Analysis
-
max time kernel
162s -
max time network
35s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
29/11/2022, 13:47
General
-
Target
c961859ee75845bbd66fc6d04d91ce18a6546e649c9496fece941aba9c999f35.exe
-
Size
72KB
-
MD5
0063f77e6dcf4b78c9782b043df83f96
-
SHA1
3674c4e695f63076b6ac50f7435a8566429cc8c9
-
SHA256
c961859ee75845bbd66fc6d04d91ce18a6546e649c9496fece941aba9c999f35
-
SHA512
10a1877d5e1ccf329ce429c042df88114fc92ba36a2d07ececd5c2f718dd5d1576bb6506605e7a23000c93ea0956732bb7b71c359e33a37736e80934deb5172c
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2o:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrPc
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c961859ee75845bbd66fc6d04d91ce18a6546e649c9496fece941aba9c999f35.exe"C:\Users\Admin\AppData\Local\Temp\c961859ee75845bbd66fc6d04d91ce18a6546e649c9496fece941aba9c999f35.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\253950406\backup.exeC:\Users\Admin\AppData\Local\Temp\253950406\backup.exe C:\Users\Admin\AppData\Local\Temp\253950406\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\backup.exe\backup.exe \3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\PerfLogs\Admin\backup.exeC:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\backup.exe"C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\data.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\data.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\7⤵
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\SpeechEngines\backup.exe"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe"C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
-
-
C:\Program Files\Common Files\System\ado\fr-FR\data.exe"C:\Program Files\Common Files\System\ado\fr-FR\data.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
-
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\System\de-DE\System Restore.exe"C:\Program Files\Common Files\System\de-DE\System Restore.exe" C:\Program Files\Common Files\System\de-DE\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
-
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\7⤵
-
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
-
-
-
-
C:\Program Files\DVD Maker\backup.exe"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\DVD Maker\de-DE\backup.exe"C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\en-US\backup.exe"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\es-ES\backup.exe"C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\fr-FR\backup.exe"C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\it-IT\backup.exe"C:\Program Files\DVD Maker\it-IT\backup.exe" C:\Program Files\DVD Maker\it-IT\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\DVD Maker\ja-JP\backup.exe"C:\Program Files\DVD Maker\ja-JP\backup.exe" C:\Program Files\DVD Maker\ja-JP\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\Shared\backup.exe"C:\Program Files\DVD Maker\Shared\backup.exe" C:\Program Files\DVD Maker\Shared\6⤵
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Internet Explorer\de-DE\backup.exe"C:\Program Files\Internet Explorer\de-DE\backup.exe" C:\Program Files\Internet Explorer\de-DE\6⤵
-
-
C:\Program Files\Internet Explorer\en-US\backup.exe"C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\6⤵
-
-
C:\Program Files\Internet Explorer\es-ES\backup.exe"C:\Program Files\Internet Explorer\es-ES\backup.exe" C:\Program Files\Internet Explorer\es-ES\6⤵
-
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Java\jdk1.7.0_80\backup.exe"C:\Program Files\Java\jdk1.7.0_80\backup.exe" C:\Program Files\Java\jdk1.7.0_80\6⤵
-
-
C:\Program Files\Java\jre7\backup.exe"C:\Program Files\Java\jre7\backup.exe" C:\Program Files\Java\jre7\6⤵
-
-
-
C:\Program Files\Microsoft Games\backup.exe"C:\Program Files\Microsoft Games\backup.exe" C:\Program Files\Microsoft Games\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Microsoft Games\Chess\backup.exe"C:\Program Files\Microsoft Games\Chess\backup.exe" C:\Program Files\Microsoft Games\Chess\6⤵
-
-
C:\Program Files\Microsoft Games\FreeCell\backup.exe"C:\Program Files\Microsoft Games\FreeCell\backup.exe" C:\Program Files\Microsoft Games\FreeCell\6⤵
-
-
C:\Program Files\Microsoft Games\Hearts\backup.exe"C:\Program Files\Microsoft Games\Hearts\backup.exe" C:\Program Files\Microsoft Games\Hearts\6⤵
-
-
-
C:\Program Files\Microsoft Office\backup.exe"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Microsoft Office\Office14\backup.exe"C:\Program Files\Microsoft Office\Office14\backup.exe" C:\Program Files\Microsoft Office\Office14\6⤵
-
-
-
C:\Program Files\Mozilla Firefox\backup.exe"C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\5⤵
-
C:\Program Files\Mozilla Firefox\browser\backup.exe"C:\Program Files\Mozilla Firefox\browser\backup.exe" C:\Program Files\Mozilla Firefox\browser\6⤵
-
-
-
C:\Program Files\MSBuild\backup.exe"C:\Program Files\MSBuild\backup.exe" C:\Program Files\MSBuild\5⤵
-
-
C:\Program Files\Reference Assemblies\backup.exe"C:\Program Files\Reference Assemblies\backup.exe" C:\Program Files\Reference Assemblies\5⤵
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\data.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\data.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\8⤵
-
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
-
-
C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\6⤵
-
-
C:\Program Files (x86)\Common Files\DESIGNER\backup.exe"C:\Program Files (x86)\Common Files\DESIGNER\backup.exe" C:\Program Files (x86)\Common Files\DESIGNER\6⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\6⤵
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe"C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe" C:\Program Files (x86)\Internet Explorer\de-DE\6⤵
-
-
-
C:\Program Files (x86)\Microsoft Analysis Services\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\5⤵
-
-
C:\Program Files (x86)\Microsoft Office\backup.exe"C:\Program Files (x86)\Microsoft Office\backup.exe" C:\Program Files (x86)\Microsoft Office\5⤵
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\update.exeC:\Users\Admin\update.exe C:\Users\Admin\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Users\Admin\Contacts\update.exeC:\Users\Admin\Contacts\update.exe C:\Users\Admin\Contacts\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
-
-
C:\Users\Admin\Favorites\backup.exeC:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\6⤵
-
-
C:\Users\Admin\Links\backup.exeC:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\6⤵
-
-
C:\Users\Admin\Music\backup.exeC:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\6⤵
-
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Users\Public\Documents\backup.exeC:\Users\Public\Documents\backup.exe C:\Users\Public\Documents\6⤵
-
-
C:\Users\Public\Downloads\backup.exeC:\Users\Public\Downloads\backup.exe C:\Users\Public\Downloads\6⤵
-
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Windows\AppCompat\backup.exeC:\Windows\AppCompat\backup.exe C:\Windows\AppCompat\5⤵
-
-
C:\Windows\AppPatch\backup.exeC:\Windows\AppPatch\backup.exe C:\Windows\AppPatch\5⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeC:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD5aa1e97399d2309ee459bdd0efb8c1fdb
SHA1a1be8aa073fb39bb13d7a20dd30d153ec1512ba1
SHA256b81ff812b3dfe207dc840461e04b7f578c0a935352add3a33fbd6b7cdc52cb3e
SHA512712e4445a70b7522885baa8ce3cb32b308362bed23865acba589942c410a13ac69f66344637d048d072df8ea6bf34a12d96d6daab077dafc3e4e7e690c2b603d
-
Filesize
72KB
MD5fad5f3c5313fb237ec348a0656dc4ddd
SHA1f0976fb0b0d9c06f185283cf190574dfc6bcdb55
SHA256bf7431168e734d25d0a754a7c81049f8d78d68844367a2b9abce3294b2f56a8a
SHA512cc2507fae938bf14c44bcdda5b817f2f9e76804df10238aa2f0128eebf00e58ceaa3c1519ef822049c4cc9d3ba30d213b0f4448c330838c2d690c2884d3b080c
-
Filesize
72KB
MD5fad5f3c5313fb237ec348a0656dc4ddd
SHA1f0976fb0b0d9c06f185283cf190574dfc6bcdb55
SHA256bf7431168e734d25d0a754a7c81049f8d78d68844367a2b9abce3294b2f56a8a
SHA512cc2507fae938bf14c44bcdda5b817f2f9e76804df10238aa2f0128eebf00e58ceaa3c1519ef822049c4cc9d3ba30d213b0f4448c330838c2d690c2884d3b080c
-
Filesize
72KB
MD5c673741f3af96dede829dd8e329ac0c7
SHA1170fbc645739dd0bb3a0a3a9ae7d10ada0282257
SHA25608849557ce8a88057f26fdeb896c54d0574e5adb9941d7356158fd7ad2a438dd
SHA51218dbb90c2cf841b0c0bb9049e7408e61bcdd7e86f1570b85556e9ba07b4969e44aa1a5f07dd2dabfa0d33f74053d34fa988d02d1d01f294fd24f5159c0b81c7a
-
Filesize
72KB
MD515fb47c577aea2895d1e417674aa858d
SHA1982db36c5cb12b1636ad9a2c7d5e56d45fed55bd
SHA2569db565629d0fdfbb4e9dd251084ceb28f80cbb5d809adbf530627965caccc836
SHA5122a08ca34068e42bf7d2be192f21aaf0abbae7244ca919535e7d4c8bfbf0b73411eca8391f4ea79147ed09ab6abc6db9116d6b7ac5424b4361f94b9c184b8e09b
-
Filesize
72KB
MD5a5cb73601422af8dc55f82a38e921bde
SHA115e58b4711bc8bed0bb1d4fa5fc9e53d1ff5f3ba
SHA256537a7d977d8fa1062b28526b578b81717f1837370f4445eb14b22644f647caa4
SHA51294519df9165cc5466d0457ddd9bf6c0b71c9453e53a1db74929073c992418e2d70f8073cecd73bb722425d44ad7a22a45caeda2b047a02a34591c86fd467d1d4
-
Filesize
72KB
MD5a5cb73601422af8dc55f82a38e921bde
SHA115e58b4711bc8bed0bb1d4fa5fc9e53d1ff5f3ba
SHA256537a7d977d8fa1062b28526b578b81717f1837370f4445eb14b22644f647caa4
SHA51294519df9165cc5466d0457ddd9bf6c0b71c9453e53a1db74929073c992418e2d70f8073cecd73bb722425d44ad7a22a45caeda2b047a02a34591c86fd467d1d4
-
Filesize
72KB
MD5fe0f3cd0fd101ca9fb13f4986c00d4f4
SHA177e29f9c908864003154b91b65118ac3bb95405b
SHA2568e463f25083418b773c1ed7cc7204213e72e52c2d11af44080465c0d5763a7ce
SHA51242075edc2f812815c9f7dc34c3a39d581ffdc993eb79071a9f5689845a82086b973aaf1d795350045aec8e6ef97a2b9abe9c6e901c2c1d7c6bf572ea0576751f
-
Filesize
72KB
MD561b71f06b49208a5ece19aa861e15aab
SHA1cf9a30a63cf9b0a36714567928f8d538450da032
SHA25624b3476e15c1cd9b33d1525d63dc5d808c7744bbc5ed25c0ec04b5859af4fe80
SHA512e89f081b87fbd6bbc8b58e41ea12c5d342020feb073bda96fae4e7b2ac776051acf6b36b9f369387d56c25d2c84d86c7a71ea6cfc93fc3026dc7369cdb7183ea
-
Filesize
72KB
MD561b71f06b49208a5ece19aa861e15aab
SHA1cf9a30a63cf9b0a36714567928f8d538450da032
SHA25624b3476e15c1cd9b33d1525d63dc5d808c7744bbc5ed25c0ec04b5859af4fe80
SHA512e89f081b87fbd6bbc8b58e41ea12c5d342020feb073bda96fae4e7b2ac776051acf6b36b9f369387d56c25d2c84d86c7a71ea6cfc93fc3026dc7369cdb7183ea
-
Filesize
72KB
MD5e9da30395afa08f64205b34786329959
SHA172a326d86c08c377c1fb09a8e9e59fed259316b7
SHA25680c29cd0647d3843cec43c6dd72cd6fee1c5815907c36936e5d37fa434376624
SHA5127b7592afe87d10ad1be0e10ab79bd97ac8bee780fad24f6b14bf0cc8ca778fca4e67e3a46bc3f46907cc431784e29a72d726c923c5bba4330a35ae89b400eb14
-
Filesize
72KB
MD50765c9ddc5e6ed3247beea3acff9b02c
SHA1651b19cf42b28ec9a5b7308223c8555160f50b94
SHA2561f5ad20ea2b69d8eb2eef4fb9f675865a4c9e86d271bdfa50c9c2a9ccc83c104
SHA512e3f7451f9aeaca7e44ba41e23102d44460e10ab163d8c329b4bf9ccb3c4b1af02cb85103ba4920f2b1341fa6e7bb8192aaf441e04be1bc283daecee655142506
-
Filesize
72KB
MD50765c9ddc5e6ed3247beea3acff9b02c
SHA1651b19cf42b28ec9a5b7308223c8555160f50b94
SHA2561f5ad20ea2b69d8eb2eef4fb9f675865a4c9e86d271bdfa50c9c2a9ccc83c104
SHA512e3f7451f9aeaca7e44ba41e23102d44460e10ab163d8c329b4bf9ccb3c4b1af02cb85103ba4920f2b1341fa6e7bb8192aaf441e04be1bc283daecee655142506
-
Filesize
72KB
MD5fc9eca7a879d56e92be57d6ee1ab618d
SHA1b060a8b2d0ec12e82cba934de6ad3570b0e46848
SHA256d22c1d255e55f9f4ff4b27e3112debe2885ae1390d347db352c318cca43d2f8e
SHA512af1dcbf80a34d1e86ef08a593025b0c2fde4246996e1dd7a7941daff7f86ef21ec1aa71a30d8eb930edb452da145d9b5ff10795b2e9f3aa4dde0ded4f3643fa3
-
Filesize
72KB
MD5fad5f3c5313fb237ec348a0656dc4ddd
SHA1f0976fb0b0d9c06f185283cf190574dfc6bcdb55
SHA256bf7431168e734d25d0a754a7c81049f8d78d68844367a2b9abce3294b2f56a8a
SHA512cc2507fae938bf14c44bcdda5b817f2f9e76804df10238aa2f0128eebf00e58ceaa3c1519ef822049c4cc9d3ba30d213b0f4448c330838c2d690c2884d3b080c
-
Filesize
72KB
MD5fad5f3c5313fb237ec348a0656dc4ddd
SHA1f0976fb0b0d9c06f185283cf190574dfc6bcdb55
SHA256bf7431168e734d25d0a754a7c81049f8d78d68844367a2b9abce3294b2f56a8a
SHA512cc2507fae938bf14c44bcdda5b817f2f9e76804df10238aa2f0128eebf00e58ceaa3c1519ef822049c4cc9d3ba30d213b0f4448c330838c2d690c2884d3b080c
-
Filesize
72KB
MD5442ff2e694519488128741a8b75bfd9f
SHA1e5e9645a85f7285fdc63f8cee101dfe55c06f2e1
SHA2562683a2776579a50101ec38b1ce4575843cd4b0fd58f8690b96f3011eb5fd90f6
SHA51243c062c87d704a987e095d5799077eed5661dbb1072385ffb3a4d86146b51010fe5aab8ca1472864d0a1b70d54da251315aefc9926ba914122ef488348e7f3f2
-
Filesize
72KB
MD5442ff2e694519488128741a8b75bfd9f
SHA1e5e9645a85f7285fdc63f8cee101dfe55c06f2e1
SHA2562683a2776579a50101ec38b1ce4575843cd4b0fd58f8690b96f3011eb5fd90f6
SHA51243c062c87d704a987e095d5799077eed5661dbb1072385ffb3a4d86146b51010fe5aab8ca1472864d0a1b70d54da251315aefc9926ba914122ef488348e7f3f2
-
Filesize
72KB
MD5442ff2e694519488128741a8b75bfd9f
SHA1e5e9645a85f7285fdc63f8cee101dfe55c06f2e1
SHA2562683a2776579a50101ec38b1ce4575843cd4b0fd58f8690b96f3011eb5fd90f6
SHA51243c062c87d704a987e095d5799077eed5661dbb1072385ffb3a4d86146b51010fe5aab8ca1472864d0a1b70d54da251315aefc9926ba914122ef488348e7f3f2
-
Filesize
72KB
MD5442ff2e694519488128741a8b75bfd9f
SHA1e5e9645a85f7285fdc63f8cee101dfe55c06f2e1
SHA2562683a2776579a50101ec38b1ce4575843cd4b0fd58f8690b96f3011eb5fd90f6
SHA51243c062c87d704a987e095d5799077eed5661dbb1072385ffb3a4d86146b51010fe5aab8ca1472864d0a1b70d54da251315aefc9926ba914122ef488348e7f3f2
-
Filesize
72KB
MD5442ff2e694519488128741a8b75bfd9f
SHA1e5e9645a85f7285fdc63f8cee101dfe55c06f2e1
SHA2562683a2776579a50101ec38b1ce4575843cd4b0fd58f8690b96f3011eb5fd90f6
SHA51243c062c87d704a987e095d5799077eed5661dbb1072385ffb3a4d86146b51010fe5aab8ca1472864d0a1b70d54da251315aefc9926ba914122ef488348e7f3f2
-
Filesize
72KB
MD5442ff2e694519488128741a8b75bfd9f
SHA1e5e9645a85f7285fdc63f8cee101dfe55c06f2e1
SHA2562683a2776579a50101ec38b1ce4575843cd4b0fd58f8690b96f3011eb5fd90f6
SHA51243c062c87d704a987e095d5799077eed5661dbb1072385ffb3a4d86146b51010fe5aab8ca1472864d0a1b70d54da251315aefc9926ba914122ef488348e7f3f2
-
Filesize
72KB
MD5442ff2e694519488128741a8b75bfd9f
SHA1e5e9645a85f7285fdc63f8cee101dfe55c06f2e1
SHA2562683a2776579a50101ec38b1ce4575843cd4b0fd58f8690b96f3011eb5fd90f6
SHA51243c062c87d704a987e095d5799077eed5661dbb1072385ffb3a4d86146b51010fe5aab8ca1472864d0a1b70d54da251315aefc9926ba914122ef488348e7f3f2
-
Filesize
72KB
MD5442ff2e694519488128741a8b75bfd9f
SHA1e5e9645a85f7285fdc63f8cee101dfe55c06f2e1
SHA2562683a2776579a50101ec38b1ce4575843cd4b0fd58f8690b96f3011eb5fd90f6
SHA51243c062c87d704a987e095d5799077eed5661dbb1072385ffb3a4d86146b51010fe5aab8ca1472864d0a1b70d54da251315aefc9926ba914122ef488348e7f3f2
-
Filesize
72KB
MD5be25fa39aede3c36b926a7d014d70bea
SHA138340879eb4dcc484114f4369948852167d24607
SHA256f96047ff5cdec32221490d738c8fca5173f22b6ccc60fdcd21733d02556352ef
SHA512fc369938ad98a5d80269486f8bd7bd01023213f0c959241332c559c2cb46c4b73dd4969ad6eaf1e2d9ceff988cec5be200d24898083f34da99b265eeaac4e053
-
Filesize
72KB
MD5be25fa39aede3c36b926a7d014d70bea
SHA138340879eb4dcc484114f4369948852167d24607
SHA256f96047ff5cdec32221490d738c8fca5173f22b6ccc60fdcd21733d02556352ef
SHA512fc369938ad98a5d80269486f8bd7bd01023213f0c959241332c559c2cb46c4b73dd4969ad6eaf1e2d9ceff988cec5be200d24898083f34da99b265eeaac4e053
-
Filesize
72KB
MD5aa1e97399d2309ee459bdd0efb8c1fdb
SHA1a1be8aa073fb39bb13d7a20dd30d153ec1512ba1
SHA256b81ff812b3dfe207dc840461e04b7f578c0a935352add3a33fbd6b7cdc52cb3e
SHA512712e4445a70b7522885baa8ce3cb32b308362bed23865acba589942c410a13ac69f66344637d048d072df8ea6bf34a12d96d6daab077dafc3e4e7e690c2b603d
-
Filesize
72KB
MD5aa1e97399d2309ee459bdd0efb8c1fdb
SHA1a1be8aa073fb39bb13d7a20dd30d153ec1512ba1
SHA256b81ff812b3dfe207dc840461e04b7f578c0a935352add3a33fbd6b7cdc52cb3e
SHA512712e4445a70b7522885baa8ce3cb32b308362bed23865acba589942c410a13ac69f66344637d048d072df8ea6bf34a12d96d6daab077dafc3e4e7e690c2b603d
-
Filesize
72KB
MD5fad5f3c5313fb237ec348a0656dc4ddd
SHA1f0976fb0b0d9c06f185283cf190574dfc6bcdb55
SHA256bf7431168e734d25d0a754a7c81049f8d78d68844367a2b9abce3294b2f56a8a
SHA512cc2507fae938bf14c44bcdda5b817f2f9e76804df10238aa2f0128eebf00e58ceaa3c1519ef822049c4cc9d3ba30d213b0f4448c330838c2d690c2884d3b080c
-
Filesize
72KB
MD5fad5f3c5313fb237ec348a0656dc4ddd
SHA1f0976fb0b0d9c06f185283cf190574dfc6bcdb55
SHA256bf7431168e734d25d0a754a7c81049f8d78d68844367a2b9abce3294b2f56a8a
SHA512cc2507fae938bf14c44bcdda5b817f2f9e76804df10238aa2f0128eebf00e58ceaa3c1519ef822049c4cc9d3ba30d213b0f4448c330838c2d690c2884d3b080c
-
Filesize
72KB
MD5c673741f3af96dede829dd8e329ac0c7
SHA1170fbc645739dd0bb3a0a3a9ae7d10ada0282257
SHA25608849557ce8a88057f26fdeb896c54d0574e5adb9941d7356158fd7ad2a438dd
SHA51218dbb90c2cf841b0c0bb9049e7408e61bcdd7e86f1570b85556e9ba07b4969e44aa1a5f07dd2dabfa0d33f74053d34fa988d02d1d01f294fd24f5159c0b81c7a
-
Filesize
72KB
MD5c673741f3af96dede829dd8e329ac0c7
SHA1170fbc645739dd0bb3a0a3a9ae7d10ada0282257
SHA25608849557ce8a88057f26fdeb896c54d0574e5adb9941d7356158fd7ad2a438dd
SHA51218dbb90c2cf841b0c0bb9049e7408e61bcdd7e86f1570b85556e9ba07b4969e44aa1a5f07dd2dabfa0d33f74053d34fa988d02d1d01f294fd24f5159c0b81c7a
-
Filesize
72KB
MD515fb47c577aea2895d1e417674aa858d
SHA1982db36c5cb12b1636ad9a2c7d5e56d45fed55bd
SHA2569db565629d0fdfbb4e9dd251084ceb28f80cbb5d809adbf530627965caccc836
SHA5122a08ca34068e42bf7d2be192f21aaf0abbae7244ca919535e7d4c8bfbf0b73411eca8391f4ea79147ed09ab6abc6db9116d6b7ac5424b4361f94b9c184b8e09b
-
Filesize
72KB
MD515fb47c577aea2895d1e417674aa858d
SHA1982db36c5cb12b1636ad9a2c7d5e56d45fed55bd
SHA2569db565629d0fdfbb4e9dd251084ceb28f80cbb5d809adbf530627965caccc836
SHA5122a08ca34068e42bf7d2be192f21aaf0abbae7244ca919535e7d4c8bfbf0b73411eca8391f4ea79147ed09ab6abc6db9116d6b7ac5424b4361f94b9c184b8e09b
-
Filesize
72KB
MD5a5cb73601422af8dc55f82a38e921bde
SHA115e58b4711bc8bed0bb1d4fa5fc9e53d1ff5f3ba
SHA256537a7d977d8fa1062b28526b578b81717f1837370f4445eb14b22644f647caa4
SHA51294519df9165cc5466d0457ddd9bf6c0b71c9453e53a1db74929073c992418e2d70f8073cecd73bb722425d44ad7a22a45caeda2b047a02a34591c86fd467d1d4
-
Filesize
72KB
MD5a5cb73601422af8dc55f82a38e921bde
SHA115e58b4711bc8bed0bb1d4fa5fc9e53d1ff5f3ba
SHA256537a7d977d8fa1062b28526b578b81717f1837370f4445eb14b22644f647caa4
SHA51294519df9165cc5466d0457ddd9bf6c0b71c9453e53a1db74929073c992418e2d70f8073cecd73bb722425d44ad7a22a45caeda2b047a02a34591c86fd467d1d4
-
Filesize
72KB
MD5fe0f3cd0fd101ca9fb13f4986c00d4f4
SHA177e29f9c908864003154b91b65118ac3bb95405b
SHA2568e463f25083418b773c1ed7cc7204213e72e52c2d11af44080465c0d5763a7ce
SHA51242075edc2f812815c9f7dc34c3a39d581ffdc993eb79071a9f5689845a82086b973aaf1d795350045aec8e6ef97a2b9abe9c6e901c2c1d7c6bf572ea0576751f
-
Filesize
72KB
MD5fe0f3cd0fd101ca9fb13f4986c00d4f4
SHA177e29f9c908864003154b91b65118ac3bb95405b
SHA2568e463f25083418b773c1ed7cc7204213e72e52c2d11af44080465c0d5763a7ce
SHA51242075edc2f812815c9f7dc34c3a39d581ffdc993eb79071a9f5689845a82086b973aaf1d795350045aec8e6ef97a2b9abe9c6e901c2c1d7c6bf572ea0576751f
-
Filesize
72KB
MD561b71f06b49208a5ece19aa861e15aab
SHA1cf9a30a63cf9b0a36714567928f8d538450da032
SHA25624b3476e15c1cd9b33d1525d63dc5d808c7744bbc5ed25c0ec04b5859af4fe80
SHA512e89f081b87fbd6bbc8b58e41ea12c5d342020feb073bda96fae4e7b2ac776051acf6b36b9f369387d56c25d2c84d86c7a71ea6cfc93fc3026dc7369cdb7183ea
-
Filesize
72KB
MD561b71f06b49208a5ece19aa861e15aab
SHA1cf9a30a63cf9b0a36714567928f8d538450da032
SHA25624b3476e15c1cd9b33d1525d63dc5d808c7744bbc5ed25c0ec04b5859af4fe80
SHA512e89f081b87fbd6bbc8b58e41ea12c5d342020feb073bda96fae4e7b2ac776051acf6b36b9f369387d56c25d2c84d86c7a71ea6cfc93fc3026dc7369cdb7183ea
-
Filesize
72KB
MD50783ad90b78614bfd1c49f2892b57d04
SHA18f950f1d69033ef2e22965b94aa1d94ca569e194
SHA25685a10d518d924583a31fdcf98bc3e671652f6c365349975b7890ba77b2e188d0
SHA5122b8d59003a2d452119430febe3c99012bc63cf9e8758a0c2bd54a6f1095a8734563b7df5a7c3fd14e11239bcfc34300d9b8a958ee67cad1f2a7ab55543fb223e
-
Filesize
72KB
MD5e9da30395afa08f64205b34786329959
SHA172a326d86c08c377c1fb09a8e9e59fed259316b7
SHA25680c29cd0647d3843cec43c6dd72cd6fee1c5815907c36936e5d37fa434376624
SHA5127b7592afe87d10ad1be0e10ab79bd97ac8bee780fad24f6b14bf0cc8ca778fca4e67e3a46bc3f46907cc431784e29a72d726c923c5bba4330a35ae89b400eb14
-
Filesize
72KB
MD5e9da30395afa08f64205b34786329959
SHA172a326d86c08c377c1fb09a8e9e59fed259316b7
SHA25680c29cd0647d3843cec43c6dd72cd6fee1c5815907c36936e5d37fa434376624
SHA5127b7592afe87d10ad1be0e10ab79bd97ac8bee780fad24f6b14bf0cc8ca778fca4e67e3a46bc3f46907cc431784e29a72d726c923c5bba4330a35ae89b400eb14
-
Filesize
72KB
MD50765c9ddc5e6ed3247beea3acff9b02c
SHA1651b19cf42b28ec9a5b7308223c8555160f50b94
SHA2561f5ad20ea2b69d8eb2eef4fb9f675865a4c9e86d271bdfa50c9c2a9ccc83c104
SHA512e3f7451f9aeaca7e44ba41e23102d44460e10ab163d8c329b4bf9ccb3c4b1af02cb85103ba4920f2b1341fa6e7bb8192aaf441e04be1bc283daecee655142506
-
Filesize
72KB
MD50765c9ddc5e6ed3247beea3acff9b02c
SHA1651b19cf42b28ec9a5b7308223c8555160f50b94
SHA2561f5ad20ea2b69d8eb2eef4fb9f675865a4c9e86d271bdfa50c9c2a9ccc83c104
SHA512e3f7451f9aeaca7e44ba41e23102d44460e10ab163d8c329b4bf9ccb3c4b1af02cb85103ba4920f2b1341fa6e7bb8192aaf441e04be1bc283daecee655142506
-
Filesize
72KB
MD5fc9eca7a879d56e92be57d6ee1ab618d
SHA1b060a8b2d0ec12e82cba934de6ad3570b0e46848
SHA256d22c1d255e55f9f4ff4b27e3112debe2885ae1390d347db352c318cca43d2f8e
SHA512af1dcbf80a34d1e86ef08a593025b0c2fde4246996e1dd7a7941daff7f86ef21ec1aa71a30d8eb930edb452da145d9b5ff10795b2e9f3aa4dde0ded4f3643fa3
-
Filesize
72KB
MD5fc9eca7a879d56e92be57d6ee1ab618d
SHA1b060a8b2d0ec12e82cba934de6ad3570b0e46848
SHA256d22c1d255e55f9f4ff4b27e3112debe2885ae1390d347db352c318cca43d2f8e
SHA512af1dcbf80a34d1e86ef08a593025b0c2fde4246996e1dd7a7941daff7f86ef21ec1aa71a30d8eb930edb452da145d9b5ff10795b2e9f3aa4dde0ded4f3643fa3
-
Filesize
72KB
MD539fe4b31d5c891d7122ead7196ad7ce1
SHA137d79987fb966afd9c15fc027c4463714ef0a722
SHA2569c950061f07e928b2a0a28c08388fb71d02f9b2cd5cd0d3acd6ad13e9ee670a5
SHA512b236cabf782bfb47f594718add54106fdd1f895461f06dea20431b2edbc562f569852e565b201d7eb51c231f92f0fd27943e462e2b4a2d20acc69ddf07035492
-
Filesize
72KB
MD5fad5f3c5313fb237ec348a0656dc4ddd
SHA1f0976fb0b0d9c06f185283cf190574dfc6bcdb55
SHA256bf7431168e734d25d0a754a7c81049f8d78d68844367a2b9abce3294b2f56a8a
SHA512cc2507fae938bf14c44bcdda5b817f2f9e76804df10238aa2f0128eebf00e58ceaa3c1519ef822049c4cc9d3ba30d213b0f4448c330838c2d690c2884d3b080c
-
Filesize
72KB
MD5fad5f3c5313fb237ec348a0656dc4ddd
SHA1f0976fb0b0d9c06f185283cf190574dfc6bcdb55
SHA256bf7431168e734d25d0a754a7c81049f8d78d68844367a2b9abce3294b2f56a8a
SHA512cc2507fae938bf14c44bcdda5b817f2f9e76804df10238aa2f0128eebf00e58ceaa3c1519ef822049c4cc9d3ba30d213b0f4448c330838c2d690c2884d3b080c
-
Filesize
72KB
MD5442ff2e694519488128741a8b75bfd9f
SHA1e5e9645a85f7285fdc63f8cee101dfe55c06f2e1
SHA2562683a2776579a50101ec38b1ce4575843cd4b0fd58f8690b96f3011eb5fd90f6
SHA51243c062c87d704a987e095d5799077eed5661dbb1072385ffb3a4d86146b51010fe5aab8ca1472864d0a1b70d54da251315aefc9926ba914122ef488348e7f3f2
-
Filesize
72KB
MD5442ff2e694519488128741a8b75bfd9f
SHA1e5e9645a85f7285fdc63f8cee101dfe55c06f2e1
SHA2562683a2776579a50101ec38b1ce4575843cd4b0fd58f8690b96f3011eb5fd90f6
SHA51243c062c87d704a987e095d5799077eed5661dbb1072385ffb3a4d86146b51010fe5aab8ca1472864d0a1b70d54da251315aefc9926ba914122ef488348e7f3f2
-
Filesize
72KB
MD5442ff2e694519488128741a8b75bfd9f
SHA1e5e9645a85f7285fdc63f8cee101dfe55c06f2e1
SHA2562683a2776579a50101ec38b1ce4575843cd4b0fd58f8690b96f3011eb5fd90f6
SHA51243c062c87d704a987e095d5799077eed5661dbb1072385ffb3a4d86146b51010fe5aab8ca1472864d0a1b70d54da251315aefc9926ba914122ef488348e7f3f2
-
Filesize
72KB
MD5442ff2e694519488128741a8b75bfd9f
SHA1e5e9645a85f7285fdc63f8cee101dfe55c06f2e1
SHA2562683a2776579a50101ec38b1ce4575843cd4b0fd58f8690b96f3011eb5fd90f6
SHA51243c062c87d704a987e095d5799077eed5661dbb1072385ffb3a4d86146b51010fe5aab8ca1472864d0a1b70d54da251315aefc9926ba914122ef488348e7f3f2
-
Filesize
72KB
MD5442ff2e694519488128741a8b75bfd9f
SHA1e5e9645a85f7285fdc63f8cee101dfe55c06f2e1
SHA2562683a2776579a50101ec38b1ce4575843cd4b0fd58f8690b96f3011eb5fd90f6
SHA51243c062c87d704a987e095d5799077eed5661dbb1072385ffb3a4d86146b51010fe5aab8ca1472864d0a1b70d54da251315aefc9926ba914122ef488348e7f3f2
-
Filesize
72KB
MD5442ff2e694519488128741a8b75bfd9f
SHA1e5e9645a85f7285fdc63f8cee101dfe55c06f2e1
SHA2562683a2776579a50101ec38b1ce4575843cd4b0fd58f8690b96f3011eb5fd90f6
SHA51243c062c87d704a987e095d5799077eed5661dbb1072385ffb3a4d86146b51010fe5aab8ca1472864d0a1b70d54da251315aefc9926ba914122ef488348e7f3f2
-
Filesize
72KB
MD5442ff2e694519488128741a8b75bfd9f
SHA1e5e9645a85f7285fdc63f8cee101dfe55c06f2e1
SHA2562683a2776579a50101ec38b1ce4575843cd4b0fd58f8690b96f3011eb5fd90f6
SHA51243c062c87d704a987e095d5799077eed5661dbb1072385ffb3a4d86146b51010fe5aab8ca1472864d0a1b70d54da251315aefc9926ba914122ef488348e7f3f2
-
Filesize
72KB
MD5442ff2e694519488128741a8b75bfd9f
SHA1e5e9645a85f7285fdc63f8cee101dfe55c06f2e1
SHA2562683a2776579a50101ec38b1ce4575843cd4b0fd58f8690b96f3011eb5fd90f6
SHA51243c062c87d704a987e095d5799077eed5661dbb1072385ffb3a4d86146b51010fe5aab8ca1472864d0a1b70d54da251315aefc9926ba914122ef488348e7f3f2
-
Filesize
72KB
MD5442ff2e694519488128741a8b75bfd9f
SHA1e5e9645a85f7285fdc63f8cee101dfe55c06f2e1
SHA2562683a2776579a50101ec38b1ce4575843cd4b0fd58f8690b96f3011eb5fd90f6
SHA51243c062c87d704a987e095d5799077eed5661dbb1072385ffb3a4d86146b51010fe5aab8ca1472864d0a1b70d54da251315aefc9926ba914122ef488348e7f3f2
-
Filesize
72KB
MD5442ff2e694519488128741a8b75bfd9f
SHA1e5e9645a85f7285fdc63f8cee101dfe55c06f2e1
SHA2562683a2776579a50101ec38b1ce4575843cd4b0fd58f8690b96f3011eb5fd90f6
SHA51243c062c87d704a987e095d5799077eed5661dbb1072385ffb3a4d86146b51010fe5aab8ca1472864d0a1b70d54da251315aefc9926ba914122ef488348e7f3f2
-
Filesize
72KB
MD5442ff2e694519488128741a8b75bfd9f
SHA1e5e9645a85f7285fdc63f8cee101dfe55c06f2e1
SHA2562683a2776579a50101ec38b1ce4575843cd4b0fd58f8690b96f3011eb5fd90f6
SHA51243c062c87d704a987e095d5799077eed5661dbb1072385ffb3a4d86146b51010fe5aab8ca1472864d0a1b70d54da251315aefc9926ba914122ef488348e7f3f2
-
Filesize
72KB
MD5442ff2e694519488128741a8b75bfd9f
SHA1e5e9645a85f7285fdc63f8cee101dfe55c06f2e1
SHA2562683a2776579a50101ec38b1ce4575843cd4b0fd58f8690b96f3011eb5fd90f6
SHA51243c062c87d704a987e095d5799077eed5661dbb1072385ffb3a4d86146b51010fe5aab8ca1472864d0a1b70d54da251315aefc9926ba914122ef488348e7f3f2
-
Filesize
72KB
MD5442ff2e694519488128741a8b75bfd9f
SHA1e5e9645a85f7285fdc63f8cee101dfe55c06f2e1
SHA2562683a2776579a50101ec38b1ce4575843cd4b0fd58f8690b96f3011eb5fd90f6
SHA51243c062c87d704a987e095d5799077eed5661dbb1072385ffb3a4d86146b51010fe5aab8ca1472864d0a1b70d54da251315aefc9926ba914122ef488348e7f3f2
-
Filesize
72KB
MD5442ff2e694519488128741a8b75bfd9f
SHA1e5e9645a85f7285fdc63f8cee101dfe55c06f2e1
SHA2562683a2776579a50101ec38b1ce4575843cd4b0fd58f8690b96f3011eb5fd90f6
SHA51243c062c87d704a987e095d5799077eed5661dbb1072385ffb3a4d86146b51010fe5aab8ca1472864d0a1b70d54da251315aefc9926ba914122ef488348e7f3f2
-
Filesize
8KB
-
Filesize
8KB