Analysis
-
max time kernel
190s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
29-11-2022 14:14
General
-
Target
520775e51531b12507fe084b1037419fcd33faedab5fdd66c37ecfc4220dd337.exe
-
Size
72KB
-
MD5
033cff1a07ef15d8b7cb94c59626b8a0
-
SHA1
2812fa1f4a5eaaf83493018693dc0a2101d620e6
-
SHA256
520775e51531b12507fe084b1037419fcd33faedab5fdd66c37ecfc4220dd337
-
SHA512
69a1cfceff3ec55e9df3bacf9a548b494a55e471ad1affbf0edabfae93bc9e2e92f4854ef9287ec7f1919361167ffab343e0ff272c8bd2baef576f3d78e3fd36
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2I:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrP8
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 7 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\520775e51531b12507fe084b1037419fcd33faedab5fdd66c37ecfc4220dd337.exe"C:\Users\Admin\AppData\Local\Temp\520775e51531b12507fe084b1037419fcd33faedab5fdd66c37ecfc4220dd337.exe"1⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\1294037215\data.exeC:\Users\Admin\AppData\Local\Temp\1294037215\data.exe C:\Users\Admin\AppData\Local\Temp\1294037215\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\backup.exe\backup.exe \3⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\Admin\data.exeC:\PerfLogs\Admin\data.exe C:\PerfLogs\Admin\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\backup.exe"C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\8⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\8⤵
- System policy modification
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\8⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\update.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\update.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\8⤵
- System policy modification
-
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VC\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VGX\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\7⤵
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\SpeechEngines\backup.exe"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\6⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe"C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\7⤵
- Executes dropped EXE
-
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
-
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
-
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
-
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
-
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\msadc\backup.exe"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\msadc\de-DE\backup.exe"C:\Program Files\Common Files\System\msadc\de-DE\backup.exe" C:\Program Files\Common Files\System\msadc\de-DE\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\msadc\en-US\backup.exe"C:\Program Files\Common Files\System\msadc\en-US\backup.exe" C:\Program Files\Common Files\System\msadc\en-US\8⤵
-
-
C:\Program Files\Common Files\System\msadc\es-ES\update.exe"C:\Program Files\Common Files\System\msadc\es-ES\update.exe" C:\Program Files\Common Files\System\msadc\es-ES\8⤵
-
-
C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe"C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe" C:\Program Files\Common Files\System\msadc\fr-FR\8⤵
-
-
C:\Program Files\Common Files\System\msadc\it-IT\data.exe"C:\Program Files\Common Files\System\msadc\it-IT\data.exe" C:\Program Files\Common Files\System\msadc\it-IT\8⤵
-
-
-
C:\Program Files\Common Files\System\Ole DB\backup.exe"C:\Program Files\Common Files\System\Ole DB\backup.exe" C:\Program Files\Common Files\System\Ole DB\7⤵
-
-
-
-
C:\Program Files\DVD Maker\backup.exe"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\5⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\DVD Maker\de-DE\System Restore.exe"C:\Program Files\DVD Maker\de-DE\System Restore.exe" C:\Program Files\DVD Maker\de-DE\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\en-US\backup.exe"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\DVD Maker\es-ES\backup.exe"C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\fr-FR\backup.exe"C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\6⤵
-
-
C:\Program Files\DVD Maker\it-IT\backup.exe"C:\Program Files\DVD Maker\it-IT\backup.exe" C:\Program Files\DVD Maker\it-IT\6⤵
- System policy modification
-
-
C:\Program Files\DVD Maker\ja-JP\update.exe"C:\Program Files\DVD Maker\ja-JP\update.exe" C:\Program Files\DVD Maker\ja-JP\6⤵
-
-
C:\Program Files\DVD Maker\Shared\backup.exe"C:\Program Files\DVD Maker\Shared\backup.exe" C:\Program Files\DVD Maker\Shared\6⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Full\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\8⤵
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\update.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\update.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\8⤵
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Push\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Push\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Push\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\System Restore.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\System Restore.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\8⤵
-
-
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\System Restore.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\System Restore.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\9⤵
-
-
-
C:\Program Files\Google\Chrome\Application\Dictionaries\backup.exe"C:\Program Files\Google\Chrome\Application\Dictionaries\backup.exe" C:\Program Files\Google\Chrome\Application\Dictionaries\8⤵
-
-
C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe"C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\8⤵
-
-
-
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
- System policy modification
-
C:\Program Files\Internet Explorer\de-DE\backup.exe"C:\Program Files\Internet Explorer\de-DE\backup.exe" C:\Program Files\Internet Explorer\de-DE\6⤵
-
-
C:\Program Files\Internet Explorer\en-US\backup.exe"C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Internet Explorer\es-ES\backup.exe"C:\Program Files\Internet Explorer\es-ES\backup.exe" C:\Program Files\Internet Explorer\es-ES\6⤵
-
-
C:\Program Files\Internet Explorer\fr-FR\backup.exe"C:\Program Files\Internet Explorer\fr-FR\backup.exe" C:\Program Files\Internet Explorer\fr-FR\6⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Internet Explorer\images\backup.exe"C:\Program Files\Internet Explorer\images\backup.exe" C:\Program Files\Internet Explorer\images\6⤵
-
-
C:\Program Files\Internet Explorer\it-IT\backup.exe"C:\Program Files\Internet Explorer\it-IT\backup.exe" C:\Program Files\Internet Explorer\it-IT\6⤵
-
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
-
-
C:\Program Files\Microsoft Games\backup.exe"C:\Program Files\Microsoft Games\backup.exe" C:\Program Files\Microsoft Games\5⤵
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\8⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\9⤵
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\8⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\9⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\9⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\10⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\9⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\10⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\11⤵
-
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\10⤵
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\10⤵
- Disables RegEdit via registry modification
-
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\8⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\9⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\9⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\8⤵
- Disables RegEdit via registry modification
-
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
-
C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\8⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Updater6\7⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\6⤵
-
-
C:\Program Files (x86)\Common Files\DESIGNER\backup.exe"C:\Program Files (x86)\Common Files\DESIGNER\backup.exe" C:\Program Files (x86)\Common Files\DESIGNER\6⤵
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Google\CrashReports\backup.exe"C:\Program Files (x86)\Google\CrashReports\backup.exe" C:\Program Files (x86)\Google\CrashReports\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Google\Policies\backup.exe"C:\Program Files (x86)\Google\Policies\backup.exe" C:\Program Files (x86)\Google\Policies\6⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Google\Temp\backup.exe"C:\Program Files (x86)\Google\Temp\backup.exe" C:\Program Files (x86)\Google\Temp\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files (x86)\Google\Update\backup.exe"C:\Program Files (x86)\Google\Update\backup.exe" C:\Program Files (x86)\Google\Update\6⤵
-
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
-
-
C:\Program Files (x86)\Microsoft Analysis Services\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\5⤵
-
-
C:\Program Files (x86)\Microsoft Office\backup.exe"C:\Program Files (x86)\Microsoft Office\backup.exe" C:\Program Files (x86)\Microsoft Office\5⤵
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\6⤵
-
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
-
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
- Drops file in Windows directory
- System policy modification
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
-
-
C:\Windows\AppCompat\backup.exeC:\Windows\AppCompat\backup.exe C:\Windows\AppCompat\5⤵
-
-
C:\Windows\AppPatch\backup.exeC:\Windows\AppPatch\backup.exe C:\Windows\AppPatch\5⤵
-
-
C:\Windows\assembly\backup.exeC:\Windows\assembly\backup.exe C:\Windows\assembly\5⤵
-
-
C:\Windows\Branding\backup.exeC:\Windows\Branding\backup.exe C:\Windows\Branding\5⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\data.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\data.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeC:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD5cf0fbb7c06e3b727e9df8b276d29d130
SHA1797971d3916cda0f11c09ffd92f9d5b303685c90
SHA256a2671a00c756e21b56b35c9d56a98141696892e379e977b76a3961b042b3dd5c
SHA51270a4e8d7401e64de6d9e5d60944e24863f68b1c7da0644b54cc3c3c7104256ac01934999ff905773c4429b63d6478e1c0959e074b9302861fa1fef8fb7f4f583
-
Filesize
72KB
MD53fcc666d5094015f5deb977bbb7ce3fd
SHA1d4b71f2bc3c9c6736f106fff84ec915587f9d97d
SHA256c657088a0eef975552124c7fcbcf1f6cc6493ccff0e5081a87a81582d79c452f
SHA512dd239dabb77e5b56e7514cb8f95df92a8b869b3b7e828be5d0fc248f536097d26474c053538ef713e8b1b36638ca993430ac0f4968e111c5f6c8d4b1004bd9f9
-
Filesize
72KB
MD53fcc666d5094015f5deb977bbb7ce3fd
SHA1d4b71f2bc3c9c6736f106fff84ec915587f9d97d
SHA256c657088a0eef975552124c7fcbcf1f6cc6493ccff0e5081a87a81582d79c452f
SHA512dd239dabb77e5b56e7514cb8f95df92a8b869b3b7e828be5d0fc248f536097d26474c053538ef713e8b1b36638ca993430ac0f4968e111c5f6c8d4b1004bd9f9
-
Filesize
72KB
MD59f8e05d3f5ecd35ad3596559562dae69
SHA18cb05d383ad6bc97b25713b844afe57fd3a941d4
SHA256d13853617da7bf11ec9ecc36905a930b4d820c1713c36768c5a7a9d167f6aa58
SHA51240dbfa862cbe5f8efa547b8c39e18084ef95dc8b0495e2c145d469cd73999313d4c60d8f41fa78c09c387697c14208ca2249f4f5ee9e4321508b89dacf147860
-
Filesize
72KB
MD5b019112432a47b6b39980de1144c111f
SHA1b47aebb3397ffd3dbcc67ee7fceef2db8fff3a94
SHA256b845bd6a51c9bfa207c0e6aa867458c14e02ee81de9bc238f8493109d12f499f
SHA512e3a3b7fa832edc6bc076a9e6e792aae23a32c0d15247946646c2025aa0a0688080f946377a6324d1b3d9003919044205d0628be548c7bfc2c9d421ff3ae69f22
-
Filesize
72KB
MD5b019112432a47b6b39980de1144c111f
SHA1b47aebb3397ffd3dbcc67ee7fceef2db8fff3a94
SHA256b845bd6a51c9bfa207c0e6aa867458c14e02ee81de9bc238f8493109d12f499f
SHA512e3a3b7fa832edc6bc076a9e6e792aae23a32c0d15247946646c2025aa0a0688080f946377a6324d1b3d9003919044205d0628be548c7bfc2c9d421ff3ae69f22
-
Filesize
72KB
MD5fbe763d0cf5813d3642d7a236caea8c5
SHA1b66ee462e71e6676e3f2d6cfbaf90e0c0d805ac2
SHA256b08d47c7f545a625d9bd8149a271ec9cf8c01da1b79ab41338f9bebbae057041
SHA512df6e687e55bc23db410ffaa11f9e3cf8fa773f2171c87c00bcec80a401e86af2f8323be01f4cb54864246d52fd3708a77c262adeb52c2bdd5bf55f95c17af8f4
-
Filesize
72KB
MD511be52ce3d50ff8b417148e6ae46ee7a
SHA17f51659ed90ec75f136c54b5c46b796dff735edd
SHA256503850e3794ca6231394f6da73747363659d4c8ee0bec1247a8a7ada2140b581
SHA512f2ae87fd1990da19b0fd13c4fcbda9769e96b5bfb28eb61f2deb54ba201db7a67a54b7fbf4c21254d6535a149924cd198b2a1bac6dc1fdc377dc6c00f00c1902
-
Filesize
72KB
MD511be52ce3d50ff8b417148e6ae46ee7a
SHA17f51659ed90ec75f136c54b5c46b796dff735edd
SHA256503850e3794ca6231394f6da73747363659d4c8ee0bec1247a8a7ada2140b581
SHA512f2ae87fd1990da19b0fd13c4fcbda9769e96b5bfb28eb61f2deb54ba201db7a67a54b7fbf4c21254d6535a149924cd198b2a1bac6dc1fdc377dc6c00f00c1902
-
Filesize
72KB
MD5468856d250e589e4e0c007f6772159f7
SHA1c07bbeaeeade673a38d7e90164ac52461240792e
SHA256842a03147753b6b8012366dcb8770592503bf7a6d8cd2ebbc752a4f264252ea2
SHA512dab8f8ec2b943073d901a7d02e70edb82d25c3975b30dafd1810c8abb1b8a3f60da7a98166aa3208ef3ea436b988012bf7e9ace7482ddd7aa4202029e1b63e98
-
Filesize
72KB
MD5676db4accdf777fccdb6e211831ddbf1
SHA1f68a46fb4c585a10effc87109e2d0be11df97434
SHA256c930af919c9c83d746e360305d375aee96800a00f68a523687136010005eb149
SHA512d49c7cd9a7b55a5d934a3bed1229dbe0ed3b732950d1183cc93115d39224145877c002afa83780dad5164dc48ae1a6a49d150f60b96b0600e776d2872ea54188
-
Filesize
72KB
MD5676db4accdf777fccdb6e211831ddbf1
SHA1f68a46fb4c585a10effc87109e2d0be11df97434
SHA256c930af919c9c83d746e360305d375aee96800a00f68a523687136010005eb149
SHA512d49c7cd9a7b55a5d934a3bed1229dbe0ed3b732950d1183cc93115d39224145877c002afa83780dad5164dc48ae1a6a49d150f60b96b0600e776d2872ea54188
-
Filesize
72KB
MD5b083e7b99d7509bc90aa0ece21d2f39c
SHA1176be03198f160d5090d54c1f027ccd6f5f1a867
SHA256c72d4192b56f532df779d637ef29e7c503057f65e67ee0f3b98dd26229155007
SHA512fa8f175d8d8063d8857453f28a038523ad9fa2870320aec029a8483bed1a0a0eb767493dde9b7eb19e0c4ff2219538633f9c58c1154742d07d033a583febb303
-
Filesize
72KB
MD5a6db53b1294e37ff6a767d0d856a1219
SHA16f3dbcd8d5c61694cb84dc8cea99065deeb56a49
SHA256ed6a2ebf196a607be0aa16bab56227e12f2474fa6b1e41fcab6330824248ad67
SHA5129b2e8b65aa41e08906976b17157be0fa91048dbf69d00d99b9f727e8a7e605082e59e84fa15d4252bddf965e02e93e78baf1d2043e63340d4774c4b0853a3209
-
Filesize
72KB
MD5a6db53b1294e37ff6a767d0d856a1219
SHA16f3dbcd8d5c61694cb84dc8cea99065deeb56a49
SHA256ed6a2ebf196a607be0aa16bab56227e12f2474fa6b1e41fcab6330824248ad67
SHA5129b2e8b65aa41e08906976b17157be0fa91048dbf69d00d99b9f727e8a7e605082e59e84fa15d4252bddf965e02e93e78baf1d2043e63340d4774c4b0853a3209
-
Filesize
72KB
MD5871fd9c650d5091b8ce6fae226e0e0a1
SHA128f85b146ce923da76d11fce9bd223a857920694
SHA25629b9edc41a8c20eee1909ae8ed0abe5ac53e8c8735c5a9851df2d10381e69699
SHA5123a89cec5c419c6bed8bf52e1ec662e339a9643160f98f37677b414a3fedc117ba9a8286b92a8dc252ef31afaa5615ffeefacc64665ed8e064c931576e3daed36
-
Filesize
72KB
MD5871fd9c650d5091b8ce6fae226e0e0a1
SHA128f85b146ce923da76d11fce9bd223a857920694
SHA25629b9edc41a8c20eee1909ae8ed0abe5ac53e8c8735c5a9851df2d10381e69699
SHA5123a89cec5c419c6bed8bf52e1ec662e339a9643160f98f37677b414a3fedc117ba9a8286b92a8dc252ef31afaa5615ffeefacc64665ed8e064c931576e3daed36
-
Filesize
72KB
MD5b8b08b825a0e8b447e997cfd2437528f
SHA1540fd1766aa694b2d6c997391b625bcb744c782f
SHA256e7778f5bebd5a5f821456ba4c2097fe3d31b651b5d98af19bbb4d8576374a272
SHA512f226059d1302494a78262433052595a082552ca9abc2d2350347626c0f62a245915015e6695b9d9146ad2545a0d7777083d12ca763841a5861da08ede36f5e35
-
Filesize
72KB
MD5b8b08b825a0e8b447e997cfd2437528f
SHA1540fd1766aa694b2d6c997391b625bcb744c782f
SHA256e7778f5bebd5a5f821456ba4c2097fe3d31b651b5d98af19bbb4d8576374a272
SHA512f226059d1302494a78262433052595a082552ca9abc2d2350347626c0f62a245915015e6695b9d9146ad2545a0d7777083d12ca763841a5861da08ede36f5e35
-
Filesize
72KB
MD531815045b8480f6095e7ebccab0e70b3
SHA1e8ec6767b03e9a013b21e1545e8bc85a1113aec3
SHA2567c9ffe20a18d71de90169430ceef16e7b55d48d6935ec3dd59a5a27fff866cd8
SHA512c77fda36f426b09956019b3e647a218c76626c926b9147937acc7a691a7b033cb5a9dd4cadbe95fd2ca0889faf419392c2c083c1e288cf014dbc638df0fead69
-
Filesize
72KB
MD531815045b8480f6095e7ebccab0e70b3
SHA1e8ec6767b03e9a013b21e1545e8bc85a1113aec3
SHA2567c9ffe20a18d71de90169430ceef16e7b55d48d6935ec3dd59a5a27fff866cd8
SHA512c77fda36f426b09956019b3e647a218c76626c926b9147937acc7a691a7b033cb5a9dd4cadbe95fd2ca0889faf419392c2c083c1e288cf014dbc638df0fead69
-
Filesize
72KB
MD5d4dc32ca9b107524b9208c59d19b4632
SHA1c74d6fcd18d2010343f68f8781ac2ee92b268362
SHA256c661b1b40dd9c642c456f71ba69733a28b9574ea33580b2ed472d2ea7c3716f0
SHA51215659df749d1587055623e0d79f59af393fa1aa878ccce259e0fe87b856d79c914b77b54b29c6aafd877ba98782e547addc0f86e5f9ff84e747997a13ad29b50
-
Filesize
72KB
MD53a0c31d103baa9711092440689490410
SHA1b29f63eabd5aaa9d07aedb30833573038f63dd9b
SHA2568c9c31e87d5dac29b633622f9e53bc54552052d6c12ed6bef5fda019fd89fd13
SHA5128793d8cd9f7cb4ef4be5c8f23283b8ad1db1b493232f0749c7dd94d7a770820415dca56b0add7da65571624e9b7440263ccea7e07dc1b494bf1dfd1ff83cbb5b
-
Filesize
72KB
MD531815045b8480f6095e7ebccab0e70b3
SHA1e8ec6767b03e9a013b21e1545e8bc85a1113aec3
SHA2567c9ffe20a18d71de90169430ceef16e7b55d48d6935ec3dd59a5a27fff866cd8
SHA512c77fda36f426b09956019b3e647a218c76626c926b9147937acc7a691a7b033cb5a9dd4cadbe95fd2ca0889faf419392c2c083c1e288cf014dbc638df0fead69
-
Filesize
72KB
MD53a0c31d103baa9711092440689490410
SHA1b29f63eabd5aaa9d07aedb30833573038f63dd9b
SHA2568c9c31e87d5dac29b633622f9e53bc54552052d6c12ed6bef5fda019fd89fd13
SHA5128793d8cd9f7cb4ef4be5c8f23283b8ad1db1b493232f0749c7dd94d7a770820415dca56b0add7da65571624e9b7440263ccea7e07dc1b494bf1dfd1ff83cbb5b
-
Filesize
72KB
MD5b07341fa25d2c44a6ecf1327340f8ff8
SHA1d88405c20a0d2ff243f8440473cce887bb00482e
SHA2569048147fdb0185b3b9712ae18ab7f5ba57815a82de9e91c8ac75293c6c45fe87
SHA512fbd33f3cd37171e8e1f9f86851eac545ca90bc4d6384eb65f956a8a1073115d079b40c9d15b2096b45107150dde997d86e0a57dc6604184dc273a17d24e2d1a1
-
Filesize
72KB
MD5b07341fa25d2c44a6ecf1327340f8ff8
SHA1d88405c20a0d2ff243f8440473cce887bb00482e
SHA2569048147fdb0185b3b9712ae18ab7f5ba57815a82de9e91c8ac75293c6c45fe87
SHA512fbd33f3cd37171e8e1f9f86851eac545ca90bc4d6384eb65f956a8a1073115d079b40c9d15b2096b45107150dde997d86e0a57dc6604184dc273a17d24e2d1a1
-
Filesize
72KB
MD5cf0fbb7c06e3b727e9df8b276d29d130
SHA1797971d3916cda0f11c09ffd92f9d5b303685c90
SHA256a2671a00c756e21b56b35c9d56a98141696892e379e977b76a3961b042b3dd5c
SHA51270a4e8d7401e64de6d9e5d60944e24863f68b1c7da0644b54cc3c3c7104256ac01934999ff905773c4429b63d6478e1c0959e074b9302861fa1fef8fb7f4f583
-
Filesize
72KB
MD5cf0fbb7c06e3b727e9df8b276d29d130
SHA1797971d3916cda0f11c09ffd92f9d5b303685c90
SHA256a2671a00c756e21b56b35c9d56a98141696892e379e977b76a3961b042b3dd5c
SHA51270a4e8d7401e64de6d9e5d60944e24863f68b1c7da0644b54cc3c3c7104256ac01934999ff905773c4429b63d6478e1c0959e074b9302861fa1fef8fb7f4f583
-
Filesize
72KB
MD53fcc666d5094015f5deb977bbb7ce3fd
SHA1d4b71f2bc3c9c6736f106fff84ec915587f9d97d
SHA256c657088a0eef975552124c7fcbcf1f6cc6493ccff0e5081a87a81582d79c452f
SHA512dd239dabb77e5b56e7514cb8f95df92a8b869b3b7e828be5d0fc248f536097d26474c053538ef713e8b1b36638ca993430ac0f4968e111c5f6c8d4b1004bd9f9
-
Filesize
72KB
MD53fcc666d5094015f5deb977bbb7ce3fd
SHA1d4b71f2bc3c9c6736f106fff84ec915587f9d97d
SHA256c657088a0eef975552124c7fcbcf1f6cc6493ccff0e5081a87a81582d79c452f
SHA512dd239dabb77e5b56e7514cb8f95df92a8b869b3b7e828be5d0fc248f536097d26474c053538ef713e8b1b36638ca993430ac0f4968e111c5f6c8d4b1004bd9f9
-
Filesize
72KB
MD59f8e05d3f5ecd35ad3596559562dae69
SHA18cb05d383ad6bc97b25713b844afe57fd3a941d4
SHA256d13853617da7bf11ec9ecc36905a930b4d820c1713c36768c5a7a9d167f6aa58
SHA51240dbfa862cbe5f8efa547b8c39e18084ef95dc8b0495e2c145d469cd73999313d4c60d8f41fa78c09c387697c14208ca2249f4f5ee9e4321508b89dacf147860
-
Filesize
72KB
MD59f8e05d3f5ecd35ad3596559562dae69
SHA18cb05d383ad6bc97b25713b844afe57fd3a941d4
SHA256d13853617da7bf11ec9ecc36905a930b4d820c1713c36768c5a7a9d167f6aa58
SHA51240dbfa862cbe5f8efa547b8c39e18084ef95dc8b0495e2c145d469cd73999313d4c60d8f41fa78c09c387697c14208ca2249f4f5ee9e4321508b89dacf147860
-
Filesize
72KB
MD5b019112432a47b6b39980de1144c111f
SHA1b47aebb3397ffd3dbcc67ee7fceef2db8fff3a94
SHA256b845bd6a51c9bfa207c0e6aa867458c14e02ee81de9bc238f8493109d12f499f
SHA512e3a3b7fa832edc6bc076a9e6e792aae23a32c0d15247946646c2025aa0a0688080f946377a6324d1b3d9003919044205d0628be548c7bfc2c9d421ff3ae69f22
-
Filesize
72KB
MD5b019112432a47b6b39980de1144c111f
SHA1b47aebb3397ffd3dbcc67ee7fceef2db8fff3a94
SHA256b845bd6a51c9bfa207c0e6aa867458c14e02ee81de9bc238f8493109d12f499f
SHA512e3a3b7fa832edc6bc076a9e6e792aae23a32c0d15247946646c2025aa0a0688080f946377a6324d1b3d9003919044205d0628be548c7bfc2c9d421ff3ae69f22
-
Filesize
72KB
MD5fbe763d0cf5813d3642d7a236caea8c5
SHA1b66ee462e71e6676e3f2d6cfbaf90e0c0d805ac2
SHA256b08d47c7f545a625d9bd8149a271ec9cf8c01da1b79ab41338f9bebbae057041
SHA512df6e687e55bc23db410ffaa11f9e3cf8fa773f2171c87c00bcec80a401e86af2f8323be01f4cb54864246d52fd3708a77c262adeb52c2bdd5bf55f95c17af8f4
-
Filesize
72KB
MD5fbe763d0cf5813d3642d7a236caea8c5
SHA1b66ee462e71e6676e3f2d6cfbaf90e0c0d805ac2
SHA256b08d47c7f545a625d9bd8149a271ec9cf8c01da1b79ab41338f9bebbae057041
SHA512df6e687e55bc23db410ffaa11f9e3cf8fa773f2171c87c00bcec80a401e86af2f8323be01f4cb54864246d52fd3708a77c262adeb52c2bdd5bf55f95c17af8f4
-
Filesize
72KB
MD511be52ce3d50ff8b417148e6ae46ee7a
SHA17f51659ed90ec75f136c54b5c46b796dff735edd
SHA256503850e3794ca6231394f6da73747363659d4c8ee0bec1247a8a7ada2140b581
SHA512f2ae87fd1990da19b0fd13c4fcbda9769e96b5bfb28eb61f2deb54ba201db7a67a54b7fbf4c21254d6535a149924cd198b2a1bac6dc1fdc377dc6c00f00c1902
-
Filesize
72KB
MD511be52ce3d50ff8b417148e6ae46ee7a
SHA17f51659ed90ec75f136c54b5c46b796dff735edd
SHA256503850e3794ca6231394f6da73747363659d4c8ee0bec1247a8a7ada2140b581
SHA512f2ae87fd1990da19b0fd13c4fcbda9769e96b5bfb28eb61f2deb54ba201db7a67a54b7fbf4c21254d6535a149924cd198b2a1bac6dc1fdc377dc6c00f00c1902
-
Filesize
72KB
MD5468856d250e589e4e0c007f6772159f7
SHA1c07bbeaeeade673a38d7e90164ac52461240792e
SHA256842a03147753b6b8012366dcb8770592503bf7a6d8cd2ebbc752a4f264252ea2
SHA512dab8f8ec2b943073d901a7d02e70edb82d25c3975b30dafd1810c8abb1b8a3f60da7a98166aa3208ef3ea436b988012bf7e9ace7482ddd7aa4202029e1b63e98
-
Filesize
72KB
MD5468856d250e589e4e0c007f6772159f7
SHA1c07bbeaeeade673a38d7e90164ac52461240792e
SHA256842a03147753b6b8012366dcb8770592503bf7a6d8cd2ebbc752a4f264252ea2
SHA512dab8f8ec2b943073d901a7d02e70edb82d25c3975b30dafd1810c8abb1b8a3f60da7a98166aa3208ef3ea436b988012bf7e9ace7482ddd7aa4202029e1b63e98
-
Filesize
72KB
MD5676db4accdf777fccdb6e211831ddbf1
SHA1f68a46fb4c585a10effc87109e2d0be11df97434
SHA256c930af919c9c83d746e360305d375aee96800a00f68a523687136010005eb149
SHA512d49c7cd9a7b55a5d934a3bed1229dbe0ed3b732950d1183cc93115d39224145877c002afa83780dad5164dc48ae1a6a49d150f60b96b0600e776d2872ea54188
-
Filesize
72KB
MD5676db4accdf777fccdb6e211831ddbf1
SHA1f68a46fb4c585a10effc87109e2d0be11df97434
SHA256c930af919c9c83d746e360305d375aee96800a00f68a523687136010005eb149
SHA512d49c7cd9a7b55a5d934a3bed1229dbe0ed3b732950d1183cc93115d39224145877c002afa83780dad5164dc48ae1a6a49d150f60b96b0600e776d2872ea54188
-
Filesize
72KB
MD5b083e7b99d7509bc90aa0ece21d2f39c
SHA1176be03198f160d5090d54c1f027ccd6f5f1a867
SHA256c72d4192b56f532df779d637ef29e7c503057f65e67ee0f3b98dd26229155007
SHA512fa8f175d8d8063d8857453f28a038523ad9fa2870320aec029a8483bed1a0a0eb767493dde9b7eb19e0c4ff2219538633f9c58c1154742d07d033a583febb303
-
Filesize
72KB
MD5b083e7b99d7509bc90aa0ece21d2f39c
SHA1176be03198f160d5090d54c1f027ccd6f5f1a867
SHA256c72d4192b56f532df779d637ef29e7c503057f65e67ee0f3b98dd26229155007
SHA512fa8f175d8d8063d8857453f28a038523ad9fa2870320aec029a8483bed1a0a0eb767493dde9b7eb19e0c4ff2219538633f9c58c1154742d07d033a583febb303
-
Filesize
72KB
MD5d1daad83274b8c8fccd437dede52e0ea
SHA196227f277789a7a35bd83d44f42563a2ca26beab
SHA256c2cfd56b90b5f92b7594f01ee17baaeff0992e32e8a342b4eb6e52178659c472
SHA512776043e0ee1df01140fcd5a753c671dc0079f371e486d01432ba8052dcf87a84e22fd10260bf2f6e8a550b94737d8ad43215eab9df15d56b4183576a248f0ea3
-
Filesize
72KB
MD5a6db53b1294e37ff6a767d0d856a1219
SHA16f3dbcd8d5c61694cb84dc8cea99065deeb56a49
SHA256ed6a2ebf196a607be0aa16bab56227e12f2474fa6b1e41fcab6330824248ad67
SHA5129b2e8b65aa41e08906976b17157be0fa91048dbf69d00d99b9f727e8a7e605082e59e84fa15d4252bddf965e02e93e78baf1d2043e63340d4774c4b0853a3209
-
Filesize
72KB
MD5a6db53b1294e37ff6a767d0d856a1219
SHA16f3dbcd8d5c61694cb84dc8cea99065deeb56a49
SHA256ed6a2ebf196a607be0aa16bab56227e12f2474fa6b1e41fcab6330824248ad67
SHA5129b2e8b65aa41e08906976b17157be0fa91048dbf69d00d99b9f727e8a7e605082e59e84fa15d4252bddf965e02e93e78baf1d2043e63340d4774c4b0853a3209
-
Filesize
72KB
MD5871fd9c650d5091b8ce6fae226e0e0a1
SHA128f85b146ce923da76d11fce9bd223a857920694
SHA25629b9edc41a8c20eee1909ae8ed0abe5ac53e8c8735c5a9851df2d10381e69699
SHA5123a89cec5c419c6bed8bf52e1ec662e339a9643160f98f37677b414a3fedc117ba9a8286b92a8dc252ef31afaa5615ffeefacc64665ed8e064c931576e3daed36
-
Filesize
72KB
MD5871fd9c650d5091b8ce6fae226e0e0a1
SHA128f85b146ce923da76d11fce9bd223a857920694
SHA25629b9edc41a8c20eee1909ae8ed0abe5ac53e8c8735c5a9851df2d10381e69699
SHA5123a89cec5c419c6bed8bf52e1ec662e339a9643160f98f37677b414a3fedc117ba9a8286b92a8dc252ef31afaa5615ffeefacc64665ed8e064c931576e3daed36
-
Filesize
72KB
MD5b8b08b825a0e8b447e997cfd2437528f
SHA1540fd1766aa694b2d6c997391b625bcb744c782f
SHA256e7778f5bebd5a5f821456ba4c2097fe3d31b651b5d98af19bbb4d8576374a272
SHA512f226059d1302494a78262433052595a082552ca9abc2d2350347626c0f62a245915015e6695b9d9146ad2545a0d7777083d12ca763841a5861da08ede36f5e35
-
Filesize
72KB
MD5b8b08b825a0e8b447e997cfd2437528f
SHA1540fd1766aa694b2d6c997391b625bcb744c782f
SHA256e7778f5bebd5a5f821456ba4c2097fe3d31b651b5d98af19bbb4d8576374a272
SHA512f226059d1302494a78262433052595a082552ca9abc2d2350347626c0f62a245915015e6695b9d9146ad2545a0d7777083d12ca763841a5861da08ede36f5e35
-
Filesize
72KB
MD531815045b8480f6095e7ebccab0e70b3
SHA1e8ec6767b03e9a013b21e1545e8bc85a1113aec3
SHA2567c9ffe20a18d71de90169430ceef16e7b55d48d6935ec3dd59a5a27fff866cd8
SHA512c77fda36f426b09956019b3e647a218c76626c926b9147937acc7a691a7b033cb5a9dd4cadbe95fd2ca0889faf419392c2c083c1e288cf014dbc638df0fead69
-
Filesize
72KB
MD531815045b8480f6095e7ebccab0e70b3
SHA1e8ec6767b03e9a013b21e1545e8bc85a1113aec3
SHA2567c9ffe20a18d71de90169430ceef16e7b55d48d6935ec3dd59a5a27fff866cd8
SHA512c77fda36f426b09956019b3e647a218c76626c926b9147937acc7a691a7b033cb5a9dd4cadbe95fd2ca0889faf419392c2c083c1e288cf014dbc638df0fead69
-
Filesize
72KB
MD531815045b8480f6095e7ebccab0e70b3
SHA1e8ec6767b03e9a013b21e1545e8bc85a1113aec3
SHA2567c9ffe20a18d71de90169430ceef16e7b55d48d6935ec3dd59a5a27fff866cd8
SHA512c77fda36f426b09956019b3e647a218c76626c926b9147937acc7a691a7b033cb5a9dd4cadbe95fd2ca0889faf419392c2c083c1e288cf014dbc638df0fead69
-
Filesize
72KB
MD531815045b8480f6095e7ebccab0e70b3
SHA1e8ec6767b03e9a013b21e1545e8bc85a1113aec3
SHA2567c9ffe20a18d71de90169430ceef16e7b55d48d6935ec3dd59a5a27fff866cd8
SHA512c77fda36f426b09956019b3e647a218c76626c926b9147937acc7a691a7b033cb5a9dd4cadbe95fd2ca0889faf419392c2c083c1e288cf014dbc638df0fead69
-
Filesize
72KB
MD5d4dc32ca9b107524b9208c59d19b4632
SHA1c74d6fcd18d2010343f68f8781ac2ee92b268362
SHA256c661b1b40dd9c642c456f71ba69733a28b9574ea33580b2ed472d2ea7c3716f0
SHA51215659df749d1587055623e0d79f59af393fa1aa878ccce259e0fe87b856d79c914b77b54b29c6aafd877ba98782e547addc0f86e5f9ff84e747997a13ad29b50
-
Filesize
72KB
MD5d4dc32ca9b107524b9208c59d19b4632
SHA1c74d6fcd18d2010343f68f8781ac2ee92b268362
SHA256c661b1b40dd9c642c456f71ba69733a28b9574ea33580b2ed472d2ea7c3716f0
SHA51215659df749d1587055623e0d79f59af393fa1aa878ccce259e0fe87b856d79c914b77b54b29c6aafd877ba98782e547addc0f86e5f9ff84e747997a13ad29b50
-
Filesize
72KB
MD53a0c31d103baa9711092440689490410
SHA1b29f63eabd5aaa9d07aedb30833573038f63dd9b
SHA2568c9c31e87d5dac29b633622f9e53bc54552052d6c12ed6bef5fda019fd89fd13
SHA5128793d8cd9f7cb4ef4be5c8f23283b8ad1db1b493232f0749c7dd94d7a770820415dca56b0add7da65571624e9b7440263ccea7e07dc1b494bf1dfd1ff83cbb5b
-
Filesize
72KB
MD53a0c31d103baa9711092440689490410
SHA1b29f63eabd5aaa9d07aedb30833573038f63dd9b
SHA2568c9c31e87d5dac29b633622f9e53bc54552052d6c12ed6bef5fda019fd89fd13
SHA5128793d8cd9f7cb4ef4be5c8f23283b8ad1db1b493232f0749c7dd94d7a770820415dca56b0add7da65571624e9b7440263ccea7e07dc1b494bf1dfd1ff83cbb5b
-
Filesize
72KB
MD531815045b8480f6095e7ebccab0e70b3
SHA1e8ec6767b03e9a013b21e1545e8bc85a1113aec3
SHA2567c9ffe20a18d71de90169430ceef16e7b55d48d6935ec3dd59a5a27fff866cd8
SHA512c77fda36f426b09956019b3e647a218c76626c926b9147937acc7a691a7b033cb5a9dd4cadbe95fd2ca0889faf419392c2c083c1e288cf014dbc638df0fead69
-
Filesize
72KB
MD531815045b8480f6095e7ebccab0e70b3
SHA1e8ec6767b03e9a013b21e1545e8bc85a1113aec3
SHA2567c9ffe20a18d71de90169430ceef16e7b55d48d6935ec3dd59a5a27fff866cd8
SHA512c77fda36f426b09956019b3e647a218c76626c926b9147937acc7a691a7b033cb5a9dd4cadbe95fd2ca0889faf419392c2c083c1e288cf014dbc638df0fead69
-
Filesize
72KB
MD53a0c31d103baa9711092440689490410
SHA1b29f63eabd5aaa9d07aedb30833573038f63dd9b
SHA2568c9c31e87d5dac29b633622f9e53bc54552052d6c12ed6bef5fda019fd89fd13
SHA5128793d8cd9f7cb4ef4be5c8f23283b8ad1db1b493232f0749c7dd94d7a770820415dca56b0add7da65571624e9b7440263ccea7e07dc1b494bf1dfd1ff83cbb5b
-
Filesize
72KB
MD53a0c31d103baa9711092440689490410
SHA1b29f63eabd5aaa9d07aedb30833573038f63dd9b
SHA2568c9c31e87d5dac29b633622f9e53bc54552052d6c12ed6bef5fda019fd89fd13
SHA5128793d8cd9f7cb4ef4be5c8f23283b8ad1db1b493232f0749c7dd94d7a770820415dca56b0add7da65571624e9b7440263ccea7e07dc1b494bf1dfd1ff83cbb5b
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Filesize
8KB
-
Filesize
8KB
-
-
-
-
-
-