d48b5a
SHA1c333726d16ac6d71e8cc99f85e663d6c5ded0cfe
SHA256b9d984aaa6db6e29b94b6a7e47508b8d59859559f4bb88e7a7e74ea6a75a9928
SHA51232e7b8e7492b97c442978ef77fd85ebb49f6a6f34fa0b80d53af04928bf8dbd7db41decdc8848f2e5e9edd02d01bffbbd7d4713c38ef28bebda96abc45846e60
-
Filesize
72KB
MD53dceae0cfc8a66055a251e58f2d48b5a
SHA1c333726d16ac6d71e8cc99f85e663d6c5ded0cfe
SHA256b9d984aaa6db6e29b94b6a7e47508b8d59859559f4bb88e7a7e74ea6a75a9928
SHA51232e7b8e7492b97c442978ef77fd85ebb49f6a6f34fa0b80d53af04928bf8dbd7db41decdc8848f2e5e9edd02d01bffbbd7d4713c38ef28bebda96abc45846e60
-
Filesize
72KB
MD5b4d0896280a658c3b5f3e227a44f36a6
SHA1dc3bd345250c76def912a2601dfb02ccfd6091ae
SHA256f45c260f4226b5c721a38169506785c50c120086b32289cc8da19db393ad5e54
SHA512515ebf28aa8889ba958fba3635f38d57386baba86112f58c38f1716fba5956927f06e0270781c7f1f97b4234c4de501472ebf8c4c26d6eaf64376dd33d038c00
-
Filesize
72KB
MD5b4d0896280a658c3b5f3e227a44f36a6
SHA1dc3bd345250c76def912a2601dfb02ccfd6091ae
SHA256f45c260f4226b5c721a38169506785c50c120086b32289cc8da19db393ad5e54
SHA512515ebf28aa8889ba958fba3635f38d57386baba86112f58c38f1716fba5956927f06e0270781c7f1f97b4234c4de501472ebf8c4c26d6eaf64376dd33d038c00
-
Filesize
72KB
MD5930a8d357fb5ed282e4ab52dc2ab8ed5
SHA11ad3b8b32c1ac8af6f0bc1e32a69dd9886ba78a4
SHA256cd79fac2a3baa661b3dc1c2579fdca91c8b4777b9ec7cca9e40e6e620d56a69b
SHA512810ca63daa0203412fd12e2f3b22e73b9f044f7cd7c8e36847d5656038c6d0ebef31a8b6aca6f60d0fed58ce2a25a4fa016b95dd3980e01d78d7575edf668406
-
Filesize
72KB
MD5930a8d357fb5ed282e4ab52dc2ab8ed5
SHA11ad3b8b32c1ac8af6f0bc1e32a69dd9886ba78a4
SHA256cd79fac2a3baa661b3dc1c2579fdca91c8b4777b9ec7cca9e40e6e620d56a69b
SHA512810ca63daa0203412fd12e2f3b22e73b9f044f7cd7c8e36847d5656038c6d0ebef31a8b6aca6f60d0fed58ce2a25a4fa016b95dd3980e01d78d7575edf668406
-
Filesize
72KB
MD5930a8d357fb5ed282e4ab52dc2ab8ed5
SHA11ad3b8b32c1ac8af6f0bc1e32a69dd9886ba78a4
SHA256cd79fac2a3baa661b3dc1c2579fdca91c8b4777b9ec7cca9e40e6e620d56a69b
SHA512810ca63daa0203412fd12e2f3b22e73b9f044f7cd7c8e36847d5656038c6d0ebef31a8b6aca6f60d0fed58ce2a25a4fa016b95dd3980e01d78d7575edf668406
-
Filesize
72KB
MD5930a8d357fb5ed282e4ab52dc2ab8ed5
SHA11ad3b8b32c1ac8af6f0bc1e32a69dd9886ba78a4
SHA256cd79fac2a3baa661b3dc1c2579fdca91c8b4777b9ec7cca9e40e6e620d56a69b
SHA512810ca63daa0203412fd12e2f3b22e73b9f044f7cd7c8e36847d5656038c6d0ebef31a8b6aca6f60d0fed58ce2a25a4fa016b95dd3980e01d78d7575edf668406
-
Filesize
72KB
MD5930a8d357fb5ed282e4ab52dc2ab8ed5
SHA11ad3b8b32c1ac8af6f0bc1e32a69dd9886ba78a4
SHA256cd79fac2a3baa661b3dc1c2579fdca91c8b4777b9ec7cca9e40e6e620d56a69b
SHA512810ca63daa0203412fd12e2f3b22e73b9f044f7cd7c8e36847d5656038c6d0ebef31a8b6aca6f60d0fed58ce2a25a4fa016b95dd3980e01d78d7575edf668406
-
Filesize
72KB
MD5bad05941ec7c1f0d5e1481a074a73b07
SHA1285736440d1cb26f457881deff55728bc55abdad
SHA256737c2783548110224799b3d5ce7d85d364244c1af4c678cfdc201b8596fd0f8d
SHA5129ebdf29f16d5ac6dcdcc3c72b5ffd6570e911c21c664ea26d9aa240c864935dbf030ad6cd65fd92d6f7cc40f7c35b76482acf94ecd808cb3bb7944c4175287f8
-
Filesize
72KB
MD5930a8d357fb5ed282e4ab52dc2ab8ed5
SHA11ad3b8b32c1ac8af6f0bc1e32a69dd9886ba78a4
SHA256cd79fac2a3baa661b3dc1c2579fdca91c8b4777b9ec7cca9e40e6e620d56a69b
SHA512810ca63daa0203412fd12e2f3b22e73b9f044f7cd7c8e36847d5656038c6d0ebef31a8b6aca6f60d0fed58ce2a25a4fa016b95dd3980e01d78d7575edf668406
-
Filesize
72KB
MD59ccd52a8dd62025a6cb417ed4e4aef36
SHA11db0dff349a515aacd1a0ed490ad2a6efcb43503
SHA256d99fc7d5ee4c4a880ea810cdc46687e604a55e43d052522d082123c83c1c8834
SHA5123d45fa749f1d1f71b00b0c10f5ca3b920dda0d84daa264c0dd883ac28002dda8138ca75442e15b91481ba5061ba0a23616b1d2e950be038a3906de852c9845e7
-
Filesize
72KB
MD53913e4245305a3fad79b2ffc8a6a1b77
SHA17df2166bd3bcb5500cd345c400ac0a7485181204
SHA2565dec669e4fea5b2d5fa0d3426b15ef2eaf9da20da63b9ff064cce2fdf6f0b8b6
SHA51276094b972ba0d6c80254539072026afa190b09248edde4580de4b71f49fb8c7ce9841681ae369754fb07d126d106de5071bf46a268bdc853b9922716da6e85e4
-
Filesize
72KB
MD53913e4245305a3fad79b2ffc8a6a1b77
SHA17df2166bd3bcb5500cd345c400ac0a7485181204
SHA2565dec669e4fea5b2d5fa0d3426b15ef2eaf9da20da63b9ff064cce2fdf6f0b8b6
SHA51276094b972ba0d6c80254539072026afa190b09248edde4580de4b71f49fb8c7ce9841681ae369754fb07d126d106de5071bf46a268bdc853b9922716da6e85e4
-
Filesize
72KB
MD5a14d9f7b7b20b07b48be7f16115c34e7
SHA1f89c6c678af830bd420022ee9187e5c74948a29a
SHA25667170ef5996544e8b2714775d689992b0c2c824f57e1d22ec1e3a0055e5f806f
SHA512e6e44ba23bf6980e589403329a2ad53dcd4d79d39b914f71bb1dae30ebadc6ec78c2ee6e73df8338d9506bf94b711c6444479f618c94daafc889ac95c5fd04c2
-
Filesize
72KB
MD5a14d9f7b7b20b07b48be7f16115c34e7
SHA1f89c6c678af830bd420022ee9187e5c74948a29a
SHA25667170ef5996544e8b2714775d689992b0c2c824f57e1d22ec1e3a0055e5f806f
SHA512e6e44ba23bf6980e589403329a2ad53dcd4d79d39b914f71bb1dae30ebadc6ec78c2ee6e73df8338d9506bf94b711c6444479f618c94daafc889ac95c5fd04c2
-
Filesize
72KB
MD55c34e2aa76917c95eac96eec23635ded
SHA17263c7afa0a6adae7fa3541d59d392198f08d0ce
SHA256d0ae80543d221b8aba4287c01b94ef689a482090d83b93b64c0f191c8a0662ca
SHA512b31371380ff6da1d39d5dbaf8fa8bd79770ad97c73b87506334acaddf731e3bf7c2ad414b98c488ae6f85a8fb4d181c5136516595b64ff1646c3fac2b90fde48
-
Filesize
72KB
MD55c34e2aa76917c95eac96eec23635ded
SHA17263c7afa0a6adae7fa3541d59d392198f08d0ce
SHA256d0ae80543d221b8aba4287c01b94ef689a482090d83b93b64c0f191c8a0662ca
SHA512b31371380ff6da1d39d5dbaf8fa8bd79770ad97c73b87506334acaddf731e3bf7c2ad414b98c488ae6f85a8fb4d181c5136516595b64ff1646c3fac2b90fde48
-
Filesize
72KB
MD545ce198b15dd8af4c5290ed41304374d
SHA1b0c63943c379645eaa36852d59e2f9e39d4b7a1b
SHA25688e8dbbd76d5aafe69e177496f642d740a786ea694f262b5c7b3ae0ced3e1000
SHA5124de22ff98ca886764cb76ffba077ef1c86a5f311febb9ca4bed26868be26202c25bcce589b684afc9a9c54fd65c1dd6dfc129bcf021fbf7a6fd094341b128c43
-
Filesize
72KB
MD545ce198b15dd8af4c5290ed41304374d
SHA1b0c63943c379645eaa36852d59e2f9e39d4b7a1b
SHA25688e8dbbd76d5aafe69e177496f642d740a786ea694f262b5c7b3ae0ced3e1000
SHA5124de22ff98ca886764cb76ffba077ef1c86a5f311febb9ca4bed26868be26202c25bcce589b684afc9a9c54fd65c1dd6dfc129bcf021fbf7a6fd094341b128c43
-
Filesize
72KB
MD56cb4bd55a29a7009e5d07dd24e95cd0c
SHA1afc05433a7483a7f8a21684d9e785ac8c93384d2
SHA2563cb1562da8662155c67f70f6701cd31030e7328850cf700e6af20d4840127dbb
SHA51290f592f63640664d452cd9be0e65be1cebbd359fd9ee18dc14b0364632dc880b961fbee6ab7035f1985881084fa40ce15b73efe0daea055364f5e435e0d55fd7
-
Filesize
72KB
MD56cb4bd55a29a7009e5d07dd24e95cd0c
SHA1afc05433a7483a7f8a21684d9e785ac8c93384d2
SHA2563cb1562da8662155c67f70f6701cd31030e7328850cf700e6af20d4840127dbb
SHA51290f592f63640664d452cd9be0e65be1cebbd359fd9ee18dc14b0364632dc880b961fbee6ab7035f1985881084fa40ce15b73efe0daea055364f5e435e0d55fd7
-
Filesize
72KB
MD5fba2cedc6501c725eb86b4bd019a0648
SHA182e0165f393f1356150350f90864bd5a24c4c983
SHA25682b59d5adf3d9004d2c82c29cd75fca535ce58c6f3f4c07faee2075dee263670
SHA5127c6c16ac31d97c47dcacabd38482770c90f706905123a92c4bb8f634a32330f6bc138141eaa3307b3e52fe9770376db5a6f7d2b8e003903c1484e926ce280f13
-
Filesize
72KB
MD5fba2cedc6501c725eb86b4bd019a0648
SHA182e0165f393f1356150350f90864bd5a24c4c983
SHA25682b59d5adf3d9004d2c82c29cd75fca535ce58c6f3f4c07faee2075dee263670
SHA5127c6c16ac31d97c47dcacabd38482770c90f706905123a92c4bb8f634a32330f6bc138141eaa3307b3e52fe9770376db5a6f7d2b8e003903c1484e926ce280f13
-
Filesize
72KB
MD52a28b4999ba2dc6a263f88c53ae07b41
SHA1c52d7ee2496f42140cc597cba58a9a2632ebbf3f
SHA2569c197362940335fbfddff1184f3bdd9a31c2357f7e13c047da1bd7c6c25a12f7
SHA51227ec3bb2c9582eefbae0b493ddca80ca670d1f986935ccea8b094d1fe04cbcfc5b9b5cada43ee713fcdca6c4cf5b83182f8dcd4f13b5ee24e14ea027c8cfc35d
-
Filesize
72KB
MD52a28b4999ba2dc6a263f88c53ae07b41
SHA1c52d7ee2496f42140cc597cba58a9a2632ebbf3f
SHA2569c197362940335fbfddff1184f3bdd9a31c2357f7e13c047da1bd7c6c25a12f7
SHA51227ec3bb2c9582eefbae0b493ddca80ca670d1f986935ccea8b094d1fe04cbcfc5b9b5cada43ee713fcdca6c4cf5b83182f8dcd4f13b5ee24e14ea027c8cfc35d
-
Filesize
72KB
MD5b13caa49142b4ab99a118a2054b2d606
SHA1a3b5512c2817ade3b2dcf41a975e6bbf7402a6b9
SHA2569b793d92392c889b472e6ebb3754ca226ced520da9a1f9a2feb5156f018d7667
SHA51257b14afbd98de0429768ca4d027b909e1724a2f75704c6a49cca2d5a9642be9a7be23b7cfbfa69483655f57baad76e126eaf3832ac2f1ef5591ea4934e315a8d
-
Filesize
72KB
MD5b13caa49142b4ab99a118a2054b2d606
SHA1a3b5512c2817ade3b2dcf41a975e6bbf7402a6b9
SHA2569b793d92392c889b472e6ebb3754ca226ced520da9a1f9a2feb5156f018d7667
SHA51257b14afbd98de0429768ca4d027b909e1724a2f75704c6a49cca2d5a9642be9a7be23b7cfbfa69483655f57baad76e126eaf3832ac2f1ef5591ea4934e315a8d
-
Filesize
72KB
MD5fba2cedc6501c725eb86b4bd019a0648
SHA182e0165f393f1356150350f90864bd5a24c4c983
SHA25682b59d5adf3d9004d2c82c29cd75fca535ce58c6f3f4c07faee2075dee263670
SHA5127c6c16ac31d97c47dcacabd38482770c90f706905123a92c4bb8f634a32330f6bc138141eaa3307b3e52fe9770376db5a6f7d2b8e003903c1484e926ce280f13
-
Filesize
72KB
MD5fba2cedc6501c725eb86b4bd019a0648
SHA182e0165f393f1356150350f90864bd5a24c4c983
SHA25682b59d5adf3d9004d2c82c29cd75fca535ce58c6f3f4c07faee2075dee263670
SHA5127c6c16ac31d97c47dcacabd38482770c90f706905123a92c4bb8f634a32330f6bc138141eaa3307b3e52fe9770376db5a6f7d2b8e003903c1484e926ce280f13
-
Filesize
72KB
MD5b13caa49142b4ab99a118a2054b2d606
SHA1a3b5512c2817ade3b2dcf41a975e6bbf7402a6b9
SHA2569b793d92392c889b472e6ebb3754ca226ced520da9a1f9a2feb5156f018d7667
SHA51257b14afbd98de0429768ca4d027b909e1724a2f75704c6a49cca2d5a9642be9a7be23b7cfbfa69483655f57baad76e126eaf3832ac2f1ef5591ea4934e315a8d
-
Filesize
72KB
MD5b13caa49142b4ab99a118a2054b2d606
SHA1a3b5512c2817ade3b2dcf41a975e6bbf7402a6b9
SHA2569b793d92392c889b472e6ebb3754ca226ced520da9a1f9a2feb5156f018d7667
SHA51257b14afbd98de0429768ca4d027b909e1724a2f75704c6a49cca2d5a9642be9a7be23b7cfbfa69483655f57baad76e126eaf3832ac2f1ef5591ea4934e315a8d
-
Filesize
72KB
MD5df253c2f620cec0f04dacc7adeeb41b6
SHA1b63fbf1859f1229719823d261c6383959469f1a9
SHA256d72e9f3d2026b4e4ca8d7b4af2ad4870e8bbb8ec67b5f97b0d815ec8d868995f
SHA5128fec44f8b7a67c936ebd08caec3497124208a1b863c97ab5479d3d6cfd8ea55e57b39ccf89efd678f4a8627e3176b7c4ff6e803619504c9b9a9b0cd927ba9718
-
Filesize
72KB
MD53dceae0cfc8a66055a251e58f2d48b5a
SHA1c333726d16ac6d71e8cc99f85e663d6c5ded0cfe
SHA256b9d984aaa6db6e29b94b6a7e47508b8d59859559f4bb88e7a7e74ea6a75a9928
SHA51232e7b8e7492b97c442978ef77fd85ebb49f6a6f34fa0b80d53af04928bf8dbd7db41decdc8848f2e5e9edd02d01bffbbd7d4713c38ef28bebda96abc45846e60
-
Filesize
72KB
MD53dceae0cfc8a66055a251e58f2d48b5a
SHA1c333726d16ac6d71e8cc99f85e663d6c5ded0cfe
SHA256b9d984aaa6db6e29b94b6a7e47508b8d59859559f4bb88e7a7e74ea6a75a9928
SHA51232e7b8e7492b97c442978ef77fd85ebb49f6a6f34fa0b80d53af04928bf8dbd7db41decdc8848f2e5e9edd02d01bffbbd7d4713c38ef28bebda96abc45846e60
-
Filesize
72KB
MD5b4d0896280a658c3b5f3e227a44f36a6
SHA1dc3bd345250c76def912a2601dfb02ccfd6091ae
SHA256f45c260f4226b5c721a38169506785c50c120086b32289cc8da19db393ad5e54
SHA512515ebf28aa8889ba958fba3635f38d57386baba86112f58c38f1716fba5956927f06e0270781c7f1f97b4234c4de501472ebf8c4c26d6eaf64376dd33d038c00
-
Filesize
72KB
MD5b4d0896280a658c3b5f3e227a44f36a6
SHA1dc3bd345250c76def912a2601dfb02ccfd6091ae
SHA256f45c260f4226b5c721a38169506785c50c120086b32289cc8da19db393ad5e54
SHA512515ebf28aa8889ba958fba3635f38d57386baba86112f58c38f1716fba5956927f06e0270781c7f1f97b4234c4de501472ebf8c4c26d6eaf64376dd33d038c00
-
Filesize
72KB
MD5930a8d357fb5ed282e4ab52dc2ab8ed5
SHA11ad3b8b32c1ac8af6f0bc1e32a69dd9886ba78a4
SHA256cd79fac2a3baa661b3dc1c2579fdca91c8b4777b9ec7cca9e40e6e620d56a69b
SHA512810ca63daa0203412fd12e2f3b22e73b9f044f7cd7c8e36847d5656038c6d0ebef31a8b6aca6f60d0fed58ce2a25a4fa016b95dd3980e01d78d7575edf668406
-
Filesize
72KB
MD5930a8d357fb5ed282e4ab52dc2ab8ed5
SHA11ad3b8b32c1ac8af6f0bc1e32a69dd9886ba78a4
SHA256cd79fac2a3baa661b3dc1c2579fdca91c8b4777b9ec7cca9e40e6e620d56a69b
SHA512810ca63daa0203412fd12e2f3b22e73b9f044f7cd7c8e36847d5656038c6d0ebef31a8b6aca6f60d0fed58ce2a25a4fa016b95dd3980e01d78d7575edf668406
-
Filesize
72KB
MD5930a8d357fb5ed282e4ab52dc2ab8ed5
SHA11ad3b8b32c1ac8af6f0bc1e32a69dd9886ba78a4
SHA256cd79fac2a3baa661b3dc1c2579fdca91c8b4777b9ec7cca9e40e6e620d56a69b
SHA512810ca63daa0203412fd12e2f3b22e73b9f044f7cd7c8e36847d5656038c6d0ebef31a8b6aca6f60d0fed58ce2a25a4fa016b95dd3980e01d78d7575edf668406
-
Filesize
72KB
MD5930a8d357fb5ed282e4ab52dc2ab8ed5
SHA11ad3b8b32c1ac8af6f0bc1e32a69dd9886ba78a4
SHA256cd79fac2a3baa661b3dc1c2579fdca91c8b4777b9ec7cca9e40e6e620d56a69b
SHA512810ca63daa0203412fd12e2f3b22e73b9f044f7cd7c8e36847d5656038c6d0ebef31a8b6aca6f60d0fed58ce2a25a4fa016b95dd3980e01d78d7575edf668406
-
Filesize
72KB
MD5930a8d357fb5ed282e4ab52dc2ab8ed5
SHA11ad3b8b32c1ac8af6f0bc1e32a69dd9886ba78a4
SHA256cd79fac2a3baa661b3dc1c2579fdca91c8b4777b9ec7cca9e40e6e620d56a69b
SHA512810ca63daa0203412fd12e2f3b22e73b9f044f7cd7c8e36847d5656038c6d0ebef31a8b6aca6f60d0fed58ce2a25a4fa016b95dd3980e01d78d7575edf668406
-
Filesize
72KB
MD5930a8d357fb5ed282e4ab52dc2ab8ed5
SHA11ad3b8b32c1ac8af6f0bc1e32a69dd9886ba78a4
SHA256cd79fac2a3baa661b3dc1c2579fdca91c8b4777b9ec7cca9e40e6e620d56a69b
SHA512810ca63daa0203412fd12e2f3b22e73b9f044f7cd7c8e36847d5656038c6d0ebef31a8b6aca6f60d0fed58ce2a25a4fa016b95dd3980e01d78d7575edf668406
-
Filesize
72KB
MD5930a8d357fb5ed282e4ab52dc2ab8ed5
SHA11ad3b8b32c1ac8af6f0bc1e32a69dd9886ba78a4
SHA256cd79fac2a3baa661b3dc1c2579fdca91c8b4777b9ec7cca9e40e6e620d56a69b
SHA512810ca63daa0203412fd12e2f3b22e73b9f044f7cd7c8e36847d5656038c6d0ebef31a8b6aca6f60d0fed58ce2a25a4fa016b95dd3980e01d78d7575edf668406
-
Filesize
72KB
MD5930a8d357fb5ed282e4ab52dc2ab8ed5
SHA11ad3b8b32c1ac8af6f0bc1e32a69dd9886ba78a4
SHA256cd79fac2a3baa661b3dc1c2579fdca91c8b4777b9ec7cca9e40e6e620d56a69b
SHA512810ca63daa0203412fd12e2f3b22e73b9f044f7cd7c8e36847d5656038c6d0ebef31a8b6aca6f60d0fed58ce2a25a4fa016b95dd3980e01d78d7575edf668406
-
Filesize
72KB
MD5bad05941ec7c1f0d5e1481a074a73b07
SHA1285736440d1cb26f457881deff55728bc55abdad
SHA256737c2783548110224799b3d5ce7d85d364244c1af4c678cfdc201b8596fd0f8d
SHA5129ebdf29f16d5ac6dcdcc3c72b5ffd6570e911c21c664ea26d9aa240c864935dbf030ad6cd65fd92d6f7cc40f7c35b76482acf94ecd808cb3bb7944c4175287f8
-
Filesize
72KB
MD5bad05941ec7c1f0d5e1481a074a73b07
SHA1285736440d1cb26f457881deff55728bc55abdad
SHA256737c2783548110224799b3d5ce7d85d364244c1af4c678cfdc201b8596fd0f8d
SHA5129ebdf29f16d5ac6dcdcc3c72b5ffd6570e911c21c664ea26d9aa240c864935dbf030ad6cd65fd92d6f7cc40f7c35b76482acf94ecd808cb3bb7944c4175287f8
-
Filesize
72KB
MD5930a8d357fb5ed282e4ab52dc2ab8ed5
SHA11ad3b8b32c1ac8af6f0bc1e32a69dd9886ba78a4
SHA256cd79fac2a3baa661b3dc1c2579fdca91c8b4777b9ec7cca9e40e6e620d56a69b
SHA512810ca63daa0203412fd12e2f3b22e73b9f044f7cd7c8e36847d5656038c6d0ebef31a8b6aca6f60d0fed58ce2a25a4fa016b95dd3980e01d78d7575edf668406
-
Filesize
72KB
MD5930a8d357fb5ed282e4ab52dc2ab8ed5
SHA11ad3b8b32c1ac8af6f0bc1e32a69dd9886ba78a4
SHA256cd79fac2a3baa661b3dc1c2579fdca91c8b4777b9ec7cca9e40e6e620d56a69b
SHA512810ca63daa0203412fd12e2f3b22e73b9f044f7cd7c8e36847d5656038c6d0ebef31a8b6aca6f60d0fed58ce2a25a4fa016b95dd3980e01d78d7575edf668406
-
Filesize
72KB
MD59ccd52a8dd62025a6cb417ed4e4aef36
SHA11db0dff349a515aacd1a0ed490ad2a6efcb43503
SHA256d99fc7d5ee4c4a880ea810cdc46687e604a55e43d052522d082123c83c1c8834
SHA5123d45fa749f1d1f71b00b0c10f5ca3b920dda0d84daa264c0dd883ac28002dda8138ca75442e15b91481ba5061ba0a23616b1d2e950be038a3906de852c9845e7
-
Filesize
72KB
MD59ccd52a8dd62025a6cb417ed4e4aef36
SHA11db0dff349a515aacd1a0ed490ad2a6efcb43503
SHA256d99fc7d5ee4c4a880ea810cdc46687e604a55e43d052522d082123c83c1c8834
SHA5123d45fa749f1d1f71b00b0c10f5ca3b920dda0d84daa264c0dd883ac28002dda8138ca75442e15b91481ba5061ba0a23616b1d2e950be038a3906de852c9845e7
-
Filesize
8KB
-
Filesize
8KB