Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
155s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
29/11/2022, 14:09
General
-
Target
679a58438174f2c33d3055f78d5b7aecab33ab27dd05d9b493f4b92a293da228.exe
-
Size
72KB
-
MD5
0969d0ee30a635aeddc825207bd0bfdd
-
SHA1
9dbe625a1a3ce90fc2c14f730bc709c6e95517ac
-
SHA256
679a58438174f2c33d3055f78d5b7aecab33ab27dd05d9b493f4b92a293da228
-
SHA512
1a53cd71b93549d6e6355dc92dea876b8d6afb9e997020ca257aa11214a2553ffc47bb89fb1c825b1c7e1986a8bacd0fee00c37d862a290ce8e70eb512ff5fa9
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2M:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrP4
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 63 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\679a58438174f2c33d3055f78d5b7aecab33ab27dd05d9b493f4b92a293da228.exe"C:\Users\Admin\AppData\Local\Temp\679a58438174f2c33d3055f78d5b7aecab33ab27dd05d9b493f4b92a293da228.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\2685127663\backup.exeC:\Users\Admin\AppData\Local\Temp\2685127663\backup.exe C:\Users\Admin\AppData\Local\Temp\2685127663\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\backup.exe\backup.exe \3⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\Admin\backup.exeC:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\data.exe"C:\Program Files\7-Zip\data.exe" C:\Program Files\7-Zip\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\backup.exe"C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\9⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\9⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\9⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\7⤵
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\SpeechEngines\backup.exe"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe"C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\7⤵
-
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
-
-
-
C:\Program Files\DVD Maker\backup.exe"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\DVD Maker\de-DE\backup.exe"C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\6⤵
-
-
C:\Program Files\DVD Maker\en-US\backup.exe"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\6⤵
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
-
-
C:\Program Files\Microsoft Games\backup.exe"C:\Program Files\Microsoft Games\backup.exe" C:\Program Files\Microsoft Games\5⤵
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files (x86)\Adobe\System Restore.exe"C:\Program Files (x86)\Adobe\System Restore.exe" C:\Program Files (x86)\Adobe\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\10⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\data.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\data.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\10⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\11⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\10⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\10⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\8⤵
-
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
-
-
C:\Program Files (x86)\Microsoft Analysis Services\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\5⤵
-
-
C:\Program Files (x86)\Microsoft Office\backup.exe"C:\Program Files (x86)\Microsoft Office\backup.exe" C:\Program Files (x86)\Microsoft Office\5⤵
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Windows directory
- System policy modification
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
-
-
C:\Windows\AppCompat\backup.exeC:\Windows\AppCompat\backup.exe C:\Windows\AppCompat\5⤵
-
-
C:\Windows\AppPatch\backup.exeC:\Windows\AppPatch\backup.exe C:\Windows\AppPatch\5⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeC:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD554c8f9bb5fd325a94bc46e65315cfb21
SHA1e473480dd648bb829a63b8947048755516261800
SHA2562b55a68e52d870e8a4127e233be7e29dc9bf8308cfc4f6db3c450a78c447b20b
SHA512020fab645875bf7364731842f21f70c7b98c4ad9a4108375ac0636b77d568429e63ec0474c29c23b96a1905742af15f8a6cdb7ab2bf218f440396cd09b570507
-
Filesize
72KB
MD5efd22b76ae061d5248770e3ece24f130
SHA19c755fe6c023fc35c95f47b9ea96fec38ab8ee33
SHA256bc3a3f1ba76f3def4567148e05ec49cd5a749f0c4ce663f348124abe3c97577c
SHA51267787e48e06d6bfd1b4ceed927aab229669762bfead665bea9cc0f97b5ce6e0c9dbe1e1a6e63cab88b3912c3f3eef400cea46a2e700f48a947bec0ef5fc7b3f8
-
Filesize
72KB
MD5efd22b76ae061d5248770e3ece24f130
SHA19c755fe6c023fc35c95f47b9ea96fec38ab8ee33
SHA256bc3a3f1ba76f3def4567148e05ec49cd5a749f0c4ce663f348124abe3c97577c
SHA51267787e48e06d6bfd1b4ceed927aab229669762bfead665bea9cc0f97b5ce6e0c9dbe1e1a6e63cab88b3912c3f3eef400cea46a2e700f48a947bec0ef5fc7b3f8
-
Filesize
72KB
MD5522cdafd754527c2884e842c34acc97f
SHA1740b9a203e713df4c08bb15543fd2d5ae17d0f48
SHA2564372049ee6f8646c3573314e455c612c001fc25948c731a2f17a76603aa621ff
SHA512eaf9204c75acdbbd522115b41f58fc3957b4bc63fb6e321a8acd7014a81d6c7556becd5c3618f73cf2cd347609372e701f38c7abcebace4e024ca6ddcc2161a8
-
Filesize
72KB
MD5acbf5726271d9260ea751f8a238a03dc
SHA14f1517d055fead9015379b1319e379e179c83274
SHA25659d3f20c948cb7a492b1bf9a86afbd3bf59b57d35d51513c051f8374054f9cc0
SHA512ff9da0e3d4e987c30db158a0365e796a7049e4ac0ccf3c8d2010818203318e6f297e177c33f53c42fcffda778e93ad16fb5765122c10c7ada6f827c3bd789544
-
Filesize
72KB
MD5acbf5726271d9260ea751f8a238a03dc
SHA14f1517d055fead9015379b1319e379e179c83274
SHA25659d3f20c948cb7a492b1bf9a86afbd3bf59b57d35d51513c051f8374054f9cc0
SHA512ff9da0e3d4e987c30db158a0365e796a7049e4ac0ccf3c8d2010818203318e6f297e177c33f53c42fcffda778e93ad16fb5765122c10c7ada6f827c3bd789544
-
Filesize
72KB
MD5e10199cfeb12f61a3bd9fb3e8d789c0d
SHA1e72ac1e06482d4e2d81aad48f3f46534a652a26d
SHA256d8ed2868cff392e9e35222fae46c7f17ce44eb070a0d47a5b9f3abd72c99d4b8
SHA5124963eea6f2aea1b1f9dd344c43241df747566a95d10c7a2087b80c56fceb091c14d3e5767035bf27e825aebe347c9996621611c748aa4ebbf7658f66c021ae0f
-
Filesize
72KB
MD5e10199cfeb12f61a3bd9fb3e8d789c0d
SHA1e72ac1e06482d4e2d81aad48f3f46534a652a26d
SHA256d8ed2868cff392e9e35222fae46c7f17ce44eb070a0d47a5b9f3abd72c99d4b8
SHA5124963eea6f2aea1b1f9dd344c43241df747566a95d10c7a2087b80c56fceb091c14d3e5767035bf27e825aebe347c9996621611c748aa4ebbf7658f66c021ae0f
-
Filesize
72KB
MD5406ab57ae50bde463152a81eaab7addf
SHA135da7a2bab36c4601aa55de8eaaebcd61ce2a0b6
SHA2566ef1b15f5d5b1206fcb2058b183dd957e1f5f813d798855b62df07f95311a5aa
SHA51290a3bfeef97ac4d140ed1a82f48b692f6898d30ac397b86eacbfe1c476ce2a554be1f6bdb21a82a606691789ce1babd69e67e8307e583767b1f5b2f6ffa2e33a
-
Filesize
72KB
MD5406ab57ae50bde463152a81eaab7addf
SHA135da7a2bab36c4601aa55de8eaaebcd61ce2a0b6
SHA2566ef1b15f5d5b1206fcb2058b183dd957e1f5f813d798855b62df07f95311a5aa
SHA51290a3bfeef97ac4d140ed1a82f48b692f6898d30ac397b86eacbfe1c476ce2a554be1f6bdb21a82a606691789ce1babd69e67e8307e583767b1f5b2f6ffa2e33a
-
Filesize
72KB
MD57a2799ebcd0b98ffdd1fe2b3773e9bcf
SHA144900f4bf9dc574f83b3a153c9a1b8931ba4fddb
SHA256c6d3e0ce84dd722a2051e02ea7db5fe7f8bef127fb188af3dffe2b8e58aa4c85
SHA512825ef5176b692a9b7ee2450d234e7aee140861e578be96c3f35672428846b427f01b3c035e9e173297ed02735b7b5c889b6b99b5eb6f87129a7db75b5e6994b9
-
Filesize
72KB
MD58ecd4377ad09d43812feac3d32f104c4
SHA142a6d8ff800dd1954459f3c7992ce9fd7478af5f
SHA256f3b34bf779f6ff7d94b2f24199ffd293b24776ca7fa42635fdf3194549876cfe
SHA512c3694d8dcf5019117197bb960e2c51556085e909972a24d465ce5544d0fc18007f6d54d5072591879c6f387c2e3c7def5d4f58298a890deb49754d28ec87e4f7
-
Filesize
72KB
MD58ecd4377ad09d43812feac3d32f104c4
SHA142a6d8ff800dd1954459f3c7992ce9fd7478af5f
SHA256f3b34bf779f6ff7d94b2f24199ffd293b24776ca7fa42635fdf3194549876cfe
SHA512c3694d8dcf5019117197bb960e2c51556085e909972a24d465ce5544d0fc18007f6d54d5072591879c6f387c2e3c7def5d4f58298a890deb49754d28ec87e4f7
-
Filesize
72KB
MD5bb4232c1a4ece65b29216b3bd0813309
SHA183d4ea1b7536a5bcfd0c7b7ba9e8a0d8c7a6a12f
SHA256a19b181bd2e28e7fba1d9707364b18b4119e91852d83a75777bf85dbce669065
SHA5127281eb02ac280454567b4598214951dfddff43c2f27db6a85dcaf40073ba6a35ca9ed21c087a46edf69b696255386ae8c531e203bac753d9e358cc9a5297615c
-
Filesize
72KB
MD58ecd4377ad09d43812feac3d32f104c4
SHA142a6d8ff800dd1954459f3c7992ce9fd7478af5f
SHA256f3b34bf779f6ff7d94b2f24199ffd293b24776ca7fa42635fdf3194549876cfe
SHA512c3694d8dcf5019117197bb960e2c51556085e909972a24d465ce5544d0fc18007f6d54d5072591879c6f387c2e3c7def5d4f58298a890deb49754d28ec87e4f7
-
Filesize
72KB
MD58ecd4377ad09d43812feac3d32f104c4
SHA142a6d8ff800dd1954459f3c7992ce9fd7478af5f
SHA256f3b34bf779f6ff7d94b2f24199ffd293b24776ca7fa42635fdf3194549876cfe
SHA512c3694d8dcf5019117197bb960e2c51556085e909972a24d465ce5544d0fc18007f6d54d5072591879c6f387c2e3c7def5d4f58298a890deb49754d28ec87e4f7
-
Filesize
72KB
MD51d214c044462e586e7a4287e7bca0754
SHA18eb270bd4c9560e96adfb3c61e70381dcadf91d5
SHA256cb1593b122d350ab0c9b7ca749086f5a1309e16ae3231ab6ca4ce6bfbcfd12e0
SHA512f64252cbeec6711025f875cea73545ae2c114f3e81dae89df50609397acacc2b46680f65fd0afb70686ec169dc95ea10fa4c7583f7ef6123cc7cd0b405931b14
-
Filesize
72KB
MD51d214c044462e586e7a4287e7bca0754
SHA18eb270bd4c9560e96adfb3c61e70381dcadf91d5
SHA256cb1593b122d350ab0c9b7ca749086f5a1309e16ae3231ab6ca4ce6bfbcfd12e0
SHA512f64252cbeec6711025f875cea73545ae2c114f3e81dae89df50609397acacc2b46680f65fd0afb70686ec169dc95ea10fa4c7583f7ef6123cc7cd0b405931b14
-
Filesize
72KB
MD56005ca52c8c7e14e9bdde8c1a5dc8cfb
SHA15150d80c8c80f5e5517165735658ba589e9bae08
SHA256832b7df118119bb323186ec7c242b63ebd09dae77c369c8f5a747d597acde14a
SHA512c69b5a8950b0ece2be25301f0967bbd311ac073bf2e84fd40d8232a582d147946c20f2711a1347e1f160777fc1bc564fd82d9e55cc802970e1d05b5ba362a825
-
Filesize
72KB
MD56005ca52c8c7e14e9bdde8c1a5dc8cfb
SHA15150d80c8c80f5e5517165735658ba589e9bae08
SHA256832b7df118119bb323186ec7c242b63ebd09dae77c369c8f5a747d597acde14a
SHA512c69b5a8950b0ece2be25301f0967bbd311ac073bf2e84fd40d8232a582d147946c20f2711a1347e1f160777fc1bc564fd82d9e55cc802970e1d05b5ba362a825
-
Filesize
72KB
MD572e9f82a0f834886e525aad988b6ac1f
SHA1c8887d881e8d59ee3a3b084c2c47df3a6317ae8a
SHA256101a39bede411cbb90013618ea5841175646766b50716d4b066a842ed1a62f48
SHA5121f0f5b8806b5c20cdd485511dc1e78e3b659cf6a8f6a133d5c6911b0f9df8760cbe421343e0595b9ffbc499a29a38cd1668b2176aee2e4a4c8ceb2216ca70166
-
Filesize
72KB
MD572e9f82a0f834886e525aad988b6ac1f
SHA1c8887d881e8d59ee3a3b084c2c47df3a6317ae8a
SHA256101a39bede411cbb90013618ea5841175646766b50716d4b066a842ed1a62f48
SHA5121f0f5b8806b5c20cdd485511dc1e78e3b659cf6a8f6a133d5c6911b0f9df8760cbe421343e0595b9ffbc499a29a38cd1668b2176aee2e4a4c8ceb2216ca70166
-
Filesize
72KB
MD572e9f82a0f834886e525aad988b6ac1f
SHA1c8887d881e8d59ee3a3b084c2c47df3a6317ae8a
SHA256101a39bede411cbb90013618ea5841175646766b50716d4b066a842ed1a62f48
SHA5121f0f5b8806b5c20cdd485511dc1e78e3b659cf6a8f6a133d5c6911b0f9df8760cbe421343e0595b9ffbc499a29a38cd1668b2176aee2e4a4c8ceb2216ca70166
-
Filesize
72KB
MD5be2d6ed1e7d41e8322cebfeb2341a2fd
SHA1a2334861a2535486dcb0a2c890307a303937883b
SHA256bf8e56ee58b3dd91b2dc012590318615ae6fd217648074408870fd56453ca37d
SHA5124ab52a21bb2e067def53ce8c3cdb03c582aba3fe584d25522f787edde9e98a31a9dd86ea8643931df72b19f6373bcbfd7d0bbd37590ff73327c3124f469a6b55
-
Filesize
72KB
MD56005ca52c8c7e14e9bdde8c1a5dc8cfb
SHA15150d80c8c80f5e5517165735658ba589e9bae08
SHA256832b7df118119bb323186ec7c242b63ebd09dae77c369c8f5a747d597acde14a
SHA512c69b5a8950b0ece2be25301f0967bbd311ac073bf2e84fd40d8232a582d147946c20f2711a1347e1f160777fc1bc564fd82d9e55cc802970e1d05b5ba362a825
-
Filesize
72KB
MD5fb8f291279f31547ccb3ad806b039628
SHA163ac02f33586132c9da5b6cd4b6030dae49ea4c7
SHA256d22688a5c0302b2d55dd9a378d907b7a62eb41ff1540f5bf299b7d3a4cf25c85
SHA51292b8741b52a5e4d908fd40dff6dba711b7f57cd0dbf453c311fdd7f51781ef972174a4679c5ac26313cde931109fcebe1b46dfd7e04150e314740844c15c0de5
-
Filesize
72KB
MD5ec18e7b824343d58fd6856bd5b162e05
SHA138be67276f9087bd3b7dd5395b4164e7ccb28b6c
SHA2563597f9516600893d6e2dbe512782ba270cc23b7dd6614351f8d54786abaf84f1
SHA5126d60cc1b1263729dea8599cf72f04338d7da12f3c793a5048b8753af50d2123a2c9f2753acb27f3e72a0fcf424fc6adedfaa18c54cb1c46c713b90d083bed18a
-
Filesize
72KB
MD5ec18e7b824343d58fd6856bd5b162e05
SHA138be67276f9087bd3b7dd5395b4164e7ccb28b6c
SHA2563597f9516600893d6e2dbe512782ba270cc23b7dd6614351f8d54786abaf84f1
SHA5126d60cc1b1263729dea8599cf72f04338d7da12f3c793a5048b8753af50d2123a2c9f2753acb27f3e72a0fcf424fc6adedfaa18c54cb1c46c713b90d083bed18a
-
Filesize
72KB
MD554c8f9bb5fd325a94bc46e65315cfb21
SHA1e473480dd648bb829a63b8947048755516261800
SHA2562b55a68e52d870e8a4127e233be7e29dc9bf8308cfc4f6db3c450a78c447b20b
SHA512020fab645875bf7364731842f21f70c7b98c4ad9a4108375ac0636b77d568429e63ec0474c29c23b96a1905742af15f8a6cdb7ab2bf218f440396cd09b570507
-
Filesize
72KB
MD554c8f9bb5fd325a94bc46e65315cfb21
SHA1e473480dd648bb829a63b8947048755516261800
SHA2562b55a68e52d870e8a4127e233be7e29dc9bf8308cfc4f6db3c450a78c447b20b
SHA512020fab645875bf7364731842f21f70c7b98c4ad9a4108375ac0636b77d568429e63ec0474c29c23b96a1905742af15f8a6cdb7ab2bf218f440396cd09b570507
-
Filesize
72KB
MD5efd22b76ae061d5248770e3ece24f130
SHA19c755fe6c023fc35c95f47b9ea96fec38ab8ee33
SHA256bc3a3f1ba76f3def4567148e05ec49cd5a749f0c4ce663f348124abe3c97577c
SHA51267787e48e06d6bfd1b4ceed927aab229669762bfead665bea9cc0f97b5ce6e0c9dbe1e1a6e63cab88b3912c3f3eef400cea46a2e700f48a947bec0ef5fc7b3f8
-
Filesize
72KB
MD5efd22b76ae061d5248770e3ece24f130
SHA19c755fe6c023fc35c95f47b9ea96fec38ab8ee33
SHA256bc3a3f1ba76f3def4567148e05ec49cd5a749f0c4ce663f348124abe3c97577c
SHA51267787e48e06d6bfd1b4ceed927aab229669762bfead665bea9cc0f97b5ce6e0c9dbe1e1a6e63cab88b3912c3f3eef400cea46a2e700f48a947bec0ef5fc7b3f8
-
Filesize
72KB
MD5522cdafd754527c2884e842c34acc97f
SHA1740b9a203e713df4c08bb15543fd2d5ae17d0f48
SHA2564372049ee6f8646c3573314e455c612c001fc25948c731a2f17a76603aa621ff
SHA512eaf9204c75acdbbd522115b41f58fc3957b4bc63fb6e321a8acd7014a81d6c7556becd5c3618f73cf2cd347609372e701f38c7abcebace4e024ca6ddcc2161a8
-
Filesize
72KB
MD5522cdafd754527c2884e842c34acc97f
SHA1740b9a203e713df4c08bb15543fd2d5ae17d0f48
SHA2564372049ee6f8646c3573314e455c612c001fc25948c731a2f17a76603aa621ff
SHA512eaf9204c75acdbbd522115b41f58fc3957b4bc63fb6e321a8acd7014a81d6c7556becd5c3618f73cf2cd347609372e701f38c7abcebace4e024ca6ddcc2161a8
-
Filesize
72KB
MD5acbf5726271d9260ea751f8a238a03dc
SHA14f1517d055fead9015379b1319e379e179c83274
SHA25659d3f20c948cb7a492b1bf9a86afbd3bf59b57d35d51513c051f8374054f9cc0
SHA512ff9da0e3d4e987c30db158a0365e796a7049e4ac0ccf3c8d2010818203318e6f297e177c33f53c42fcffda778e93ad16fb5765122c10c7ada6f827c3bd789544
-
Filesize
72KB
MD5acbf5726271d9260ea751f8a238a03dc
SHA14f1517d055fead9015379b1319e379e179c83274
SHA25659d3f20c948cb7a492b1bf9a86afbd3bf59b57d35d51513c051f8374054f9cc0
SHA512ff9da0e3d4e987c30db158a0365e796a7049e4ac0ccf3c8d2010818203318e6f297e177c33f53c42fcffda778e93ad16fb5765122c10c7ada6f827c3bd789544
-
Filesize
72KB
MD5e10199cfeb12f61a3bd9fb3e8d789c0d
SHA1e72ac1e06482d4e2d81aad48f3f46534a652a26d
SHA256d8ed2868cff392e9e35222fae46c7f17ce44eb070a0d47a5b9f3abd72c99d4b8
SHA5124963eea6f2aea1b1f9dd344c43241df747566a95d10c7a2087b80c56fceb091c14d3e5767035bf27e825aebe347c9996621611c748aa4ebbf7658f66c021ae0f
-
Filesize
72KB
MD5e10199cfeb12f61a3bd9fb3e8d789c0d
SHA1e72ac1e06482d4e2d81aad48f3f46534a652a26d
SHA256d8ed2868cff392e9e35222fae46c7f17ce44eb070a0d47a5b9f3abd72c99d4b8
SHA5124963eea6f2aea1b1f9dd344c43241df747566a95d10c7a2087b80c56fceb091c14d3e5767035bf27e825aebe347c9996621611c748aa4ebbf7658f66c021ae0f
-
Filesize
72KB
MD5406ab57ae50bde463152a81eaab7addf
SHA135da7a2bab36c4601aa55de8eaaebcd61ce2a0b6
SHA2566ef1b15f5d5b1206fcb2058b183dd957e1f5f813d798855b62df07f95311a5aa
SHA51290a3bfeef97ac4d140ed1a82f48b692f6898d30ac397b86eacbfe1c476ce2a554be1f6bdb21a82a606691789ce1babd69e67e8307e583767b1f5b2f6ffa2e33a
-
Filesize
72KB
MD5406ab57ae50bde463152a81eaab7addf
SHA135da7a2bab36c4601aa55de8eaaebcd61ce2a0b6
SHA2566ef1b15f5d5b1206fcb2058b183dd957e1f5f813d798855b62df07f95311a5aa
SHA51290a3bfeef97ac4d140ed1a82f48b692f6898d30ac397b86eacbfe1c476ce2a554be1f6bdb21a82a606691789ce1babd69e67e8307e583767b1f5b2f6ffa2e33a
-
Filesize
72KB
MD57a2799ebcd0b98ffdd1fe2b3773e9bcf
SHA144900f4bf9dc574f83b3a153c9a1b8931ba4fddb
SHA256c6d3e0ce84dd722a2051e02ea7db5fe7f8bef127fb188af3dffe2b8e58aa4c85
SHA512825ef5176b692a9b7ee2450d234e7aee140861e578be96c3f35672428846b427f01b3c035e9e173297ed02735b7b5c889b6b99b5eb6f87129a7db75b5e6994b9
-
Filesize
72KB
MD57a2799ebcd0b98ffdd1fe2b3773e9bcf
SHA144900f4bf9dc574f83b3a153c9a1b8931ba4fddb
SHA256c6d3e0ce84dd722a2051e02ea7db5fe7f8bef127fb188af3dffe2b8e58aa4c85
SHA512825ef5176b692a9b7ee2450d234e7aee140861e578be96c3f35672428846b427f01b3c035e9e173297ed02735b7b5c889b6b99b5eb6f87129a7db75b5e6994b9
-
Filesize
72KB
MD58ecd4377ad09d43812feac3d32f104c4
SHA142a6d8ff800dd1954459f3c7992ce9fd7478af5f
SHA256f3b34bf779f6ff7d94b2f24199ffd293b24776ca7fa42635fdf3194549876cfe
SHA512c3694d8dcf5019117197bb960e2c51556085e909972a24d465ce5544d0fc18007f6d54d5072591879c6f387c2e3c7def5d4f58298a890deb49754d28ec87e4f7
-
Filesize
72KB
MD58ecd4377ad09d43812feac3d32f104c4
SHA142a6d8ff800dd1954459f3c7992ce9fd7478af5f
SHA256f3b34bf779f6ff7d94b2f24199ffd293b24776ca7fa42635fdf3194549876cfe
SHA512c3694d8dcf5019117197bb960e2c51556085e909972a24d465ce5544d0fc18007f6d54d5072591879c6f387c2e3c7def5d4f58298a890deb49754d28ec87e4f7
-
Filesize
72KB
MD5bb4232c1a4ece65b29216b3bd0813309
SHA183d4ea1b7536a5bcfd0c7b7ba9e8a0d8c7a6a12f
SHA256a19b181bd2e28e7fba1d9707364b18b4119e91852d83a75777bf85dbce669065
SHA5127281eb02ac280454567b4598214951dfddff43c2f27db6a85dcaf40073ba6a35ca9ed21c087a46edf69b696255386ae8c531e203bac753d9e358cc9a5297615c
-
Filesize
72KB
MD5bb4232c1a4ece65b29216b3bd0813309
SHA183d4ea1b7536a5bcfd0c7b7ba9e8a0d8c7a6a12f
SHA256a19b181bd2e28e7fba1d9707364b18b4119e91852d83a75777bf85dbce669065
SHA5127281eb02ac280454567b4598214951dfddff43c2f27db6a85dcaf40073ba6a35ca9ed21c087a46edf69b696255386ae8c531e203bac753d9e358cc9a5297615c
-
Filesize
72KB
MD58ecd4377ad09d43812feac3d32f104c4
SHA142a6d8ff800dd1954459f3c7992ce9fd7478af5f
SHA256f3b34bf779f6ff7d94b2f24199ffd293b24776ca7fa42635fdf3194549876cfe
SHA512c3694d8dcf5019117197bb960e2c51556085e909972a24d465ce5544d0fc18007f6d54d5072591879c6f387c2e3c7def5d4f58298a890deb49754d28ec87e4f7
-
Filesize
72KB
MD58ecd4377ad09d43812feac3d32f104c4
SHA142a6d8ff800dd1954459f3c7992ce9fd7478af5f
SHA256f3b34bf779f6ff7d94b2f24199ffd293b24776ca7fa42635fdf3194549876cfe
SHA512c3694d8dcf5019117197bb960e2c51556085e909972a24d465ce5544d0fc18007f6d54d5072591879c6f387c2e3c7def5d4f58298a890deb49754d28ec87e4f7
-
Filesize
72KB
MD51d214c044462e586e7a4287e7bca0754
SHA18eb270bd4c9560e96adfb3c61e70381dcadf91d5
SHA256cb1593b122d350ab0c9b7ca749086f5a1309e16ae3231ab6ca4ce6bfbcfd12e0
SHA512f64252cbeec6711025f875cea73545ae2c114f3e81dae89df50609397acacc2b46680f65fd0afb70686ec169dc95ea10fa4c7583f7ef6123cc7cd0b405931b14
-
Filesize
72KB
MD51d214c044462e586e7a4287e7bca0754
SHA18eb270bd4c9560e96adfb3c61e70381dcadf91d5
SHA256cb1593b122d350ab0c9b7ca749086f5a1309e16ae3231ab6ca4ce6bfbcfd12e0
SHA512f64252cbeec6711025f875cea73545ae2c114f3e81dae89df50609397acacc2b46680f65fd0afb70686ec169dc95ea10fa4c7583f7ef6123cc7cd0b405931b14
-
Filesize
72KB
MD56005ca52c8c7e14e9bdde8c1a5dc8cfb
SHA15150d80c8c80f5e5517165735658ba589e9bae08
SHA256832b7df118119bb323186ec7c242b63ebd09dae77c369c8f5a747d597acde14a
SHA512c69b5a8950b0ece2be25301f0967bbd311ac073bf2e84fd40d8232a582d147946c20f2711a1347e1f160777fc1bc564fd82d9e55cc802970e1d05b5ba362a825
-
Filesize
72KB
MD56005ca52c8c7e14e9bdde8c1a5dc8cfb
SHA15150d80c8c80f5e5517165735658ba589e9bae08
SHA256832b7df118119bb323186ec7c242b63ebd09dae77c369c8f5a747d597acde14a
SHA512c69b5a8950b0ece2be25301f0967bbd311ac073bf2e84fd40d8232a582d147946c20f2711a1347e1f160777fc1bc564fd82d9e55cc802970e1d05b5ba362a825
-
Filesize
72KB
MD572e9f82a0f834886e525aad988b6ac1f
SHA1c8887d881e8d59ee3a3b084c2c47df3a6317ae8a
SHA256101a39bede411cbb90013618ea5841175646766b50716d4b066a842ed1a62f48
SHA5121f0f5b8806b5c20cdd485511dc1e78e3b659cf6a8f6a133d5c6911b0f9df8760cbe421343e0595b9ffbc499a29a38cd1668b2176aee2e4a4c8ceb2216ca70166
-
Filesize
72KB
MD572e9f82a0f834886e525aad988b6ac1f
SHA1c8887d881e8d59ee3a3b084c2c47df3a6317ae8a
SHA256101a39bede411cbb90013618ea5841175646766b50716d4b066a842ed1a62f48
SHA5121f0f5b8806b5c20cdd485511dc1e78e3b659cf6a8f6a133d5c6911b0f9df8760cbe421343e0595b9ffbc499a29a38cd1668b2176aee2e4a4c8ceb2216ca70166
-
Filesize
72KB
MD572e9f82a0f834886e525aad988b6ac1f
SHA1c8887d881e8d59ee3a3b084c2c47df3a6317ae8a
SHA256101a39bede411cbb90013618ea5841175646766b50716d4b066a842ed1a62f48
SHA5121f0f5b8806b5c20cdd485511dc1e78e3b659cf6a8f6a133d5c6911b0f9df8760cbe421343e0595b9ffbc499a29a38cd1668b2176aee2e4a4c8ceb2216ca70166
-
Filesize
72KB
MD572e9f82a0f834886e525aad988b6ac1f
SHA1c8887d881e8d59ee3a3b084c2c47df3a6317ae8a
SHA256101a39bede411cbb90013618ea5841175646766b50716d4b066a842ed1a62f48
SHA5121f0f5b8806b5c20cdd485511dc1e78e3b659cf6a8f6a133d5c6911b0f9df8760cbe421343e0595b9ffbc499a29a38cd1668b2176aee2e4a4c8ceb2216ca70166
-
Filesize
72KB
MD572e9f82a0f834886e525aad988b6ac1f
SHA1c8887d881e8d59ee3a3b084c2c47df3a6317ae8a
SHA256101a39bede411cbb90013618ea5841175646766b50716d4b066a842ed1a62f48
SHA5121f0f5b8806b5c20cdd485511dc1e78e3b659cf6a8f6a133d5c6911b0f9df8760cbe421343e0595b9ffbc499a29a38cd1668b2176aee2e4a4c8ceb2216ca70166
-
Filesize
72KB
MD572e9f82a0f834886e525aad988b6ac1f
SHA1c8887d881e8d59ee3a3b084c2c47df3a6317ae8a
SHA256101a39bede411cbb90013618ea5841175646766b50716d4b066a842ed1a62f48
SHA5121f0f5b8806b5c20cdd485511dc1e78e3b659cf6a8f6a133d5c6911b0f9df8760cbe421343e0595b9ffbc499a29a38cd1668b2176aee2e4a4c8ceb2216ca70166
-
Filesize
72KB
MD5be2d6ed1e7d41e8322cebfeb2341a2fd
SHA1a2334861a2535486dcb0a2c890307a303937883b
SHA256bf8e56ee58b3dd91b2dc012590318615ae6fd217648074408870fd56453ca37d
SHA5124ab52a21bb2e067def53ce8c3cdb03c582aba3fe584d25522f787edde9e98a31a9dd86ea8643931df72b19f6373bcbfd7d0bbd37590ff73327c3124f469a6b55
-
Filesize
72KB
MD5be2d6ed1e7d41e8322cebfeb2341a2fd
SHA1a2334861a2535486dcb0a2c890307a303937883b
SHA256bf8e56ee58b3dd91b2dc012590318615ae6fd217648074408870fd56453ca37d
SHA5124ab52a21bb2e067def53ce8c3cdb03c582aba3fe584d25522f787edde9e98a31a9dd86ea8643931df72b19f6373bcbfd7d0bbd37590ff73327c3124f469a6b55
-
Filesize
72KB
MD56005ca52c8c7e14e9bdde8c1a5dc8cfb
SHA15150d80c8c80f5e5517165735658ba589e9bae08
SHA256832b7df118119bb323186ec7c242b63ebd09dae77c369c8f5a747d597acde14a
SHA512c69b5a8950b0ece2be25301f0967bbd311ac073bf2e84fd40d8232a582d147946c20f2711a1347e1f160777fc1bc564fd82d9e55cc802970e1d05b5ba362a825
-
Filesize
72KB
MD56005ca52c8c7e14e9bdde8c1a5dc8cfb
SHA15150d80c8c80f5e5517165735658ba589e9bae08
SHA256832b7df118119bb323186ec7c242b63ebd09dae77c369c8f5a747d597acde14a
SHA512c69b5a8950b0ece2be25301f0967bbd311ac073bf2e84fd40d8232a582d147946c20f2711a1347e1f160777fc1bc564fd82d9e55cc802970e1d05b5ba362a825
-
Filesize
72KB
MD5fb8f291279f31547ccb3ad806b039628
SHA163ac02f33586132c9da5b6cd4b6030dae49ea4c7
SHA256d22688a5c0302b2d55dd9a378d907b7a62eb41ff1540f5bf299b7d3a4cf25c85
SHA51292b8741b52a5e4d908fd40dff6dba711b7f57cd0dbf453c311fdd7f51781ef972174a4679c5ac26313cde931109fcebe1b46dfd7e04150e314740844c15c0de5
-
Filesize
72KB
MD5fb8f291279f31547ccb3ad806b039628
SHA163ac02f33586132c9da5b6cd4b6030dae49ea4c7
SHA256d22688a5c0302b2d55dd9a378d907b7a62eb41ff1540f5bf299b7d3a4cf25c85
SHA51292b8741b52a5e4d908fd40dff6dba711b7f57cd0dbf453c311fdd7f51781ef972174a4679c5ac26313cde931109fcebe1b46dfd7e04150e314740844c15c0de5
-
Filesize
8KB
-
Filesize
8KB