Analysis
-
max time kernel
161s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
29/11/2022, 14:25
General
-
Target
1a3fdffe330e80f22dccb587952f9cda3cf7a45f378eef09553a864ad2034c49.exe
-
Size
72KB
-
MD5
00591c39a95860ce0cedcd3d27c54765
-
SHA1
bcb44dc74552663cbe93f5479efbd3e6f7387534
-
SHA256
1a3fdffe330e80f22dccb587952f9cda3cf7a45f378eef09553a864ad2034c49
-
SHA512
4ea9819a2c82a73cf7efa43f1d5cdddecdf398053c006097ea00f1ce59bea9d8d4a848b4a25215a7bcc8c66e83b89fab244bb4b8f6cd78542f90148190895669
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2/:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrPL
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 50 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1a3fdffe330e80f22dccb587952f9cda3cf7a45f378eef09553a864ad2034c49.exe"C:\Users\Admin\AppData\Local\Temp\1a3fdffe330e80f22dccb587952f9cda3cf7a45f378eef09553a864ad2034c49.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\143093843\backup.exeC:\Users\Admin\AppData\Local\Temp\143093843\backup.exe C:\Users\Admin\AppData\Local\Temp\143093843\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\backup.exe\backup.exe \3⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\Admin\backup.exeC:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\backup.exe"C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Executes dropped EXE
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\8⤵
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\update.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\update.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\7⤵
- Executes dropped EXE
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VC\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VGX\7⤵
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\SpeechEngines\backup.exe"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\data.exe"C:\Program Files\Common Files\System\data.exe" C:\Program Files\Common Files\System\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
-
-
C:\Program Files\Common Files\System\de-DE\System Restore.exe"C:\Program Files\Common Files\System\de-DE\System Restore.exe" C:\Program Files\Common Files\System\de-DE\7⤵
-
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
-
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
-
-
-
-
C:\Program Files\DVD Maker\backup.exe"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\DVD Maker\de-DE\backup.exe"C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\DVD Maker\en-US\backup.exe"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\DVD Maker\es-ES\System Restore.exe"C:\Program Files\DVD Maker\es-ES\System Restore.exe" C:\Program Files\DVD Maker\es-ES\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\DVD Maker\fr-FR\backup.exe"C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\DVD Maker\it-IT\backup.exe"C:\Program Files\DVD Maker\it-IT\backup.exe" C:\Program Files\DVD Maker\it-IT\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\ja-JP\backup.exe"C:\Program Files\DVD Maker\ja-JP\backup.exe" C:\Program Files\DVD Maker\ja-JP\6⤵
- Executes dropped EXE
-
-
C:\Program Files\DVD Maker\Shared\backup.exe"C:\Program Files\DVD Maker\Shared\backup.exe" C:\Program Files\DVD Maker\Shared\6⤵
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Microsoft Games\backup.exe"C:\Program Files\Microsoft Games\backup.exe" C:\Program Files\Microsoft Games\5⤵
-
-
C:\Program Files\Microsoft Office\backup.exe"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\5⤵
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Mozilla Firefox\backup.exe"C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\5⤵
-
-
C:\Program Files\MSBuild\backup.exe"C:\Program Files\MSBuild\backup.exe" C:\Program Files\MSBuild\5⤵
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\8⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
- Executes dropped EXE
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\7⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Updater6\7⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\Versions\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\Versions\7⤵
-
-
-
C:\Program Files (x86)\Common Files\DESIGNER\backup.exe"C:\Program Files (x86)\Common Files\DESIGNER\backup.exe" C:\Program Files (x86)\Common Files\DESIGNER\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Common Files\microsoft shared\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Common Files\microsoft shared\DAO\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\DAO\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\DAO\7⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\DW\System Restore.exe"C:\Program Files (x86)\Common Files\microsoft shared\DW\System Restore.exe" C:\Program Files (x86)\Common Files\microsoft shared\DW\7⤵
-
-
-
C:\Program Files (x86)\Common Files\Services\backup.exe"C:\Program Files (x86)\Common Files\Services\backup.exe" C:\Program Files (x86)\Common Files\Services\6⤵
-
-
C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe"C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe" C:\Program Files (x86)\Common Files\SpeechEngines\6⤵
-
-
C:\Program Files (x86)\Common Files\System\backup.exe"C:\Program Files (x86)\Common Files\System\backup.exe" C:\Program Files (x86)\Common Files\System\6⤵
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe"C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe" C:\Program Files (x86)\Internet Explorer\de-DE\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\en-US\backup.exe"C:\Program Files (x86)\Internet Explorer\en-US\backup.exe" C:\Program Files (x86)\Internet Explorer\en-US\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe"C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe" C:\Program Files (x86)\Internet Explorer\es-ES\6⤵
-
-
-
C:\Program Files (x86)\Microsoft Analysis Services\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\5⤵
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Microsoft Office\backup.exe"C:\Program Files (x86)\Microsoft Office\backup.exe" C:\Program Files (x86)\Microsoft Office\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Microsoft Office\CLIPART\backup.exe"C:\Program Files (x86)\Microsoft Office\CLIPART\backup.exe" C:\Program Files (x86)\Microsoft Office\CLIPART\6⤵
-
-
-
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe"C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe" C:\Program Files (x86)\Microsoft SQL Server Compact Edition\5⤵
-
-
C:\Program Files (x86)\Microsoft Sync Framework\backup.exe"C:\Program Files (x86)\Microsoft Sync Framework\backup.exe" C:\Program Files (x86)\Microsoft Sync Framework\5⤵
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Users\Public\Documents\update.exeC:\Users\Public\Documents\update.exe C:\Users\Public\Documents\6⤵
-
-
C:\Users\Public\Downloads\backup.exeC:\Users\Public\Downloads\backup.exe C:\Users\Public\Downloads\6⤵
-
-
C:\Users\Public\Music\backup.exeC:\Users\Public\Music\backup.exe C:\Users\Public\Music\6⤵
-
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\data.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\data.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Low\update.exeC:\Users\Admin\AppData\Local\Temp\Low\update.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeC:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD5a19a23b1a81d0a6a74b6f57047f51e91
SHA1eb9f9eaf2604cec0ac18ecff03bf047d13883423
SHA256e11f3e97a0901eed9fb3c6592ff73f30c79b71bfd140e61b50640a03a038ae33
SHA512f9800cdd1468422d773388bfa195b7022b3ec4338a44a2d5b193e08fbc633ddb9d7dcd47e4228409c67217aa939307d81dbbcfc1c437853f1ed9facc64562ea4
-
Filesize
72KB
MD518a2c9db9e57cf45bf42844a6c7d22cf
SHA12ced3394b51a400bb8d702b52b4f0703e3b1f3c7
SHA25641d2b7fdbf9e86c839f1ef6abb05f0e2fe42240db0b0b74584b2d83cfbbea726
SHA512392a202414a63aab846c3f1bcc063f7b6b0653d8e36b41316a46f9e2722cbdda2a1c6b397ce04ac6874d387f50aa295c072cb1dfd2286c1af9c194dc1f179939
-
Filesize
72KB
MD518a2c9db9e57cf45bf42844a6c7d22cf
SHA12ced3394b51a400bb8d702b52b4f0703e3b1f3c7
SHA25641d2b7fdbf9e86c839f1ef6abb05f0e2fe42240db0b0b74584b2d83cfbbea726
SHA512392a202414a63aab846c3f1bcc063f7b6b0653d8e36b41316a46f9e2722cbdda2a1c6b397ce04ac6874d387f50aa295c072cb1dfd2286c1af9c194dc1f179939
-
Filesize
72KB
MD5fcb74f84e991039bbff7e05a53ef96ea
SHA10ca9b4b0620c57d13b99b660787ab439222b2e9a
SHA2563b2f72c920e45b944cc91eec093b84e64cbad5194821598adc20284650d4c081
SHA5127e477668f8a1bfd674e20eba029c4024af5c7bd3e647b1964ef57bff3d00459fedee30075fc33b0a89a186a67db501ac7d6d8ac02f5044fdd30d079aee039500
-
Filesize
72KB
MD5413f925b405418521e2cfc0710cbd2d3
SHA1c8ccbf9b72eb1b7d4b6adcd05ea9b5d9b0f33fea
SHA25655ecba3255835493adf561876e0a4bfb9cd9554ac9540962a03cc0158ef31ac6
SHA512aa9ec7a073f68a0ac44276f496cdf673bb66fbd1e5232f819d0fc7f4349e54a92c93eb135468b6e233c349343fa966d71e14f1986ba06822f9c4f40df50b86bd
-
Filesize
72KB
MD5413f925b405418521e2cfc0710cbd2d3
SHA1c8ccbf9b72eb1b7d4b6adcd05ea9b5d9b0f33fea
SHA25655ecba3255835493adf561876e0a4bfb9cd9554ac9540962a03cc0158ef31ac6
SHA512aa9ec7a073f68a0ac44276f496cdf673bb66fbd1e5232f819d0fc7f4349e54a92c93eb135468b6e233c349343fa966d71e14f1986ba06822f9c4f40df50b86bd
-
Filesize
72KB
MD51cd82a9d49b30437f3e2cd0eb74c20a7
SHA1e70d3168c4bf8fcb4557656b29d11dcd496c0976
SHA2569107e560e2b5a812e681147db30793d1edb463e83f6e5cc258387669e2c1360a
SHA51201e8f6e3578f051e84e40f7a578902c96a46f8a3c740a00b15c97cf8f0dc4f972b200dce5197275f82ac0fd11e6481a2da12bfeefc195f292d75d611f759dbb8
-
Filesize
72KB
MD523f440dd8721481ed25a3858e130cc14
SHA105887737987fdefb7deb795d0f27798a559b360d
SHA256c0e677c4afa892321609c3899a550c3c7347603f588f01199c662fce037a8546
SHA512ef528d460b0c225a2a0a0708fbf495c8c3c0522933d1d1df5ef728e2895b7d8ce89cf3a1d89cb91c9eebff19a7c99de9e97cd72472ba734a2c0f7b5949830313
-
Filesize
72KB
MD523f440dd8721481ed25a3858e130cc14
SHA105887737987fdefb7deb795d0f27798a559b360d
SHA256c0e677c4afa892321609c3899a550c3c7347603f588f01199c662fce037a8546
SHA512ef528d460b0c225a2a0a0708fbf495c8c3c0522933d1d1df5ef728e2895b7d8ce89cf3a1d89cb91c9eebff19a7c99de9e97cd72472ba734a2c0f7b5949830313
-
Filesize
72KB
MD58d44cc0e9c34d77f0b32d47f1584a3f6
SHA1ae0e2f087ae237c0cf05781ed5c6d59d0c1111d6
SHA2560be0af22e09a6b65c035698e5c83a6f0fbb3a1c86541266dd5b7977c605eb192
SHA5121d230c5c883235c85cbcd1c045b2c7a72cdaaf590a8798c2f1bc6847fb9323cf27f7c471d22eea5c371afafe34183e9f43f1efa08aabf34caccb71c2c72490a2
-
Filesize
72KB
MD58d44cc0e9c34d77f0b32d47f1584a3f6
SHA1ae0e2f087ae237c0cf05781ed5c6d59d0c1111d6
SHA2560be0af22e09a6b65c035698e5c83a6f0fbb3a1c86541266dd5b7977c605eb192
SHA5121d230c5c883235c85cbcd1c045b2c7a72cdaaf590a8798c2f1bc6847fb9323cf27f7c471d22eea5c371afafe34183e9f43f1efa08aabf34caccb71c2c72490a2
-
Filesize
72KB
MD58d44cc0e9c34d77f0b32d47f1584a3f6
SHA1ae0e2f087ae237c0cf05781ed5c6d59d0c1111d6
SHA2560be0af22e09a6b65c035698e5c83a6f0fbb3a1c86541266dd5b7977c605eb192
SHA5121d230c5c883235c85cbcd1c045b2c7a72cdaaf590a8798c2f1bc6847fb9323cf27f7c471d22eea5c371afafe34183e9f43f1efa08aabf34caccb71c2c72490a2
-
Filesize
72KB
MD50e64dd644bf31a847ff8f47cad82b5cd
SHA1a556f1004e3f62571b6637c2853e3d766f05ca6e
SHA256af33e6ab292f6cf7e4d3d05a4f23cfd4bef8d98e4a701449dfc8da4d8cd5763f
SHA5129358cab76761c47feb0f6650578c21566bc16f3cf9257ba341c0f43516dc39df51ec1756101ab854154277fc80deda30834c55ee1e24322937c380c19e99e996
-
Filesize
72KB
MD50e64dd644bf31a847ff8f47cad82b5cd
SHA1a556f1004e3f62571b6637c2853e3d766f05ca6e
SHA256af33e6ab292f6cf7e4d3d05a4f23cfd4bef8d98e4a701449dfc8da4d8cd5763f
SHA5129358cab76761c47feb0f6650578c21566bc16f3cf9257ba341c0f43516dc39df51ec1756101ab854154277fc80deda30834c55ee1e24322937c380c19e99e996
-
Filesize
72KB
MD5252b49a13f64756f1aa4cf39e3abb0d4
SHA17eeb96f176471aae62e758c9326ac3fba24bc382
SHA256455665bce26dfd16c87caba38089636a5d07a6f2ca0cc99ad228a7f233e2e725
SHA5129f52412b6bc6313743999c8096cb12abc7473561709251734d75c335d45ce0e798aae4c63f6244771647aa80453d913665c4af1fdac1399bbb7700a596fa9da5
-
Filesize
72KB
MD5252b49a13f64756f1aa4cf39e3abb0d4
SHA17eeb96f176471aae62e758c9326ac3fba24bc382
SHA256455665bce26dfd16c87caba38089636a5d07a6f2ca0cc99ad228a7f233e2e725
SHA5129f52412b6bc6313743999c8096cb12abc7473561709251734d75c335d45ce0e798aae4c63f6244771647aa80453d913665c4af1fdac1399bbb7700a596fa9da5
-
Filesize
72KB
MD581949c137696050d89bedd6827639117
SHA113b96e1ae79ea371febc8c09304ed443628b2a63
SHA25632b27d60183ff06745988fd244101cc89a7cc0daf0e61aced7a7378df3a1b490
SHA512e45ff94a43cde5fde048c45b6485b54f8331150fe7508bd0aae0d5586475ac6c59e56f08ad6143804626c4339dd77f72cea41e62431070376e58bfb82b7ab14b
-
Filesize
72KB
MD581949c137696050d89bedd6827639117
SHA113b96e1ae79ea371febc8c09304ed443628b2a63
SHA25632b27d60183ff06745988fd244101cc89a7cc0daf0e61aced7a7378df3a1b490
SHA512e45ff94a43cde5fde048c45b6485b54f8331150fe7508bd0aae0d5586475ac6c59e56f08ad6143804626c4339dd77f72cea41e62431070376e58bfb82b7ab14b
-
Filesize
72KB
MD5fc84ee8ed4c408391c3b30fbee80904c
SHA1bd6d07e0c0eb6c335c71cd88b84d449864bec285
SHA25617a0ef8a5c8f0f86a3e557c65917b692338e80a0374726162a51eb47be6a67ab
SHA512aeef6342bed02ef5bb19937b4bf82a5562e33346428ac74df362bcfc7c82bec448cb6606ac4809968e1cd9d5163ad706825190e8a5fd1821b7edebd489d5c268
-
Filesize
72KB
MD5fc84ee8ed4c408391c3b30fbee80904c
SHA1bd6d07e0c0eb6c335c71cd88b84d449864bec285
SHA25617a0ef8a5c8f0f86a3e557c65917b692338e80a0374726162a51eb47be6a67ab
SHA512aeef6342bed02ef5bb19937b4bf82a5562e33346428ac74df362bcfc7c82bec448cb6606ac4809968e1cd9d5163ad706825190e8a5fd1821b7edebd489d5c268
-
Filesize
72KB
MD5e746c4693b316aff7ff3cf06fcba281d
SHA17cf0e8fd80abeeee9739b050e7a8ca5fcc77f1b1
SHA2564da5963101c39ecfd7f88520e6722a350adda4bedd62dc112fe788d8b25312e3
SHA5122c0c71f15068e6aeeefdcdf56c7d04edc1022e06a66101f770fb1b135131d46ad4c942ae38033383fe562c362f036fcc834e69c14b8fe475502f861c0e810b93
-
Filesize
72KB
MD5e746c4693b316aff7ff3cf06fcba281d
SHA17cf0e8fd80abeeee9739b050e7a8ca5fcc77f1b1
SHA2564da5963101c39ecfd7f88520e6722a350adda4bedd62dc112fe788d8b25312e3
SHA5122c0c71f15068e6aeeefdcdf56c7d04edc1022e06a66101f770fb1b135131d46ad4c942ae38033383fe562c362f036fcc834e69c14b8fe475502f861c0e810b93
-
Filesize
72KB
MD5aadd7966bd8e2f200b8d220036d8355b
SHA1239e4c69236f1861f56eed704e9b6c2854fa59fb
SHA256505b7d19b8bc95b28b56a68db7de3fb750f1a7019d6b2343b440534cce4c7939
SHA51228f5e304476bd9c7e905c0af84497b9bb0c1b968e797ab351d83a2370a2e80d9f5e2a67390f54f9acc3905da87e73cc81b9adc77eb1c92bd3fba7080aecbcd59
-
Filesize
72KB
MD5af090b085eee0cc636ef3bf899024ece
SHA14a5862ccd867cc16e1924d54e566f27e9304bf43
SHA256bc1dcdbd8e427017a8e60d9c9ebaeccc599464bff44f234904a7c182310ec396
SHA51285b3039c883a817a284d55851610889347ba22c6f8f93400d6e7ab2904c1dc539524ba6d043c1d8d1394e29c9a383ec8121906dd329575ba838b6d5c4dba06f5
-
Filesize
72KB
MD501ec599be349be0d28187044f4e8dbc4
SHA11c69efd9b21bf2878ba2f7880aa3b2a8b34d8ca3
SHA256966a6cafa55300ed3ee90410dfa5f62a62fe3297b399190d5b4d8ac7f7d800bf
SHA512d17deb0b82c275ef99604a1de5ea2502b5fe43ae217a29624f7c42648a3bbad276d38c363408cc1592ebb02f44788d4229e82abf5caad60befdc3f9a983af979
-
Filesize
72KB
MD501ec599be349be0d28187044f4e8dbc4
SHA11c69efd9b21bf2878ba2f7880aa3b2a8b34d8ca3
SHA256966a6cafa55300ed3ee90410dfa5f62a62fe3297b399190d5b4d8ac7f7d800bf
SHA512d17deb0b82c275ef99604a1de5ea2502b5fe43ae217a29624f7c42648a3bbad276d38c363408cc1592ebb02f44788d4229e82abf5caad60befdc3f9a983af979
-
Filesize
72KB
MD5a19a23b1a81d0a6a74b6f57047f51e91
SHA1eb9f9eaf2604cec0ac18ecff03bf047d13883423
SHA256e11f3e97a0901eed9fb3c6592ff73f30c79b71bfd140e61b50640a03a038ae33
SHA512f9800cdd1468422d773388bfa195b7022b3ec4338a44a2d5b193e08fbc633ddb9d7dcd47e4228409c67217aa939307d81dbbcfc1c437853f1ed9facc64562ea4
-
Filesize
72KB
MD5a19a23b1a81d0a6a74b6f57047f51e91
SHA1eb9f9eaf2604cec0ac18ecff03bf047d13883423
SHA256e11f3e97a0901eed9fb3c6592ff73f30c79b71bfd140e61b50640a03a038ae33
SHA512f9800cdd1468422d773388bfa195b7022b3ec4338a44a2d5b193e08fbc633ddb9d7dcd47e4228409c67217aa939307d81dbbcfc1c437853f1ed9facc64562ea4
-
Filesize
72KB
MD518a2c9db9e57cf45bf42844a6c7d22cf
SHA12ced3394b51a400bb8d702b52b4f0703e3b1f3c7
SHA25641d2b7fdbf9e86c839f1ef6abb05f0e2fe42240db0b0b74584b2d83cfbbea726
SHA512392a202414a63aab846c3f1bcc063f7b6b0653d8e36b41316a46f9e2722cbdda2a1c6b397ce04ac6874d387f50aa295c072cb1dfd2286c1af9c194dc1f179939
-
Filesize
72KB
MD518a2c9db9e57cf45bf42844a6c7d22cf
SHA12ced3394b51a400bb8d702b52b4f0703e3b1f3c7
SHA25641d2b7fdbf9e86c839f1ef6abb05f0e2fe42240db0b0b74584b2d83cfbbea726
SHA512392a202414a63aab846c3f1bcc063f7b6b0653d8e36b41316a46f9e2722cbdda2a1c6b397ce04ac6874d387f50aa295c072cb1dfd2286c1af9c194dc1f179939
-
Filesize
72KB
MD5fcb74f84e991039bbff7e05a53ef96ea
SHA10ca9b4b0620c57d13b99b660787ab439222b2e9a
SHA2563b2f72c920e45b944cc91eec093b84e64cbad5194821598adc20284650d4c081
SHA5127e477668f8a1bfd674e20eba029c4024af5c7bd3e647b1964ef57bff3d00459fedee30075fc33b0a89a186a67db501ac7d6d8ac02f5044fdd30d079aee039500
-
Filesize
72KB
MD5fcb74f84e991039bbff7e05a53ef96ea
SHA10ca9b4b0620c57d13b99b660787ab439222b2e9a
SHA2563b2f72c920e45b944cc91eec093b84e64cbad5194821598adc20284650d4c081
SHA5127e477668f8a1bfd674e20eba029c4024af5c7bd3e647b1964ef57bff3d00459fedee30075fc33b0a89a186a67db501ac7d6d8ac02f5044fdd30d079aee039500
-
Filesize
72KB
MD5413f925b405418521e2cfc0710cbd2d3
SHA1c8ccbf9b72eb1b7d4b6adcd05ea9b5d9b0f33fea
SHA25655ecba3255835493adf561876e0a4bfb9cd9554ac9540962a03cc0158ef31ac6
SHA512aa9ec7a073f68a0ac44276f496cdf673bb66fbd1e5232f819d0fc7f4349e54a92c93eb135468b6e233c349343fa966d71e14f1986ba06822f9c4f40df50b86bd
-
Filesize
72KB
MD5413f925b405418521e2cfc0710cbd2d3
SHA1c8ccbf9b72eb1b7d4b6adcd05ea9b5d9b0f33fea
SHA25655ecba3255835493adf561876e0a4bfb9cd9554ac9540962a03cc0158ef31ac6
SHA512aa9ec7a073f68a0ac44276f496cdf673bb66fbd1e5232f819d0fc7f4349e54a92c93eb135468b6e233c349343fa966d71e14f1986ba06822f9c4f40df50b86bd
-
Filesize
72KB
MD51cd82a9d49b30437f3e2cd0eb74c20a7
SHA1e70d3168c4bf8fcb4557656b29d11dcd496c0976
SHA2569107e560e2b5a812e681147db30793d1edb463e83f6e5cc258387669e2c1360a
SHA51201e8f6e3578f051e84e40f7a578902c96a46f8a3c740a00b15c97cf8f0dc4f972b200dce5197275f82ac0fd11e6481a2da12bfeefc195f292d75d611f759dbb8
-
Filesize
72KB
MD51cd82a9d49b30437f3e2cd0eb74c20a7
SHA1e70d3168c4bf8fcb4557656b29d11dcd496c0976
SHA2569107e560e2b5a812e681147db30793d1edb463e83f6e5cc258387669e2c1360a
SHA51201e8f6e3578f051e84e40f7a578902c96a46f8a3c740a00b15c97cf8f0dc4f972b200dce5197275f82ac0fd11e6481a2da12bfeefc195f292d75d611f759dbb8
-
Filesize
72KB
MD523f440dd8721481ed25a3858e130cc14
SHA105887737987fdefb7deb795d0f27798a559b360d
SHA256c0e677c4afa892321609c3899a550c3c7347603f588f01199c662fce037a8546
SHA512ef528d460b0c225a2a0a0708fbf495c8c3c0522933d1d1df5ef728e2895b7d8ce89cf3a1d89cb91c9eebff19a7c99de9e97cd72472ba734a2c0f7b5949830313
-
Filesize
72KB
MD523f440dd8721481ed25a3858e130cc14
SHA105887737987fdefb7deb795d0f27798a559b360d
SHA256c0e677c4afa892321609c3899a550c3c7347603f588f01199c662fce037a8546
SHA512ef528d460b0c225a2a0a0708fbf495c8c3c0522933d1d1df5ef728e2895b7d8ce89cf3a1d89cb91c9eebff19a7c99de9e97cd72472ba734a2c0f7b5949830313
-
Filesize
72KB
MD58d44cc0e9c34d77f0b32d47f1584a3f6
SHA1ae0e2f087ae237c0cf05781ed5c6d59d0c1111d6
SHA2560be0af22e09a6b65c035698e5c83a6f0fbb3a1c86541266dd5b7977c605eb192
SHA5121d230c5c883235c85cbcd1c045b2c7a72cdaaf590a8798c2f1bc6847fb9323cf27f7c471d22eea5c371afafe34183e9f43f1efa08aabf34caccb71c2c72490a2
-
Filesize
72KB
MD58d44cc0e9c34d77f0b32d47f1584a3f6
SHA1ae0e2f087ae237c0cf05781ed5c6d59d0c1111d6
SHA2560be0af22e09a6b65c035698e5c83a6f0fbb3a1c86541266dd5b7977c605eb192
SHA5121d230c5c883235c85cbcd1c045b2c7a72cdaaf590a8798c2f1bc6847fb9323cf27f7c471d22eea5c371afafe34183e9f43f1efa08aabf34caccb71c2c72490a2
-
Filesize
72KB
MD58d44cc0e9c34d77f0b32d47f1584a3f6
SHA1ae0e2f087ae237c0cf05781ed5c6d59d0c1111d6
SHA2560be0af22e09a6b65c035698e5c83a6f0fbb3a1c86541266dd5b7977c605eb192
SHA5121d230c5c883235c85cbcd1c045b2c7a72cdaaf590a8798c2f1bc6847fb9323cf27f7c471d22eea5c371afafe34183e9f43f1efa08aabf34caccb71c2c72490a2
-
Filesize
72KB
MD58d44cc0e9c34d77f0b32d47f1584a3f6
SHA1ae0e2f087ae237c0cf05781ed5c6d59d0c1111d6
SHA2560be0af22e09a6b65c035698e5c83a6f0fbb3a1c86541266dd5b7977c605eb192
SHA5121d230c5c883235c85cbcd1c045b2c7a72cdaaf590a8798c2f1bc6847fb9323cf27f7c471d22eea5c371afafe34183e9f43f1efa08aabf34caccb71c2c72490a2
-
Filesize
72KB
MD58d44cc0e9c34d77f0b32d47f1584a3f6
SHA1ae0e2f087ae237c0cf05781ed5c6d59d0c1111d6
SHA2560be0af22e09a6b65c035698e5c83a6f0fbb3a1c86541266dd5b7977c605eb192
SHA5121d230c5c883235c85cbcd1c045b2c7a72cdaaf590a8798c2f1bc6847fb9323cf27f7c471d22eea5c371afafe34183e9f43f1efa08aabf34caccb71c2c72490a2
-
Filesize
72KB
MD58d44cc0e9c34d77f0b32d47f1584a3f6
SHA1ae0e2f087ae237c0cf05781ed5c6d59d0c1111d6
SHA2560be0af22e09a6b65c035698e5c83a6f0fbb3a1c86541266dd5b7977c605eb192
SHA5121d230c5c883235c85cbcd1c045b2c7a72cdaaf590a8798c2f1bc6847fb9323cf27f7c471d22eea5c371afafe34183e9f43f1efa08aabf34caccb71c2c72490a2
-
Filesize
72KB
MD50e64dd644bf31a847ff8f47cad82b5cd
SHA1a556f1004e3f62571b6637c2853e3d766f05ca6e
SHA256af33e6ab292f6cf7e4d3d05a4f23cfd4bef8d98e4a701449dfc8da4d8cd5763f
SHA5129358cab76761c47feb0f6650578c21566bc16f3cf9257ba341c0f43516dc39df51ec1756101ab854154277fc80deda30834c55ee1e24322937c380c19e99e996
-
Filesize
72KB
MD50e64dd644bf31a847ff8f47cad82b5cd
SHA1a556f1004e3f62571b6637c2853e3d766f05ca6e
SHA256af33e6ab292f6cf7e4d3d05a4f23cfd4bef8d98e4a701449dfc8da4d8cd5763f
SHA5129358cab76761c47feb0f6650578c21566bc16f3cf9257ba341c0f43516dc39df51ec1756101ab854154277fc80deda30834c55ee1e24322937c380c19e99e996
-
Filesize
72KB
MD50e64dd644bf31a847ff8f47cad82b5cd
SHA1a556f1004e3f62571b6637c2853e3d766f05ca6e
SHA256af33e6ab292f6cf7e4d3d05a4f23cfd4bef8d98e4a701449dfc8da4d8cd5763f
SHA5129358cab76761c47feb0f6650578c21566bc16f3cf9257ba341c0f43516dc39df51ec1756101ab854154277fc80deda30834c55ee1e24322937c380c19e99e996
-
Filesize
72KB
MD50e64dd644bf31a847ff8f47cad82b5cd
SHA1a556f1004e3f62571b6637c2853e3d766f05ca6e
SHA256af33e6ab292f6cf7e4d3d05a4f23cfd4bef8d98e4a701449dfc8da4d8cd5763f
SHA5129358cab76761c47feb0f6650578c21566bc16f3cf9257ba341c0f43516dc39df51ec1756101ab854154277fc80deda30834c55ee1e24322937c380c19e99e996
-
Filesize
72KB
MD5252b49a13f64756f1aa4cf39e3abb0d4
SHA17eeb96f176471aae62e758c9326ac3fba24bc382
SHA256455665bce26dfd16c87caba38089636a5d07a6f2ca0cc99ad228a7f233e2e725
SHA5129f52412b6bc6313743999c8096cb12abc7473561709251734d75c335d45ce0e798aae4c63f6244771647aa80453d913665c4af1fdac1399bbb7700a596fa9da5
-
Filesize
72KB
MD5252b49a13f64756f1aa4cf39e3abb0d4
SHA17eeb96f176471aae62e758c9326ac3fba24bc382
SHA256455665bce26dfd16c87caba38089636a5d07a6f2ca0cc99ad228a7f233e2e725
SHA5129f52412b6bc6313743999c8096cb12abc7473561709251734d75c335d45ce0e798aae4c63f6244771647aa80453d913665c4af1fdac1399bbb7700a596fa9da5
-
Filesize
72KB
MD581949c137696050d89bedd6827639117
SHA113b96e1ae79ea371febc8c09304ed443628b2a63
SHA25632b27d60183ff06745988fd244101cc89a7cc0daf0e61aced7a7378df3a1b490
SHA512e45ff94a43cde5fde048c45b6485b54f8331150fe7508bd0aae0d5586475ac6c59e56f08ad6143804626c4339dd77f72cea41e62431070376e58bfb82b7ab14b
-
Filesize
72KB
MD581949c137696050d89bedd6827639117
SHA113b96e1ae79ea371febc8c09304ed443628b2a63
SHA25632b27d60183ff06745988fd244101cc89a7cc0daf0e61aced7a7378df3a1b490
SHA512e45ff94a43cde5fde048c45b6485b54f8331150fe7508bd0aae0d5586475ac6c59e56f08ad6143804626c4339dd77f72cea41e62431070376e58bfb82b7ab14b
-
Filesize
72KB
MD5fc84ee8ed4c408391c3b30fbee80904c
SHA1bd6d07e0c0eb6c335c71cd88b84d449864bec285
SHA25617a0ef8a5c8f0f86a3e557c65917b692338e80a0374726162a51eb47be6a67ab
SHA512aeef6342bed02ef5bb19937b4bf82a5562e33346428ac74df362bcfc7c82bec448cb6606ac4809968e1cd9d5163ad706825190e8a5fd1821b7edebd489d5c268
-
Filesize
72KB
MD5fc84ee8ed4c408391c3b30fbee80904c
SHA1bd6d07e0c0eb6c335c71cd88b84d449864bec285
SHA25617a0ef8a5c8f0f86a3e557c65917b692338e80a0374726162a51eb47be6a67ab
SHA512aeef6342bed02ef5bb19937b4bf82a5562e33346428ac74df362bcfc7c82bec448cb6606ac4809968e1cd9d5163ad706825190e8a5fd1821b7edebd489d5c268
-
Filesize
72KB
MD5e746c4693b316aff7ff3cf06fcba281d
SHA17cf0e8fd80abeeee9739b050e7a8ca5fcc77f1b1
SHA2564da5963101c39ecfd7f88520e6722a350adda4bedd62dc112fe788d8b25312e3
SHA5122c0c71f15068e6aeeefdcdf56c7d04edc1022e06a66101f770fb1b135131d46ad4c942ae38033383fe562c362f036fcc834e69c14b8fe475502f861c0e810b93
-
Filesize
72KB
MD5e746c4693b316aff7ff3cf06fcba281d
SHA17cf0e8fd80abeeee9739b050e7a8ca5fcc77f1b1
SHA2564da5963101c39ecfd7f88520e6722a350adda4bedd62dc112fe788d8b25312e3
SHA5122c0c71f15068e6aeeefdcdf56c7d04edc1022e06a66101f770fb1b135131d46ad4c942ae38033383fe562c362f036fcc834e69c14b8fe475502f861c0e810b93
-
Filesize
72KB
MD5e746c4693b316aff7ff3cf06fcba281d
SHA17cf0e8fd80abeeee9739b050e7a8ca5fcc77f1b1
SHA2564da5963101c39ecfd7f88520e6722a350adda4bedd62dc112fe788d8b25312e3
SHA5122c0c71f15068e6aeeefdcdf56c7d04edc1022e06a66101f770fb1b135131d46ad4c942ae38033383fe562c362f036fcc834e69c14b8fe475502f861c0e810b93
-
Filesize
72KB
MD5e746c4693b316aff7ff3cf06fcba281d
SHA17cf0e8fd80abeeee9739b050e7a8ca5fcc77f1b1
SHA2564da5963101c39ecfd7f88520e6722a350adda4bedd62dc112fe788d8b25312e3
SHA5122c0c71f15068e6aeeefdcdf56c7d04edc1022e06a66101f770fb1b135131d46ad4c942ae38033383fe562c362f036fcc834e69c14b8fe475502f861c0e810b93
-
Filesize
72KB
MD5aadd7966bd8e2f200b8d220036d8355b
SHA1239e4c69236f1861f56eed704e9b6c2854fa59fb
SHA256505b7d19b8bc95b28b56a68db7de3fb750f1a7019d6b2343b440534cce4c7939
SHA51228f5e304476bd9c7e905c0af84497b9bb0c1b968e797ab351d83a2370a2e80d9f5e2a67390f54f9acc3905da87e73cc81b9adc77eb1c92bd3fba7080aecbcd59
-
Filesize
72KB
MD5aadd7966bd8e2f200b8d220036d8355b
SHA1239e4c69236f1861f56eed704e9b6c2854fa59fb
SHA256505b7d19b8bc95b28b56a68db7de3fb750f1a7019d6b2343b440534cce4c7939
SHA51228f5e304476bd9c7e905c0af84497b9bb0c1b968e797ab351d83a2370a2e80d9f5e2a67390f54f9acc3905da87e73cc81b9adc77eb1c92bd3fba7080aecbcd59
-
Filesize
72KB
MD5aadd7966bd8e2f200b8d220036d8355b
SHA1239e4c69236f1861f56eed704e9b6c2854fa59fb
SHA256505b7d19b8bc95b28b56a68db7de3fb750f1a7019d6b2343b440534cce4c7939
SHA51228f5e304476bd9c7e905c0af84497b9bb0c1b968e797ab351d83a2370a2e80d9f5e2a67390f54f9acc3905da87e73cc81b9adc77eb1c92bd3fba7080aecbcd59
-
Filesize
72KB
MD5aadd7966bd8e2f200b8d220036d8355b
SHA1239e4c69236f1861f56eed704e9b6c2854fa59fb
SHA256505b7d19b8bc95b28b56a68db7de3fb750f1a7019d6b2343b440534cce4c7939
SHA51228f5e304476bd9c7e905c0af84497b9bb0c1b968e797ab351d83a2370a2e80d9f5e2a67390f54f9acc3905da87e73cc81b9adc77eb1c92bd3fba7080aecbcd59
-
Filesize
72KB
MD5af090b085eee0cc636ef3bf899024ece
SHA14a5862ccd867cc16e1924d54e566f27e9304bf43
SHA256bc1dcdbd8e427017a8e60d9c9ebaeccc599464bff44f234904a7c182310ec396
SHA51285b3039c883a817a284d55851610889347ba22c6f8f93400d6e7ab2904c1dc539524ba6d043c1d8d1394e29c9a383ec8121906dd329575ba838b6d5c4dba06f5
-
Filesize
72KB
MD5af090b085eee0cc636ef3bf899024ece
SHA14a5862ccd867cc16e1924d54e566f27e9304bf43
SHA256bc1dcdbd8e427017a8e60d9c9ebaeccc599464bff44f234904a7c182310ec396
SHA51285b3039c883a817a284d55851610889347ba22c6f8f93400d6e7ab2904c1dc539524ba6d043c1d8d1394e29c9a383ec8121906dd329575ba838b6d5c4dba06f5
-
Filesize
8KB