Analysis
-
max time kernel
120s -
max time network
193s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
29-11-2022 14:19
General
-
Target
39da27dab2fcebbba687e8278aa10a4cb0a66378e6aa633feff2b273d952c52a.exe
-
Size
72KB
-
MD5
9cb946578645e32db35a5fc5b35ec5a4
-
SHA1
54c309208c6cdb670e34c0b06f80facf57214d07
-
SHA256
39da27dab2fcebbba687e8278aa10a4cb0a66378e6aa633feff2b273d952c52a
-
SHA512
667a0666a0ba962b40a16e7482dde4090b77700c85623a57da49074ff455c9112ddc3976e3863005a4dc5798f0c885bde3492516b9cc604a8b11c8550b8cbe68
-
SSDEEP
384:TA6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGfM:EpQNwC3BEddsEqOt/hyJF+x3BEJwRrh
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 60 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\39da27dab2fcebbba687e8278aa10a4cb0a66378e6aa633feff2b273d952c52a.exe"C:\Users\Admin\AppData\Local\Temp\39da27dab2fcebbba687e8278aa10a4cb0a66378e6aa633feff2b273d952c52a.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\1819793539\backup.exeC:\Users\Admin\AppData\Local\Temp\1819793539\backup.exe C:\Users\Admin\AppData\Local\Temp\1819793539\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\backup.exe\backup.exe \3⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\Admin\backup.exeC:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\update.exe"C:\Program Files\Common Files\Microsoft Shared\update.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\9⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\9⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\7⤵
-
-
-
C:\Program Files\Common Files\Services\update.exe"C:\Program Files\Common Files\Services\update.exe" C:\Program Files\Common Files\Services\6⤵
- Executes dropped EXE
-
-
C:\Program Files\Common Files\SpeechEngines\backup.exe"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\6⤵
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
-
-
-
-
C:\Program Files\DVD Maker\backup.exe"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\DVD Maker\de-DE\backup.exe"C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\en-US\backup.exe"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\es-ES\update.exe"C:\Program Files\DVD Maker\es-ES\update.exe" C:\Program Files\DVD Maker\es-ES\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\DVD Maker\fr-FR\backup.exe"C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\DVD Maker\it-IT\backup.exe"C:\Program Files\DVD Maker\it-IT\backup.exe" C:\Program Files\DVD Maker\it-IT\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\ja-JP\backup.exe"C:\Program Files\DVD Maker\ja-JP\backup.exe" C:\Program Files\DVD Maker\ja-JP\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\backup.exe"C:\Program Files\DVD Maker\Shared\backup.exe" C:\Program Files\DVD Maker\Shared\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\8⤵
-
-
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
-
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
-
C:\Program Files\Internet Explorer\de-DE\backup.exe"C:\Program Files\Internet Explorer\de-DE\backup.exe" C:\Program Files\Internet Explorer\de-DE\6⤵
-
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
-
-
-
C:\Program Files (x86)\data.exe"C:\Program Files (x86)\data.exe" C:\Program Files (x86)\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\8⤵
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\8⤵
-
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
-
-
-
C:\Program Files (x86)\Google\data.exe"C:\Program Files (x86)\Google\data.exe" C:\Program Files (x86)\Google\5⤵
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
-
-
C:\Windows\update.exeC:\Windows\update.exe C:\Windows\4⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\System Restore.exe"C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\System Restore.exe" C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeC:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD590840066cd6a3e4c5a2de36be9dd89bc
SHA17eb2e2f0f0b3efe1321c68aa76d1237a55e05224
SHA2564813608c61914e215d61f2467a1104b4434525b7040c318901e32eddc24769ef
SHA5120632d1a548d940e8106b9202a886e117c74ad3520b394b08661c81609aec636595329d4d640747a71955003e14e59d644d28642aa210e9c3a7f9460eee6d6c4b
-
Filesize
72KB
MD53763b435107682301d3a309b27050663
SHA109ec66ef2c33255f23b214e1822869e9ae04f48a
SHA256bca471a3a09d9f63c42239b3fb3e5752ee5683945e5e00fe989ff393d4702d19
SHA5120458cae905668cf8e0d34ae34a5303bcba9dfcad7621a195b2c62d94978551ef6738516ccf3806acc9057702b7260f5544f2b64f5077ccdefb35f6f88b5e0f7f
-
Filesize
72KB
MD53763b435107682301d3a309b27050663
SHA109ec66ef2c33255f23b214e1822869e9ae04f48a
SHA256bca471a3a09d9f63c42239b3fb3e5752ee5683945e5e00fe989ff393d4702d19
SHA5120458cae905668cf8e0d34ae34a5303bcba9dfcad7621a195b2c62d94978551ef6738516ccf3806acc9057702b7260f5544f2b64f5077ccdefb35f6f88b5e0f7f
-
Filesize
72KB
MD50e20967385b759742509f48dbab39c6c
SHA1cc4b494605c295f4ff507a83ae65e7019b62bba5
SHA256aa24b1f12547ac8132895a30e84711774fbd110b53fe3cd026a7857d7dba8478
SHA512d799ee4647c8e824b32f9881c12d9038e063dcec3073a63f49b05f07d891d2cea958f2cf63599c74c698d7311c3aaaf1c8c551a2e0ba3362e86b8281b99ac7a5
-
Filesize
72KB
MD5ed1570029c5fecf35970f7e6dafeefe1
SHA13f1b66cf474bd4c839aabbb76f33d5431a0ba8c9
SHA25641bce8a797c7574f7389a45afeded7f4d41bad810e2735b328084eff405e217b
SHA5120d94783e8f1458bd3ee9b38d0bf4d433935aba377a7fc63ead6756fcde5757fe2ba5f7df2194e5d0280a5759327377be3dee7637c0bcdc550833674e36acb6b2
-
Filesize
72KB
MD5ed1570029c5fecf35970f7e6dafeefe1
SHA13f1b66cf474bd4c839aabbb76f33d5431a0ba8c9
SHA25641bce8a797c7574f7389a45afeded7f4d41bad810e2735b328084eff405e217b
SHA5120d94783e8f1458bd3ee9b38d0bf4d433935aba377a7fc63ead6756fcde5757fe2ba5f7df2194e5d0280a5759327377be3dee7637c0bcdc550833674e36acb6b2
-
Filesize
72KB
MD5c3995eba7e6dc4d61e911b6df47b199c
SHA172282537230566b4ce840c46ae2ecda49ca50154
SHA256346596a16d16cf4eb2fb67f436a015fdeb31a3f6de574285f1c9009b13c2fd6a
SHA512917af0f50b72b7a242ebb7ab994889316dd5d327fe638d6fa1b7cb13cca8d8571905c0d79bf904c78fdb2e7f4092055fe288fe3e85c63efc2e33c9c3ce09c59f
-
Filesize
72KB
MD5c3995eba7e6dc4d61e911b6df47b199c
SHA172282537230566b4ce840c46ae2ecda49ca50154
SHA256346596a16d16cf4eb2fb67f436a015fdeb31a3f6de574285f1c9009b13c2fd6a
SHA512917af0f50b72b7a242ebb7ab994889316dd5d327fe638d6fa1b7cb13cca8d8571905c0d79bf904c78fdb2e7f4092055fe288fe3e85c63efc2e33c9c3ce09c59f
-
Filesize
72KB
MD5c3995eba7e6dc4d61e911b6df47b199c
SHA172282537230566b4ce840c46ae2ecda49ca50154
SHA256346596a16d16cf4eb2fb67f436a015fdeb31a3f6de574285f1c9009b13c2fd6a
SHA512917af0f50b72b7a242ebb7ab994889316dd5d327fe638d6fa1b7cb13cca8d8571905c0d79bf904c78fdb2e7f4092055fe288fe3e85c63efc2e33c9c3ce09c59f
-
Filesize
72KB
MD5c3995eba7e6dc4d61e911b6df47b199c
SHA172282537230566b4ce840c46ae2ecda49ca50154
SHA256346596a16d16cf4eb2fb67f436a015fdeb31a3f6de574285f1c9009b13c2fd6a
SHA512917af0f50b72b7a242ebb7ab994889316dd5d327fe638d6fa1b7cb13cca8d8571905c0d79bf904c78fdb2e7f4092055fe288fe3e85c63efc2e33c9c3ce09c59f
-
Filesize
72KB
MD50e20967385b759742509f48dbab39c6c
SHA1cc4b494605c295f4ff507a83ae65e7019b62bba5
SHA256aa24b1f12547ac8132895a30e84711774fbd110b53fe3cd026a7857d7dba8478
SHA512d799ee4647c8e824b32f9881c12d9038e063dcec3073a63f49b05f07d891d2cea958f2cf63599c74c698d7311c3aaaf1c8c551a2e0ba3362e86b8281b99ac7a5
-
Filesize
72KB
MD50e20967385b759742509f48dbab39c6c
SHA1cc4b494605c295f4ff507a83ae65e7019b62bba5
SHA256aa24b1f12547ac8132895a30e84711774fbd110b53fe3cd026a7857d7dba8478
SHA512d799ee4647c8e824b32f9881c12d9038e063dcec3073a63f49b05f07d891d2cea958f2cf63599c74c698d7311c3aaaf1c8c551a2e0ba3362e86b8281b99ac7a5
-
Filesize
72KB
MD5ed1570029c5fecf35970f7e6dafeefe1
SHA13f1b66cf474bd4c839aabbb76f33d5431a0ba8c9
SHA25641bce8a797c7574f7389a45afeded7f4d41bad810e2735b328084eff405e217b
SHA5120d94783e8f1458bd3ee9b38d0bf4d433935aba377a7fc63ead6756fcde5757fe2ba5f7df2194e5d0280a5759327377be3dee7637c0bcdc550833674e36acb6b2
-
Filesize
72KB
MD5ed1570029c5fecf35970f7e6dafeefe1
SHA13f1b66cf474bd4c839aabbb76f33d5431a0ba8c9
SHA25641bce8a797c7574f7389a45afeded7f4d41bad810e2735b328084eff405e217b
SHA5120d94783e8f1458bd3ee9b38d0bf4d433935aba377a7fc63ead6756fcde5757fe2ba5f7df2194e5d0280a5759327377be3dee7637c0bcdc550833674e36acb6b2
-
Filesize
72KB
MD59d28bfdc8b271cc8a13adf1f31cc125e
SHA1efb171b3fa58352f0efb8038fce9b25ed931277d
SHA25684258d8276ec67f7812f6a6567b33d361f22ef05d8a2a5d35d09518cf9f6e597
SHA5129a680066e63a30b57db2a6963915de14a65a4064cab6bc09402ed0ccefa788abefe8f5ca2eb79afbda5240b55b3c5feea0c6613bda83fca96cc098cf14bc478f
-
Filesize
72KB
MD59d28bfdc8b271cc8a13adf1f31cc125e
SHA1efb171b3fa58352f0efb8038fce9b25ed931277d
SHA25684258d8276ec67f7812f6a6567b33d361f22ef05d8a2a5d35d09518cf9f6e597
SHA5129a680066e63a30b57db2a6963915de14a65a4064cab6bc09402ed0ccefa788abefe8f5ca2eb79afbda5240b55b3c5feea0c6613bda83fca96cc098cf14bc478f
-
Filesize
72KB
MD5770946603de162ad15394a55e85f5bd9
SHA14718a5c1982d03915831559216aa8a419d5f4b75
SHA256e060fdb1548ad4cc441a672951bdfc0ca1dff20592437cca418d7a1a8d826165
SHA5127e241a55efdf11ab2b5aaf875f393ed4f8876e2ad25a18419873a2016e0df0aaeed678c8aa570e17607c479c04b7b32294d6daea17b0dff7cf56f59f68a20e0e
-
Filesize
72KB
MD5770946603de162ad15394a55e85f5bd9
SHA14718a5c1982d03915831559216aa8a419d5f4b75
SHA256e060fdb1548ad4cc441a672951bdfc0ca1dff20592437cca418d7a1a8d826165
SHA5127e241a55efdf11ab2b5aaf875f393ed4f8876e2ad25a18419873a2016e0df0aaeed678c8aa570e17607c479c04b7b32294d6daea17b0dff7cf56f59f68a20e0e
-
Filesize
72KB
MD5770946603de162ad15394a55e85f5bd9
SHA14718a5c1982d03915831559216aa8a419d5f4b75
SHA256e060fdb1548ad4cc441a672951bdfc0ca1dff20592437cca418d7a1a8d826165
SHA5127e241a55efdf11ab2b5aaf875f393ed4f8876e2ad25a18419873a2016e0df0aaeed678c8aa570e17607c479c04b7b32294d6daea17b0dff7cf56f59f68a20e0e
-
Filesize
72KB
MD5770946603de162ad15394a55e85f5bd9
SHA14718a5c1982d03915831559216aa8a419d5f4b75
SHA256e060fdb1548ad4cc441a672951bdfc0ca1dff20592437cca418d7a1a8d826165
SHA5127e241a55efdf11ab2b5aaf875f393ed4f8876e2ad25a18419873a2016e0df0aaeed678c8aa570e17607c479c04b7b32294d6daea17b0dff7cf56f59f68a20e0e
-
Filesize
72KB
MD5770946603de162ad15394a55e85f5bd9
SHA14718a5c1982d03915831559216aa8a419d5f4b75
SHA256e060fdb1548ad4cc441a672951bdfc0ca1dff20592437cca418d7a1a8d826165
SHA5127e241a55efdf11ab2b5aaf875f393ed4f8876e2ad25a18419873a2016e0df0aaeed678c8aa570e17607c479c04b7b32294d6daea17b0dff7cf56f59f68a20e0e
-
Filesize
72KB
MD5770946603de162ad15394a55e85f5bd9
SHA14718a5c1982d03915831559216aa8a419d5f4b75
SHA256e060fdb1548ad4cc441a672951bdfc0ca1dff20592437cca418d7a1a8d826165
SHA5127e241a55efdf11ab2b5aaf875f393ed4f8876e2ad25a18419873a2016e0df0aaeed678c8aa570e17607c479c04b7b32294d6daea17b0dff7cf56f59f68a20e0e
-
Filesize
72KB
MD5770946603de162ad15394a55e85f5bd9
SHA14718a5c1982d03915831559216aa8a419d5f4b75
SHA256e060fdb1548ad4cc441a672951bdfc0ca1dff20592437cca418d7a1a8d826165
SHA5127e241a55efdf11ab2b5aaf875f393ed4f8876e2ad25a18419873a2016e0df0aaeed678c8aa570e17607c479c04b7b32294d6daea17b0dff7cf56f59f68a20e0e
-
Filesize
72KB
MD5770946603de162ad15394a55e85f5bd9
SHA14718a5c1982d03915831559216aa8a419d5f4b75
SHA256e060fdb1548ad4cc441a672951bdfc0ca1dff20592437cca418d7a1a8d826165
SHA5127e241a55efdf11ab2b5aaf875f393ed4f8876e2ad25a18419873a2016e0df0aaeed678c8aa570e17607c479c04b7b32294d6daea17b0dff7cf56f59f68a20e0e
-
Filesize
72KB
MD589a637fdb62468c5473dfec7606003e4
SHA1758b37619976d5299f861aeb33dcaa74e165458c
SHA256347df4cf81569fee65e695e8b592cbff5d9915ffd5a5538780dfee997c75c39c
SHA51293928d1428f1c87ace3123f489b4e3b4075a51b5f00650a9d27d2f4399bbcb6a08620ba1f6bc1932db4f0e67d204cb1707b125e00614386367258355127ae9fd
-
Filesize
72KB
MD589a637fdb62468c5473dfec7606003e4
SHA1758b37619976d5299f861aeb33dcaa74e165458c
SHA256347df4cf81569fee65e695e8b592cbff5d9915ffd5a5538780dfee997c75c39c
SHA51293928d1428f1c87ace3123f489b4e3b4075a51b5f00650a9d27d2f4399bbcb6a08620ba1f6bc1932db4f0e67d204cb1707b125e00614386367258355127ae9fd
-
Filesize
72KB
MD590840066cd6a3e4c5a2de36be9dd89bc
SHA17eb2e2f0f0b3efe1321c68aa76d1237a55e05224
SHA2564813608c61914e215d61f2467a1104b4434525b7040c318901e32eddc24769ef
SHA5120632d1a548d940e8106b9202a886e117c74ad3520b394b08661c81609aec636595329d4d640747a71955003e14e59d644d28642aa210e9c3a7f9460eee6d6c4b
-
Filesize
72KB
MD590840066cd6a3e4c5a2de36be9dd89bc
SHA17eb2e2f0f0b3efe1321c68aa76d1237a55e05224
SHA2564813608c61914e215d61f2467a1104b4434525b7040c318901e32eddc24769ef
SHA5120632d1a548d940e8106b9202a886e117c74ad3520b394b08661c81609aec636595329d4d640747a71955003e14e59d644d28642aa210e9c3a7f9460eee6d6c4b
-
Filesize
72KB
MD53763b435107682301d3a309b27050663
SHA109ec66ef2c33255f23b214e1822869e9ae04f48a
SHA256bca471a3a09d9f63c42239b3fb3e5752ee5683945e5e00fe989ff393d4702d19
SHA5120458cae905668cf8e0d34ae34a5303bcba9dfcad7621a195b2c62d94978551ef6738516ccf3806acc9057702b7260f5544f2b64f5077ccdefb35f6f88b5e0f7f
-
Filesize
72KB
MD53763b435107682301d3a309b27050663
SHA109ec66ef2c33255f23b214e1822869e9ae04f48a
SHA256bca471a3a09d9f63c42239b3fb3e5752ee5683945e5e00fe989ff393d4702d19
SHA5120458cae905668cf8e0d34ae34a5303bcba9dfcad7621a195b2c62d94978551ef6738516ccf3806acc9057702b7260f5544f2b64f5077ccdefb35f6f88b5e0f7f
-
Filesize
72KB
MD50e20967385b759742509f48dbab39c6c
SHA1cc4b494605c295f4ff507a83ae65e7019b62bba5
SHA256aa24b1f12547ac8132895a30e84711774fbd110b53fe3cd026a7857d7dba8478
SHA512d799ee4647c8e824b32f9881c12d9038e063dcec3073a63f49b05f07d891d2cea958f2cf63599c74c698d7311c3aaaf1c8c551a2e0ba3362e86b8281b99ac7a5
-
Filesize
72KB
MD50e20967385b759742509f48dbab39c6c
SHA1cc4b494605c295f4ff507a83ae65e7019b62bba5
SHA256aa24b1f12547ac8132895a30e84711774fbd110b53fe3cd026a7857d7dba8478
SHA512d799ee4647c8e824b32f9881c12d9038e063dcec3073a63f49b05f07d891d2cea958f2cf63599c74c698d7311c3aaaf1c8c551a2e0ba3362e86b8281b99ac7a5
-
Filesize
72KB
MD5ed1570029c5fecf35970f7e6dafeefe1
SHA13f1b66cf474bd4c839aabbb76f33d5431a0ba8c9
SHA25641bce8a797c7574f7389a45afeded7f4d41bad810e2735b328084eff405e217b
SHA5120d94783e8f1458bd3ee9b38d0bf4d433935aba377a7fc63ead6756fcde5757fe2ba5f7df2194e5d0280a5759327377be3dee7637c0bcdc550833674e36acb6b2
-
Filesize
72KB
MD5ed1570029c5fecf35970f7e6dafeefe1
SHA13f1b66cf474bd4c839aabbb76f33d5431a0ba8c9
SHA25641bce8a797c7574f7389a45afeded7f4d41bad810e2735b328084eff405e217b
SHA5120d94783e8f1458bd3ee9b38d0bf4d433935aba377a7fc63ead6756fcde5757fe2ba5f7df2194e5d0280a5759327377be3dee7637c0bcdc550833674e36acb6b2
-
Filesize
72KB
MD5c3995eba7e6dc4d61e911b6df47b199c
SHA172282537230566b4ce840c46ae2ecda49ca50154
SHA256346596a16d16cf4eb2fb67f436a015fdeb31a3f6de574285f1c9009b13c2fd6a
SHA512917af0f50b72b7a242ebb7ab994889316dd5d327fe638d6fa1b7cb13cca8d8571905c0d79bf904c78fdb2e7f4092055fe288fe3e85c63efc2e33c9c3ce09c59f
-
Filesize
72KB
MD5c3995eba7e6dc4d61e911b6df47b199c
SHA172282537230566b4ce840c46ae2ecda49ca50154
SHA256346596a16d16cf4eb2fb67f436a015fdeb31a3f6de574285f1c9009b13c2fd6a
SHA512917af0f50b72b7a242ebb7ab994889316dd5d327fe638d6fa1b7cb13cca8d8571905c0d79bf904c78fdb2e7f4092055fe288fe3e85c63efc2e33c9c3ce09c59f
-
Filesize
72KB
MD5c3995eba7e6dc4d61e911b6df47b199c
SHA172282537230566b4ce840c46ae2ecda49ca50154
SHA256346596a16d16cf4eb2fb67f436a015fdeb31a3f6de574285f1c9009b13c2fd6a
SHA512917af0f50b72b7a242ebb7ab994889316dd5d327fe638d6fa1b7cb13cca8d8571905c0d79bf904c78fdb2e7f4092055fe288fe3e85c63efc2e33c9c3ce09c59f
-
Filesize
72KB
MD5c3995eba7e6dc4d61e911b6df47b199c
SHA172282537230566b4ce840c46ae2ecda49ca50154
SHA256346596a16d16cf4eb2fb67f436a015fdeb31a3f6de574285f1c9009b13c2fd6a
SHA512917af0f50b72b7a242ebb7ab994889316dd5d327fe638d6fa1b7cb13cca8d8571905c0d79bf904c78fdb2e7f4092055fe288fe3e85c63efc2e33c9c3ce09c59f
-
Filesize
72KB
MD5c3995eba7e6dc4d61e911b6df47b199c
SHA172282537230566b4ce840c46ae2ecda49ca50154
SHA256346596a16d16cf4eb2fb67f436a015fdeb31a3f6de574285f1c9009b13c2fd6a
SHA512917af0f50b72b7a242ebb7ab994889316dd5d327fe638d6fa1b7cb13cca8d8571905c0d79bf904c78fdb2e7f4092055fe288fe3e85c63efc2e33c9c3ce09c59f
-
Filesize
72KB
MD5c3995eba7e6dc4d61e911b6df47b199c
SHA172282537230566b4ce840c46ae2ecda49ca50154
SHA256346596a16d16cf4eb2fb67f436a015fdeb31a3f6de574285f1c9009b13c2fd6a
SHA512917af0f50b72b7a242ebb7ab994889316dd5d327fe638d6fa1b7cb13cca8d8571905c0d79bf904c78fdb2e7f4092055fe288fe3e85c63efc2e33c9c3ce09c59f
-
Filesize
72KB
MD5c3995eba7e6dc4d61e911b6df47b199c
SHA172282537230566b4ce840c46ae2ecda49ca50154
SHA256346596a16d16cf4eb2fb67f436a015fdeb31a3f6de574285f1c9009b13c2fd6a
SHA512917af0f50b72b7a242ebb7ab994889316dd5d327fe638d6fa1b7cb13cca8d8571905c0d79bf904c78fdb2e7f4092055fe288fe3e85c63efc2e33c9c3ce09c59f
-
Filesize
72KB
MD5c3995eba7e6dc4d61e911b6df47b199c
SHA172282537230566b4ce840c46ae2ecda49ca50154
SHA256346596a16d16cf4eb2fb67f436a015fdeb31a3f6de574285f1c9009b13c2fd6a
SHA512917af0f50b72b7a242ebb7ab994889316dd5d327fe638d6fa1b7cb13cca8d8571905c0d79bf904c78fdb2e7f4092055fe288fe3e85c63efc2e33c9c3ce09c59f
-
Filesize
72KB
MD50e20967385b759742509f48dbab39c6c
SHA1cc4b494605c295f4ff507a83ae65e7019b62bba5
SHA256aa24b1f12547ac8132895a30e84711774fbd110b53fe3cd026a7857d7dba8478
SHA512d799ee4647c8e824b32f9881c12d9038e063dcec3073a63f49b05f07d891d2cea958f2cf63599c74c698d7311c3aaaf1c8c551a2e0ba3362e86b8281b99ac7a5
-
Filesize
72KB
MD50e20967385b759742509f48dbab39c6c
SHA1cc4b494605c295f4ff507a83ae65e7019b62bba5
SHA256aa24b1f12547ac8132895a30e84711774fbd110b53fe3cd026a7857d7dba8478
SHA512d799ee4647c8e824b32f9881c12d9038e063dcec3073a63f49b05f07d891d2cea958f2cf63599c74c698d7311c3aaaf1c8c551a2e0ba3362e86b8281b99ac7a5
-
Filesize
72KB
MD50e20967385b759742509f48dbab39c6c
SHA1cc4b494605c295f4ff507a83ae65e7019b62bba5
SHA256aa24b1f12547ac8132895a30e84711774fbd110b53fe3cd026a7857d7dba8478
SHA512d799ee4647c8e824b32f9881c12d9038e063dcec3073a63f49b05f07d891d2cea958f2cf63599c74c698d7311c3aaaf1c8c551a2e0ba3362e86b8281b99ac7a5
-
Filesize
72KB
MD50e20967385b759742509f48dbab39c6c
SHA1cc4b494605c295f4ff507a83ae65e7019b62bba5
SHA256aa24b1f12547ac8132895a30e84711774fbd110b53fe3cd026a7857d7dba8478
SHA512d799ee4647c8e824b32f9881c12d9038e063dcec3073a63f49b05f07d891d2cea958f2cf63599c74c698d7311c3aaaf1c8c551a2e0ba3362e86b8281b99ac7a5
-
Filesize
72KB
MD5ed1570029c5fecf35970f7e6dafeefe1
SHA13f1b66cf474bd4c839aabbb76f33d5431a0ba8c9
SHA25641bce8a797c7574f7389a45afeded7f4d41bad810e2735b328084eff405e217b
SHA5120d94783e8f1458bd3ee9b38d0bf4d433935aba377a7fc63ead6756fcde5757fe2ba5f7df2194e5d0280a5759327377be3dee7637c0bcdc550833674e36acb6b2
-
Filesize
72KB
MD5ed1570029c5fecf35970f7e6dafeefe1
SHA13f1b66cf474bd4c839aabbb76f33d5431a0ba8c9
SHA25641bce8a797c7574f7389a45afeded7f4d41bad810e2735b328084eff405e217b
SHA5120d94783e8f1458bd3ee9b38d0bf4d433935aba377a7fc63ead6756fcde5757fe2ba5f7df2194e5d0280a5759327377be3dee7637c0bcdc550833674e36acb6b2
-
Filesize
72KB
MD59d28bfdc8b271cc8a13adf1f31cc125e
SHA1efb171b3fa58352f0efb8038fce9b25ed931277d
SHA25684258d8276ec67f7812f6a6567b33d361f22ef05d8a2a5d35d09518cf9f6e597
SHA5129a680066e63a30b57db2a6963915de14a65a4064cab6bc09402ed0ccefa788abefe8f5ca2eb79afbda5240b55b3c5feea0c6613bda83fca96cc098cf14bc478f
-
Filesize
72KB
MD59d28bfdc8b271cc8a13adf1f31cc125e
SHA1efb171b3fa58352f0efb8038fce9b25ed931277d
SHA25684258d8276ec67f7812f6a6567b33d361f22ef05d8a2a5d35d09518cf9f6e597
SHA5129a680066e63a30b57db2a6963915de14a65a4064cab6bc09402ed0ccefa788abefe8f5ca2eb79afbda5240b55b3c5feea0c6613bda83fca96cc098cf14bc478f
-
Filesize
72KB
MD5770946603de162ad15394a55e85f5bd9
SHA14718a5c1982d03915831559216aa8a419d5f4b75
SHA256e060fdb1548ad4cc441a672951bdfc0ca1dff20592437cca418d7a1a8d826165
SHA5127e241a55efdf11ab2b5aaf875f393ed4f8876e2ad25a18419873a2016e0df0aaeed678c8aa570e17607c479c04b7b32294d6daea17b0dff7cf56f59f68a20e0e
-
Filesize
72KB
MD5770946603de162ad15394a55e85f5bd9
SHA14718a5c1982d03915831559216aa8a419d5f4b75
SHA256e060fdb1548ad4cc441a672951bdfc0ca1dff20592437cca418d7a1a8d826165
SHA5127e241a55efdf11ab2b5aaf875f393ed4f8876e2ad25a18419873a2016e0df0aaeed678c8aa570e17607c479c04b7b32294d6daea17b0dff7cf56f59f68a20e0e
-
Filesize
72KB
MD5770946603de162ad15394a55e85f5bd9
SHA14718a5c1982d03915831559216aa8a419d5f4b75
SHA256e060fdb1548ad4cc441a672951bdfc0ca1dff20592437cca418d7a1a8d826165
SHA5127e241a55efdf11ab2b5aaf875f393ed4f8876e2ad25a18419873a2016e0df0aaeed678c8aa570e17607c479c04b7b32294d6daea17b0dff7cf56f59f68a20e0e
-
Filesize
72KB
MD5770946603de162ad15394a55e85f5bd9
SHA14718a5c1982d03915831559216aa8a419d5f4b75
SHA256e060fdb1548ad4cc441a672951bdfc0ca1dff20592437cca418d7a1a8d826165
SHA5127e241a55efdf11ab2b5aaf875f393ed4f8876e2ad25a18419873a2016e0df0aaeed678c8aa570e17607c479c04b7b32294d6daea17b0dff7cf56f59f68a20e0e
-
Filesize
72KB
MD5770946603de162ad15394a55e85f5bd9
SHA14718a5c1982d03915831559216aa8a419d5f4b75
SHA256e060fdb1548ad4cc441a672951bdfc0ca1dff20592437cca418d7a1a8d826165
SHA5127e241a55efdf11ab2b5aaf875f393ed4f8876e2ad25a18419873a2016e0df0aaeed678c8aa570e17607c479c04b7b32294d6daea17b0dff7cf56f59f68a20e0e
-
Filesize
72KB
MD5770946603de162ad15394a55e85f5bd9
SHA14718a5c1982d03915831559216aa8a419d5f4b75
SHA256e060fdb1548ad4cc441a672951bdfc0ca1dff20592437cca418d7a1a8d826165
SHA5127e241a55efdf11ab2b5aaf875f393ed4f8876e2ad25a18419873a2016e0df0aaeed678c8aa570e17607c479c04b7b32294d6daea17b0dff7cf56f59f68a20e0e
-
Filesize
72KB
MD5770946603de162ad15394a55e85f5bd9
SHA14718a5c1982d03915831559216aa8a419d5f4b75
SHA256e060fdb1548ad4cc441a672951bdfc0ca1dff20592437cca418d7a1a8d826165
SHA5127e241a55efdf11ab2b5aaf875f393ed4f8876e2ad25a18419873a2016e0df0aaeed678c8aa570e17607c479c04b7b32294d6daea17b0dff7cf56f59f68a20e0e
-
Filesize
72KB
MD5770946603de162ad15394a55e85f5bd9
SHA14718a5c1982d03915831559216aa8a419d5f4b75
SHA256e060fdb1548ad4cc441a672951bdfc0ca1dff20592437cca418d7a1a8d826165
SHA5127e241a55efdf11ab2b5aaf875f393ed4f8876e2ad25a18419873a2016e0df0aaeed678c8aa570e17607c479c04b7b32294d6daea17b0dff7cf56f59f68a20e0e
-
Filesize
72KB
MD5770946603de162ad15394a55e85f5bd9
SHA14718a5c1982d03915831559216aa8a419d5f4b75
SHA256e060fdb1548ad4cc441a672951bdfc0ca1dff20592437cca418d7a1a8d826165
SHA5127e241a55efdf11ab2b5aaf875f393ed4f8876e2ad25a18419873a2016e0df0aaeed678c8aa570e17607c479c04b7b32294d6daea17b0dff7cf56f59f68a20e0e
-
Filesize
72KB
MD5770946603de162ad15394a55e85f5bd9
SHA14718a5c1982d03915831559216aa8a419d5f4b75
SHA256e060fdb1548ad4cc441a672951bdfc0ca1dff20592437cca418d7a1a8d826165
SHA5127e241a55efdf11ab2b5aaf875f393ed4f8876e2ad25a18419873a2016e0df0aaeed678c8aa570e17607c479c04b7b32294d6daea17b0dff7cf56f59f68a20e0e
-
Filesize
72KB
MD5770946603de162ad15394a55e85f5bd9
SHA14718a5c1982d03915831559216aa8a419d5f4b75
SHA256e060fdb1548ad4cc441a672951bdfc0ca1dff20592437cca418d7a1a8d826165
SHA5127e241a55efdf11ab2b5aaf875f393ed4f8876e2ad25a18419873a2016e0df0aaeed678c8aa570e17607c479c04b7b32294d6daea17b0dff7cf56f59f68a20e0e
-
Filesize
72KB
MD5770946603de162ad15394a55e85f5bd9
SHA14718a5c1982d03915831559216aa8a419d5f4b75
SHA256e060fdb1548ad4cc441a672951bdfc0ca1dff20592437cca418d7a1a8d826165
SHA5127e241a55efdf11ab2b5aaf875f393ed4f8876e2ad25a18419873a2016e0df0aaeed678c8aa570e17607c479c04b7b32294d6daea17b0dff7cf56f59f68a20e0e
-
Filesize
72KB
MD5770946603de162ad15394a55e85f5bd9
SHA14718a5c1982d03915831559216aa8a419d5f4b75
SHA256e060fdb1548ad4cc441a672951bdfc0ca1dff20592437cca418d7a1a8d826165
SHA5127e241a55efdf11ab2b5aaf875f393ed4f8876e2ad25a18419873a2016e0df0aaeed678c8aa570e17607c479c04b7b32294d6daea17b0dff7cf56f59f68a20e0e
-
Filesize
72KB
MD5770946603de162ad15394a55e85f5bd9
SHA14718a5c1982d03915831559216aa8a419d5f4b75
SHA256e060fdb1548ad4cc441a672951bdfc0ca1dff20592437cca418d7a1a8d826165
SHA5127e241a55efdf11ab2b5aaf875f393ed4f8876e2ad25a18419873a2016e0df0aaeed678c8aa570e17607c479c04b7b32294d6daea17b0dff7cf56f59f68a20e0e
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Filesize
8KB
-
Filesize
8KB
-
-