Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
190s -
max time network
180s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
02/12/2022, 19:52
General
-
Target
e01575624edee68a4d2ff48c7458566966079cf8e0dccb90179b7151cee00819.exe
-
Size
72KB
-
MD5
9a18a0c1d6d8111fd4188d802a170947
-
SHA1
c69ac83cde305dbd0ff41fffb90cd35df2fa2966
-
SHA256
e01575624edee68a4d2ff48c7458566966079cf8e0dccb90179b7151cee00819
-
SHA512
9a0853b56b64d2e5dcc5abfa2fe492e95a5a5e08a52e2ebe37c0b0f2dfab940e2df04b86918e3b3025b9df38eaff79817c13806be5bbb08800bea17de961726d
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2X:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrb
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 9 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e01575624edee68a4d2ff48c7458566966079cf8e0dccb90179b7151cee00819.exe"C:\Users\Admin\AppData\Local\Temp\e01575624edee68a4d2ff48c7458566966079cf8e0dccb90179b7151cee00819.exe"1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\445435565\backup.exeC:\Users\Admin\AppData\Local\Temp\445435565\backup.exe C:\Users\Admin\AppData\Local\Temp\445435565\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\data.exe\data.exe \3⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\odt\backup.exeC:\odt\backup.exe C:\odt\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\System Restore.exe"C:\Program Files\Common Files\System Restore.exe" C:\Program Files\Common Files\5⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\DESIGNER\data.exe"C:\Program Files\Common Files\DESIGNER\data.exe" C:\Program Files\Common Files\DESIGNER\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\backup.exe"C:\Program Files\Common Files\microsoft shared\backup.exe" C:\Program Files\Common Files\microsoft shared\6⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe"C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe" C:\Program Files\Common Files\microsoft shared\ClickToRun\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ar-SA\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\bg-BG\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\da-DK\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\el-GR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\en-GB\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\en-US\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\es-MX\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\es-MX\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\es-MX\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\et-EE\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fi-FI\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fr-CA\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fr-CA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-CA\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-FR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\8⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\9⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\9⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\9⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\9⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\9⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\update.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\update.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\9⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\9⤵
-
-
-
C:\Program Files\Common Files\microsoft shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\he-IL\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\hr-HR\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\hu-HU\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\it-IT\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ko-KR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\lt-LT\8⤵
-
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\data.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\data.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files\Common Files\microsoft shared\OFFICE16\backup.exe"C:\Program Files\Common Files\microsoft shared\OFFICE16\backup.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\backup.exe"C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\backup.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\Source Engine\backup.exe"C:\Program Files\Common Files\microsoft shared\Source Engine\backup.exe" C:\Program Files\Common Files\microsoft shared\Source Engine\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\Stationery\backup.exe"C:\Program Files\Common Files\microsoft shared\Stationery\backup.exe" C:\Program Files\Common Files\microsoft shared\Stationery\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\TextConv\backup.exe"C:\Program Files\Common Files\microsoft shared\TextConv\backup.exe" C:\Program Files\Common Files\microsoft shared\TextConv\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\microsoft shared\TextConv\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\TextConv\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
C:\Program Files\Common Files\microsoft shared\Triedit\backup.exe"C:\Program Files\Common Files\microsoft shared\Triedit\backup.exe" C:\Program Files\Common Files\microsoft shared\Triedit\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\microsoft shared\Triedit\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\Triedit\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\Triedit\en-US\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
-
C:\Program Files\Common Files\microsoft shared\VC\backup.exe"C:\Program Files\Common Files\microsoft shared\VC\backup.exe" C:\Program Files\Common Files\microsoft shared\VC\7⤵
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\VGX\backup.exe"C:\Program Files\Common Files\microsoft shared\VGX\backup.exe" C:\Program Files\Common Files\microsoft shared\VGX\7⤵
-
-
C:\Program Files\Common Files\microsoft shared\VSTO\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\10.0\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\10.0\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\9⤵
-
-
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
-
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
-
-
C:\Program Files\Common Files\System\ado\ja-JP\data.exe"C:\Program Files\Common Files\System\ado\ja-JP\data.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\en-US\update.exe"C:\Program Files\Common Files\System\en-US\update.exe" C:\Program Files\Common Files\System\en-US\7⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
-
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\7⤵
-
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\msadc\backup.exe"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\msadc\de-DE\backup.exe"C:\Program Files\Common Files\System\msadc\de-DE\backup.exe" C:\Program Files\Common Files\System\msadc\de-DE\8⤵
-
-
C:\Program Files\Common Files\System\msadc\en-US\backup.exe"C:\Program Files\Common Files\System\msadc\en-US\backup.exe" C:\Program Files\Common Files\System\msadc\en-US\8⤵
-
-
-
C:\Program Files\Common Files\System\Ole DB\backup.exe"C:\Program Files\Common Files\System\Ole DB\backup.exe" C:\Program Files\Common Files\System\Ole DB\7⤵
-
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\8⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\9⤵
- Disables RegEdit via registry modification
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\9⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\9⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\9⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\9⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\9⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\10⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\11⤵
-
-
-
-
-
C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe"C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\de-DE\backup.exe"C:\Program Files\Internet Explorer\de-DE\backup.exe" C:\Program Files\Internet Explorer\de-DE\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Internet Explorer\en-US\backup.exe"C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Internet Explorer\es-ES\backup.exe"C:\Program Files\Internet Explorer\es-ES\backup.exe" C:\Program Files\Internet Explorer\es-ES\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Internet Explorer\fr-FR\backup.exe"C:\Program Files\Internet Explorer\fr-FR\backup.exe" C:\Program Files\Internet Explorer\fr-FR\6⤵
-
-
C:\Program Files\Internet Explorer\images\backup.exe"C:\Program Files\Internet Explorer\images\backup.exe" C:\Program Files\Internet Explorer\images\6⤵
-
-
C:\Program Files\Internet Explorer\it-IT\backup.exe"C:\Program Files\Internet Explorer\it-IT\backup.exe" C:\Program Files\Internet Explorer\it-IT\6⤵
-
-
C:\Program Files\Internet Explorer\ja-JP\backup.exe"C:\Program Files\Internet Explorer\ja-JP\backup.exe" C:\Program Files\Internet Explorer\ja-JP\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Internet Explorer\SIGNUP\backup.exe"C:\Program Files\Internet Explorer\SIGNUP\backup.exe" C:\Program Files\Internet Explorer\SIGNUP\6⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Java\jdk1.8.0_66\backup.exe"C:\Program Files\Java\jdk1.8.0_66\backup.exe" C:\Program Files\Java\jdk1.8.0_66\6⤵
-
C:\Program Files\Java\jdk1.8.0_66\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\bin\7⤵
-
-
C:\Program Files\Java\jdk1.8.0_66\db\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Java\jdk1.8.0_66\db\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\bin\8⤵
- System policy modification
-
-
C:\Program Files\Java\jdk1.8.0_66\db\lib\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\lib\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\lib\8⤵
- System policy modification
-
-
-
C:\Program Files\Java\jdk1.8.0_66\include\System Restore.exe"C:\Program Files\Java\jdk1.8.0_66\include\System Restore.exe" C:\Program Files\Java\jdk1.8.0_66\include\7⤵
-
-
-
C:\Program Files\Java\jre1.8.0_66\backup.exe"C:\Program Files\Java\jre1.8.0_66\backup.exe" C:\Program Files\Java\jre1.8.0_66\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Java\jre1.8.0_66\bin\backup.exe"C:\Program Files\Java\jre1.8.0_66\bin\backup.exe" C:\Program Files\Java\jre1.8.0_66\bin\7⤵
- System policy modification
-
C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\backup.exe"C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\backup.exe" C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\8⤵
-
-
C:\Program Files\Java\jre1.8.0_66\bin\plugin2\backup.exe"C:\Program Files\Java\jre1.8.0_66\bin\plugin2\backup.exe" C:\Program Files\Java\jre1.8.0_66\bin\plugin2\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Java\jre1.8.0_66\bin\server\backup.exe"C:\Program Files\Java\jre1.8.0_66\bin\server\backup.exe" C:\Program Files\Java\jre1.8.0_66\bin\server\8⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files\Java\jre1.8.0_66\lib\backup.exe"C:\Program Files\Java\jre1.8.0_66\lib\backup.exe" C:\Program Files\Java\jre1.8.0_66\lib\7⤵
-
-
-
-
C:\Program Files\Microsoft Office\backup.exe"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\5⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Microsoft Office\Office16\backup.exe"C:\Program Files\Microsoft Office\Office16\backup.exe" C:\Program Files\Microsoft Office\Office16\6⤵
- System policy modification
-
-
C:\Program Files\Microsoft Office\PackageManifests\backup.exe"C:\Program Files\Microsoft Office\PackageManifests\backup.exe" C:\Program Files\Microsoft Office\PackageManifests\6⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Microsoft Office\root\backup.exe"C:\Program Files\Microsoft Office\root\backup.exe" C:\Program Files\Microsoft Office\root\6⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Microsoft Office\root\Client\update.exe"C:\Program Files\Microsoft Office\root\Client\update.exe" C:\Program Files\Microsoft Office\root\Client\7⤵
-
-
C:\Program Files\Microsoft Office\root\Document Themes 16\backup.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\7⤵
-
-
C:\Program Files\Microsoft Office\root\fre\backup.exe"C:\Program Files\Microsoft Office\root\fre\backup.exe" C:\Program Files\Microsoft Office\root\fre\7⤵
-
-
-
C:\Program Files\Microsoft Office\Updates\backup.exe"C:\Program Files\Microsoft Office\Updates\backup.exe" C:\Program Files\Microsoft Office\Updates\6⤵
-
-
-
C:\Program Files\Microsoft Office 15\update.exe"C:\Program Files\Microsoft Office 15\update.exe" C:\Program Files\Microsoft Office 15\5⤵
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\8⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\9⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\8⤵
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\8⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\9⤵
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\8⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\9⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\8⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\9⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\10⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\10⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\11⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\11⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\11⤵
-
-
-
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\System Restore.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\System Restore.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\7⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\ARM\backup.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\backup.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\7⤵
-
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\backup.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\8⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe"C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\7⤵
-
C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\8⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\7⤵
-
-
-
C:\Program Files (x86)\Common Files\Java\update.exe"C:\Program Files (x86)\Common Files\Java\update.exe" C:\Program Files (x86)\Common Files\Java\6⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Java\Java Update\backup.exe"C:\Program Files (x86)\Common Files\Java\Java Update\backup.exe" C:\Program Files (x86)\Common Files\Java\Java Update\7⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\7⤵
- System policy modification
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\7⤵
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\7⤵
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\7⤵
-
-
-
C:\Program Files (x86)\Common Files\Services\backup.exe"C:\Program Files (x86)\Common Files\Services\backup.exe" C:\Program Files (x86)\Common Files\Services\6⤵
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Google\CrashReports\backup.exe"C:\Program Files (x86)\Google\CrashReports\backup.exe" C:\Program Files (x86)\Google\CrashReports\6⤵
-
-
C:\Program Files (x86)\Google\Policies\backup.exe"C:\Program Files (x86)\Google\Policies\backup.exe" C:\Program Files (x86)\Google\Policies\6⤵
-
-
C:\Program Files (x86)\Google\Temp\backup.exe"C:\Program Files (x86)\Google\Temp\backup.exe" C:\Program Files (x86)\Google\Temp\6⤵
-
-
C:\Program Files (x86)\Google\Update\backup.exe"C:\Program Files (x86)\Google\Update\backup.exe" C:\Program Files (x86)\Google\Update\6⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Google\Update\1.3.36.71\backup.exe"C:\Program Files (x86)\Google\Update\1.3.36.71\backup.exe" C:\Program Files (x86)\Google\Update\1.3.36.71\7⤵
-
-
C:\Program Files (x86)\Google\Update\Download\backup.exe"C:\Program Files (x86)\Google\Update\Download\backup.exe" C:\Program Files (x86)\Google\Update\Download\7⤵
-
-
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
-
-
-
C:\Users\data.exeC:\Users\data.exe C:\Users\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\3D Objects\backup.exe"C:\Users\Admin\3D Objects\backup.exe" C:\Users\Admin\3D Objects\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
-
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\6⤵
-
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
-
-
C:\Users\Admin\Favorites\update.exeC:\Users\Admin\Favorites\update.exe C:\Users\Admin\Favorites\6⤵
-
-
C:\Users\Admin\Links\backup.exeC:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Users\Admin\Music\backup.exeC:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Admin\OneDrive\backup.exeC:\Users\Admin\OneDrive\backup.exe C:\Users\Admin\OneDrive\6⤵
- System policy modification
-
-
C:\Users\Admin\Pictures\backup.exeC:\Users\Admin\Pictures\backup.exe C:\Users\Admin\Pictures\6⤵
-
C:\Users\Admin\Pictures\Camera Roll\System Restore.exe"C:\Users\Admin\Pictures\Camera Roll\System Restore.exe" C:\Users\Admin\Pictures\Camera Roll\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Admin\Pictures\Saved Pictures\backup.exe"C:\Users\Admin\Pictures\Saved Pictures\backup.exe" C:\Users\Admin\Pictures\Saved Pictures\7⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
-
C:\Users\Admin\Saved Games\backup.exe"C:\Users\Admin\Saved Games\backup.exe" C:\Users\Admin\Saved Games\6⤵
- Disables RegEdit via registry modification
-
-
C:\Users\Admin\Searches\System Restore.exe"C:\Users\Admin\Searches\System Restore.exe" C:\Users\Admin\Searches\6⤵
-
-
C:\Users\Admin\Videos\backup.exeC:\Users\Admin\Videos\backup.exe C:\Users\Admin\Videos\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Public\Documents\backup.exeC:\Users\Public\Documents\backup.exe C:\Users\Public\Documents\6⤵
-
-
C:\Users\Public\Downloads\backup.exeC:\Users\Public\Downloads\backup.exe C:\Users\Public\Downloads\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Public\Music\backup.exeC:\Users\Public\Music\backup.exe C:\Users\Public\Music\6⤵
-
-
C:\Users\Public\Pictures\backup.exeC:\Users\Public\Pictures\backup.exe C:\Users\Public\Pictures\6⤵
-
-
C:\Users\Public\Videos\backup.exeC:\Users\Public\Videos\backup.exe C:\Users\Public\Videos\6⤵
- System policy modification
-
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
- Drops file in Windows directory
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
-
-
C:\Windows\appcompat\update.exeC:\Windows\appcompat\update.exe C:\Windows\appcompat\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Windows directory
-
C:\Windows\appcompat\appraiser\backup.exeC:\Windows\appcompat\appraiser\backup.exe C:\Windows\appcompat\appraiser\6⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Windows directory
- System policy modification
-
C:\Windows\appcompat\appraiser\Telemetry\backup.exeC:\Windows\appcompat\appraiser\Telemetry\backup.exe C:\Windows\appcompat\appraiser\Telemetry\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
C:\Windows\appcompat\encapsulation\backup.exeC:\Windows\appcompat\encapsulation\backup.exe C:\Windows\appcompat\encapsulation\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\appcompat\Programs\backup.exeC:\Windows\appcompat\Programs\backup.exe C:\Windows\appcompat\Programs\6⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
-
C:\Windows\apppatch\backup.exeC:\Windows\apppatch\backup.exe C:\Windows\apppatch\5⤵
-
-
C:\Windows\AppReadiness\backup.exeC:\Windows\AppReadiness\backup.exe C:\Windows\AppReadiness\5⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exeC:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe C:\Users\Admin\AppData\Local\Temp\acrocef_low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD5f738b18e3493c7292dfce8ac2a5e0576
SHA185a18a445c45d84299eeb7c86db4cf68e2f30796
SHA2561990ee5f5fdb9e210cc9a49c08b482a613e9291f6708dd79d23629c61b266a8e
SHA512aa6c31f0787a5e9cf032c97415b1a64cbc8f57dafd8e8e3faa6960a3290f8e782c5858e91db548fc260f9237d1adebb4ec1603b125d1d3ac56a2b909f19d57fb
-
Filesize
72KB
MD5f738b18e3493c7292dfce8ac2a5e0576
SHA185a18a445c45d84299eeb7c86db4cf68e2f30796
SHA2561990ee5f5fdb9e210cc9a49c08b482a613e9291f6708dd79d23629c61b266a8e
SHA512aa6c31f0787a5e9cf032c97415b1a64cbc8f57dafd8e8e3faa6960a3290f8e782c5858e91db548fc260f9237d1adebb4ec1603b125d1d3ac56a2b909f19d57fb
-
Filesize
72KB
MD5dfa2894e24bc764e6941e954f2308823
SHA1d9c8df52ba73b02eb34441ce68e177db5659d480
SHA256dcb237905b7f75a6d9f32a127053cc673e7600bd3c16e2293f35cbd217ca0351
SHA5122f9a901606acce19e9c6648d45bed577a8fbc7860d4dfe0736c7c2d69cc806fef407c8bd7181b6c944dfa802dcd65300c48dc92df6d1abe8d65147d529d96050
-
Filesize
72KB
MD5dfa2894e24bc764e6941e954f2308823
SHA1d9c8df52ba73b02eb34441ce68e177db5659d480
SHA256dcb237905b7f75a6d9f32a127053cc673e7600bd3c16e2293f35cbd217ca0351
SHA5122f9a901606acce19e9c6648d45bed577a8fbc7860d4dfe0736c7c2d69cc806fef407c8bd7181b6c944dfa802dcd65300c48dc92df6d1abe8d65147d529d96050
-
Filesize
72KB
MD5806370dc239f4e8948d38776e6c38987
SHA18c1e94bb961f6256e377a564b20359640bc21403
SHA256110fac827e46dfae17c09f0b343efc73757e924031f4d4ea89fdfcb75b0e0451
SHA5123bc80caa3e92116c1ee386236381e10fac3b0ef609f1df561134b3c859975c728541a17105f8eb80c1ae4e7003528633beef87da2d573eade424883d45edf9bb
-
Filesize
72KB
MD5806370dc239f4e8948d38776e6c38987
SHA18c1e94bb961f6256e377a564b20359640bc21403
SHA256110fac827e46dfae17c09f0b343efc73757e924031f4d4ea89fdfcb75b0e0451
SHA5123bc80caa3e92116c1ee386236381e10fac3b0ef609f1df561134b3c859975c728541a17105f8eb80c1ae4e7003528633beef87da2d573eade424883d45edf9bb
-
Filesize
72KB
MD5268af3e85955491a17bda3adddab1677
SHA12a0d2e623bc98cc040a37db88d7a3ef2b386c39f
SHA256a5ff98cf091afa75505fba8a50413a2ed2dcdc3d34e814a1d60f006db5bc3b23
SHA51201087b732e41033de1351ef001ff2419b6c1f549b67a4f87f4db743e8c38e71043e407f061230a9506dd49d09baab545a77c0e72d3f303d43e59e7b403093ce8
-
Filesize
72KB
MD5268af3e85955491a17bda3adddab1677
SHA12a0d2e623bc98cc040a37db88d7a3ef2b386c39f
SHA256a5ff98cf091afa75505fba8a50413a2ed2dcdc3d34e814a1d60f006db5bc3b23
SHA51201087b732e41033de1351ef001ff2419b6c1f549b67a4f87f4db743e8c38e71043e407f061230a9506dd49d09baab545a77c0e72d3f303d43e59e7b403093ce8
-
Filesize
72KB
MD5806370dc239f4e8948d38776e6c38987
SHA18c1e94bb961f6256e377a564b20359640bc21403
SHA256110fac827e46dfae17c09f0b343efc73757e924031f4d4ea89fdfcb75b0e0451
SHA5123bc80caa3e92116c1ee386236381e10fac3b0ef609f1df561134b3c859975c728541a17105f8eb80c1ae4e7003528633beef87da2d573eade424883d45edf9bb
-
Filesize
72KB
MD5806370dc239f4e8948d38776e6c38987
SHA18c1e94bb961f6256e377a564b20359640bc21403
SHA256110fac827e46dfae17c09f0b343efc73757e924031f4d4ea89fdfcb75b0e0451
SHA5123bc80caa3e92116c1ee386236381e10fac3b0ef609f1df561134b3c859975c728541a17105f8eb80c1ae4e7003528633beef87da2d573eade424883d45edf9bb
-
Filesize
72KB
MD5d7a50d5369b100a03119f267538221cd
SHA14ff88147efc9d994df02234d2861e7d551669160
SHA2567d3ced02d65f1dd8c00f7fb992994d997a55d37ed551353dcb85fbfb698334ab
SHA5128d99d719d0b935425e61f55311208ea8ddf8e149ea3df538d385cfe8f1d6dda3042bbf7df25e9155283be5190619488243647bf72c1cc90a7052bd7a85ade9bb
-
Filesize
72KB
MD5d7a50d5369b100a03119f267538221cd
SHA14ff88147efc9d994df02234d2861e7d551669160
SHA2567d3ced02d65f1dd8c00f7fb992994d997a55d37ed551353dcb85fbfb698334ab
SHA5128d99d719d0b935425e61f55311208ea8ddf8e149ea3df538d385cfe8f1d6dda3042bbf7df25e9155283be5190619488243647bf72c1cc90a7052bd7a85ade9bb
-
Filesize
72KB
MD5268af3e85955491a17bda3adddab1677
SHA12a0d2e623bc98cc040a37db88d7a3ef2b386c39f
SHA256a5ff98cf091afa75505fba8a50413a2ed2dcdc3d34e814a1d60f006db5bc3b23
SHA51201087b732e41033de1351ef001ff2419b6c1f549b67a4f87f4db743e8c38e71043e407f061230a9506dd49d09baab545a77c0e72d3f303d43e59e7b403093ce8
-
Filesize
72KB
MD5268af3e85955491a17bda3adddab1677
SHA12a0d2e623bc98cc040a37db88d7a3ef2b386c39f
SHA256a5ff98cf091afa75505fba8a50413a2ed2dcdc3d34e814a1d60f006db5bc3b23
SHA51201087b732e41033de1351ef001ff2419b6c1f549b67a4f87f4db743e8c38e71043e407f061230a9506dd49d09baab545a77c0e72d3f303d43e59e7b403093ce8
-
Filesize
72KB
MD51ef89e7ad996bfe7c9738925636eab6c
SHA1e05b966710e099bbadc5d93c1fba7b44ee01597d
SHA256dd3a0509fd3d1bbbbcacd7e135dd908af193cebffb9447b89b26e1eed8aad924
SHA5123dd3615c18470d356579eba784c41b48503773f441f3d30873b24b6c9d43629d01413e02e3e05b2ee8b16285b6883282905b190a17d1f7cfb2b494c0efdffc66
-
Filesize
72KB
MD51ef89e7ad996bfe7c9738925636eab6c
SHA1e05b966710e099bbadc5d93c1fba7b44ee01597d
SHA256dd3a0509fd3d1bbbbcacd7e135dd908af193cebffb9447b89b26e1eed8aad924
SHA5123dd3615c18470d356579eba784c41b48503773f441f3d30873b24b6c9d43629d01413e02e3e05b2ee8b16285b6883282905b190a17d1f7cfb2b494c0efdffc66
-
Filesize
72KB
MD5806370dc239f4e8948d38776e6c38987
SHA18c1e94bb961f6256e377a564b20359640bc21403
SHA256110fac827e46dfae17c09f0b343efc73757e924031f4d4ea89fdfcb75b0e0451
SHA5123bc80caa3e92116c1ee386236381e10fac3b0ef609f1df561134b3c859975c728541a17105f8eb80c1ae4e7003528633beef87da2d573eade424883d45edf9bb
-
Filesize
72KB
MD5806370dc239f4e8948d38776e6c38987
SHA18c1e94bb961f6256e377a564b20359640bc21403
SHA256110fac827e46dfae17c09f0b343efc73757e924031f4d4ea89fdfcb75b0e0451
SHA5123bc80caa3e92116c1ee386236381e10fac3b0ef609f1df561134b3c859975c728541a17105f8eb80c1ae4e7003528633beef87da2d573eade424883d45edf9bb
-
Filesize
72KB
MD5d77f35b310fa3c4eb9732d55d15f6f7f
SHA10e0d3a55a49372d1e486a59775cb84cb3b0fcac1
SHA256bd2a4878231497b4b8a2c7df93625ca9e479ea626200028e119088a5c1753503
SHA5129607f8437db6d018e05551f1bddd18b5e1ea4f236217c2b97d4c016194ee1e37db12ca6bb91ca241f660092a11d69abd1106b70fd998f8b954b1a96dda4fb12e
-
Filesize
72KB
MD5d77f35b310fa3c4eb9732d55d15f6f7f
SHA10e0d3a55a49372d1e486a59775cb84cb3b0fcac1
SHA256bd2a4878231497b4b8a2c7df93625ca9e479ea626200028e119088a5c1753503
SHA5129607f8437db6d018e05551f1bddd18b5e1ea4f236217c2b97d4c016194ee1e37db12ca6bb91ca241f660092a11d69abd1106b70fd998f8b954b1a96dda4fb12e
-
Filesize
72KB
MD51ef89e7ad996bfe7c9738925636eab6c
SHA1e05b966710e099bbadc5d93c1fba7b44ee01597d
SHA256dd3a0509fd3d1bbbbcacd7e135dd908af193cebffb9447b89b26e1eed8aad924
SHA5123dd3615c18470d356579eba784c41b48503773f441f3d30873b24b6c9d43629d01413e02e3e05b2ee8b16285b6883282905b190a17d1f7cfb2b494c0efdffc66
-
Filesize
72KB
MD51ef89e7ad996bfe7c9738925636eab6c
SHA1e05b966710e099bbadc5d93c1fba7b44ee01597d
SHA256dd3a0509fd3d1bbbbcacd7e135dd908af193cebffb9447b89b26e1eed8aad924
SHA5123dd3615c18470d356579eba784c41b48503773f441f3d30873b24b6c9d43629d01413e02e3e05b2ee8b16285b6883282905b190a17d1f7cfb2b494c0efdffc66
-
Filesize
72KB
MD5d77f35b310fa3c4eb9732d55d15f6f7f
SHA10e0d3a55a49372d1e486a59775cb84cb3b0fcac1
SHA256bd2a4878231497b4b8a2c7df93625ca9e479ea626200028e119088a5c1753503
SHA5129607f8437db6d018e05551f1bddd18b5e1ea4f236217c2b97d4c016194ee1e37db12ca6bb91ca241f660092a11d69abd1106b70fd998f8b954b1a96dda4fb12e
-
Filesize
72KB
MD5d77f35b310fa3c4eb9732d55d15f6f7f
SHA10e0d3a55a49372d1e486a59775cb84cb3b0fcac1
SHA256bd2a4878231497b4b8a2c7df93625ca9e479ea626200028e119088a5c1753503
SHA5129607f8437db6d018e05551f1bddd18b5e1ea4f236217c2b97d4c016194ee1e37db12ca6bb91ca241f660092a11d69abd1106b70fd998f8b954b1a96dda4fb12e
-
Filesize
72KB
MD5d77f35b310fa3c4eb9732d55d15f6f7f
SHA10e0d3a55a49372d1e486a59775cb84cb3b0fcac1
SHA256bd2a4878231497b4b8a2c7df93625ca9e479ea626200028e119088a5c1753503
SHA5129607f8437db6d018e05551f1bddd18b5e1ea4f236217c2b97d4c016194ee1e37db12ca6bb91ca241f660092a11d69abd1106b70fd998f8b954b1a96dda4fb12e
-
Filesize
72KB
MD5d77f35b310fa3c4eb9732d55d15f6f7f
SHA10e0d3a55a49372d1e486a59775cb84cb3b0fcac1
SHA256bd2a4878231497b4b8a2c7df93625ca9e479ea626200028e119088a5c1753503
SHA5129607f8437db6d018e05551f1bddd18b5e1ea4f236217c2b97d4c016194ee1e37db12ca6bb91ca241f660092a11d69abd1106b70fd998f8b954b1a96dda4fb12e
-
Filesize
72KB
MD590f784958f7325f292d3aba96d57e84b
SHA1c29c514a43063fc306421c4dd5f8ea279c8e5129
SHA25694e5c983dba84e6f36ac87a2230d293ae93723b04d3f7cbfb2d063f788080a10
SHA51260ed790f4b86fbf5efcfd4a4594271fabac7ebdbf1439e9187e472c61210f6de902b8fc1dbb48339d05a5441cba2351232ac9ba9582bd70349e3590c61ab52f3
-
Filesize
72KB
MD590f784958f7325f292d3aba96d57e84b
SHA1c29c514a43063fc306421c4dd5f8ea279c8e5129
SHA25694e5c983dba84e6f36ac87a2230d293ae93723b04d3f7cbfb2d063f788080a10
SHA51260ed790f4b86fbf5efcfd4a4594271fabac7ebdbf1439e9187e472c61210f6de902b8fc1dbb48339d05a5441cba2351232ac9ba9582bd70349e3590c61ab52f3
-
Filesize
72KB
MD590f784958f7325f292d3aba96d57e84b
SHA1c29c514a43063fc306421c4dd5f8ea279c8e5129
SHA25694e5c983dba84e6f36ac87a2230d293ae93723b04d3f7cbfb2d063f788080a10
SHA51260ed790f4b86fbf5efcfd4a4594271fabac7ebdbf1439e9187e472c61210f6de902b8fc1dbb48339d05a5441cba2351232ac9ba9582bd70349e3590c61ab52f3
-
Filesize
72KB
MD590f784958f7325f292d3aba96d57e84b
SHA1c29c514a43063fc306421c4dd5f8ea279c8e5129
SHA25694e5c983dba84e6f36ac87a2230d293ae93723b04d3f7cbfb2d063f788080a10
SHA51260ed790f4b86fbf5efcfd4a4594271fabac7ebdbf1439e9187e472c61210f6de902b8fc1dbb48339d05a5441cba2351232ac9ba9582bd70349e3590c61ab52f3
-
Filesize
72KB
MD590f784958f7325f292d3aba96d57e84b
SHA1c29c514a43063fc306421c4dd5f8ea279c8e5129
SHA25694e5c983dba84e6f36ac87a2230d293ae93723b04d3f7cbfb2d063f788080a10
SHA51260ed790f4b86fbf5efcfd4a4594271fabac7ebdbf1439e9187e472c61210f6de902b8fc1dbb48339d05a5441cba2351232ac9ba9582bd70349e3590c61ab52f3
-
Filesize
72KB
MD590f784958f7325f292d3aba96d57e84b
SHA1c29c514a43063fc306421c4dd5f8ea279c8e5129
SHA25694e5c983dba84e6f36ac87a2230d293ae93723b04d3f7cbfb2d063f788080a10
SHA51260ed790f4b86fbf5efcfd4a4594271fabac7ebdbf1439e9187e472c61210f6de902b8fc1dbb48339d05a5441cba2351232ac9ba9582bd70349e3590c61ab52f3
-
Filesize
72KB
MD590f784958f7325f292d3aba96d57e84b
SHA1c29c514a43063fc306421c4dd5f8ea279c8e5129
SHA25694e5c983dba84e6f36ac87a2230d293ae93723b04d3f7cbfb2d063f788080a10
SHA51260ed790f4b86fbf5efcfd4a4594271fabac7ebdbf1439e9187e472c61210f6de902b8fc1dbb48339d05a5441cba2351232ac9ba9582bd70349e3590c61ab52f3
-
Filesize
72KB
MD590f784958f7325f292d3aba96d57e84b
SHA1c29c514a43063fc306421c4dd5f8ea279c8e5129
SHA25694e5c983dba84e6f36ac87a2230d293ae93723b04d3f7cbfb2d063f788080a10
SHA51260ed790f4b86fbf5efcfd4a4594271fabac7ebdbf1439e9187e472c61210f6de902b8fc1dbb48339d05a5441cba2351232ac9ba9582bd70349e3590c61ab52f3
-
Filesize
72KB
MD590f784958f7325f292d3aba96d57e84b
SHA1c29c514a43063fc306421c4dd5f8ea279c8e5129
SHA25694e5c983dba84e6f36ac87a2230d293ae93723b04d3f7cbfb2d063f788080a10
SHA51260ed790f4b86fbf5efcfd4a4594271fabac7ebdbf1439e9187e472c61210f6de902b8fc1dbb48339d05a5441cba2351232ac9ba9582bd70349e3590c61ab52f3
-
Filesize
72KB
MD590f784958f7325f292d3aba96d57e84b
SHA1c29c514a43063fc306421c4dd5f8ea279c8e5129
SHA25694e5c983dba84e6f36ac87a2230d293ae93723b04d3f7cbfb2d063f788080a10
SHA51260ed790f4b86fbf5efcfd4a4594271fabac7ebdbf1439e9187e472c61210f6de902b8fc1dbb48339d05a5441cba2351232ac9ba9582bd70349e3590c61ab52f3
-
Filesize
72KB
MD590f784958f7325f292d3aba96d57e84b
SHA1c29c514a43063fc306421c4dd5f8ea279c8e5129
SHA25694e5c983dba84e6f36ac87a2230d293ae93723b04d3f7cbfb2d063f788080a10
SHA51260ed790f4b86fbf5efcfd4a4594271fabac7ebdbf1439e9187e472c61210f6de902b8fc1dbb48339d05a5441cba2351232ac9ba9582bd70349e3590c61ab52f3
-
Filesize
72KB
MD590f784958f7325f292d3aba96d57e84b
SHA1c29c514a43063fc306421c4dd5f8ea279c8e5129
SHA25694e5c983dba84e6f36ac87a2230d293ae93723b04d3f7cbfb2d063f788080a10
SHA51260ed790f4b86fbf5efcfd4a4594271fabac7ebdbf1439e9187e472c61210f6de902b8fc1dbb48339d05a5441cba2351232ac9ba9582bd70349e3590c61ab52f3
-
Filesize
72KB
MD590f784958f7325f292d3aba96d57e84b
SHA1c29c514a43063fc306421c4dd5f8ea279c8e5129
SHA25694e5c983dba84e6f36ac87a2230d293ae93723b04d3f7cbfb2d063f788080a10
SHA51260ed790f4b86fbf5efcfd4a4594271fabac7ebdbf1439e9187e472c61210f6de902b8fc1dbb48339d05a5441cba2351232ac9ba9582bd70349e3590c61ab52f3
-
Filesize
72KB
MD590f784958f7325f292d3aba96d57e84b
SHA1c29c514a43063fc306421c4dd5f8ea279c8e5129
SHA25694e5c983dba84e6f36ac87a2230d293ae93723b04d3f7cbfb2d063f788080a10
SHA51260ed790f4b86fbf5efcfd4a4594271fabac7ebdbf1439e9187e472c61210f6de902b8fc1dbb48339d05a5441cba2351232ac9ba9582bd70349e3590c61ab52f3
-
Filesize
72KB
MD590f784958f7325f292d3aba96d57e84b
SHA1c29c514a43063fc306421c4dd5f8ea279c8e5129
SHA25694e5c983dba84e6f36ac87a2230d293ae93723b04d3f7cbfb2d063f788080a10
SHA51260ed790f4b86fbf5efcfd4a4594271fabac7ebdbf1439e9187e472c61210f6de902b8fc1dbb48339d05a5441cba2351232ac9ba9582bd70349e3590c61ab52f3
-
Filesize
72KB
MD590f784958f7325f292d3aba96d57e84b
SHA1c29c514a43063fc306421c4dd5f8ea279c8e5129
SHA25694e5c983dba84e6f36ac87a2230d293ae93723b04d3f7cbfb2d063f788080a10
SHA51260ed790f4b86fbf5efcfd4a4594271fabac7ebdbf1439e9187e472c61210f6de902b8fc1dbb48339d05a5441cba2351232ac9ba9582bd70349e3590c61ab52f3
-
Filesize
72KB
MD563520440906a7f0736af36a4b7bf463b
SHA1ef0ad70292c13e6ab6a2368bf673d545697e21da
SHA256e28dd1b08135e65ec7b52c7c0d4492ad996f61a6952e54341e29b5acbb81bd1d
SHA512a275e0aa198cb934fa43eb232f3c0bd06a50c5a0674293082357e91cbde3e3869401931ba07fb65358881111fd26d34dc17da8098f1bd88df40a3aa429e85f27
-
Filesize
72KB
MD563520440906a7f0736af36a4b7bf463b
SHA1ef0ad70292c13e6ab6a2368bf673d545697e21da
SHA256e28dd1b08135e65ec7b52c7c0d4492ad996f61a6952e54341e29b5acbb81bd1d
SHA512a275e0aa198cb934fa43eb232f3c0bd06a50c5a0674293082357e91cbde3e3869401931ba07fb65358881111fd26d34dc17da8098f1bd88df40a3aa429e85f27
-
Filesize
72KB
MD5f738b18e3493c7292dfce8ac2a5e0576
SHA185a18a445c45d84299eeb7c86db4cf68e2f30796
SHA2561990ee5f5fdb9e210cc9a49c08b482a613e9291f6708dd79d23629c61b266a8e
SHA512aa6c31f0787a5e9cf032c97415b1a64cbc8f57dafd8e8e3faa6960a3290f8e782c5858e91db548fc260f9237d1adebb4ec1603b125d1d3ac56a2b909f19d57fb
-
Filesize
72KB
MD5f738b18e3493c7292dfce8ac2a5e0576
SHA185a18a445c45d84299eeb7c86db4cf68e2f30796
SHA2561990ee5f5fdb9e210cc9a49c08b482a613e9291f6708dd79d23629c61b266a8e
SHA512aa6c31f0787a5e9cf032c97415b1a64cbc8f57dafd8e8e3faa6960a3290f8e782c5858e91db548fc260f9237d1adebb4ec1603b125d1d3ac56a2b909f19d57fb
-
Filesize
72KB
MD5e3d3e417bf0c5c38fd6f744b7ae5b0fd
SHA1bec51076efd50004575ce4c6699ae79743dfd491
SHA25600fb466ec83a480d2779ba58ec459ecdc6de2da13ecc24a4b433777bc98aa4f2
SHA512dcee3b8b0ae040121b5bdfa484e7f0f32566a72f257315aa256551fffd49d7b9e99a721a8387832c794cc90e9224adf250a4f197d558661faa7be00734d1d14d
-
Filesize
72KB
MD5e3d3e417bf0c5c38fd6f744b7ae5b0fd
SHA1bec51076efd50004575ce4c6699ae79743dfd491
SHA25600fb466ec83a480d2779ba58ec459ecdc6de2da13ecc24a4b433777bc98aa4f2
SHA512dcee3b8b0ae040121b5bdfa484e7f0f32566a72f257315aa256551fffd49d7b9e99a721a8387832c794cc90e9224adf250a4f197d558661faa7be00734d1d14d
-
Filesize
72KB
MD5e3d3e417bf0c5c38fd6f744b7ae5b0fd
SHA1bec51076efd50004575ce4c6699ae79743dfd491
SHA25600fb466ec83a480d2779ba58ec459ecdc6de2da13ecc24a4b433777bc98aa4f2
SHA512dcee3b8b0ae040121b5bdfa484e7f0f32566a72f257315aa256551fffd49d7b9e99a721a8387832c794cc90e9224adf250a4f197d558661faa7be00734d1d14d
-
Filesize
72KB
MD5e3d3e417bf0c5c38fd6f744b7ae5b0fd
SHA1bec51076efd50004575ce4c6699ae79743dfd491
SHA25600fb466ec83a480d2779ba58ec459ecdc6de2da13ecc24a4b433777bc98aa4f2
SHA512dcee3b8b0ae040121b5bdfa484e7f0f32566a72f257315aa256551fffd49d7b9e99a721a8387832c794cc90e9224adf250a4f197d558661faa7be00734d1d14d
-
Filesize
72KB
MD52bf36547b62e15ff38f26e81a189d935
SHA17fd74f20c117226f71ea91e5d5bd1ba3ffba6f8f
SHA2568f9a8911a7338010d1901c9109d09143b3b92ea9343b8951b254cf355f84a396
SHA512ee74eb29987d7fa76554c38125766621993cfd789fa3261845a40a919dd0fffec80c13752546c73f31b79bbdb1d02c7632002efbbb25a7a29603f9f258c567a5
-
Filesize
72KB
MD52bf36547b62e15ff38f26e81a189d935
SHA17fd74f20c117226f71ea91e5d5bd1ba3ffba6f8f
SHA2568f9a8911a7338010d1901c9109d09143b3b92ea9343b8951b254cf355f84a396
SHA512ee74eb29987d7fa76554c38125766621993cfd789fa3261845a40a919dd0fffec80c13752546c73f31b79bbdb1d02c7632002efbbb25a7a29603f9f258c567a5
-
Filesize
72KB
MD52bf36547b62e15ff38f26e81a189d935
SHA17fd74f20c117226f71ea91e5d5bd1ba3ffba6f8f
SHA2568f9a8911a7338010d1901c9109d09143b3b92ea9343b8951b254cf355f84a396
SHA512ee74eb29987d7fa76554c38125766621993cfd789fa3261845a40a919dd0fffec80c13752546c73f31b79bbdb1d02c7632002efbbb25a7a29603f9f258c567a5
-
Filesize
72KB
MD52bf36547b62e15ff38f26e81a189d935
SHA17fd74f20c117226f71ea91e5d5bd1ba3ffba6f8f
SHA2568f9a8911a7338010d1901c9109d09143b3b92ea9343b8951b254cf355f84a396
SHA512ee74eb29987d7fa76554c38125766621993cfd789fa3261845a40a919dd0fffec80c13752546c73f31b79bbdb1d02c7632002efbbb25a7a29603f9f258c567a5
-
Filesize
72KB
MD5e3d3e417bf0c5c38fd6f744b7ae5b0fd
SHA1bec51076efd50004575ce4c6699ae79743dfd491
SHA25600fb466ec83a480d2779ba58ec459ecdc6de2da13ecc24a4b433777bc98aa4f2
SHA512dcee3b8b0ae040121b5bdfa484e7f0f32566a72f257315aa256551fffd49d7b9e99a721a8387832c794cc90e9224adf250a4f197d558661faa7be00734d1d14d
-
Filesize
72KB
MD5e3d3e417bf0c5c38fd6f744b7ae5b0fd
SHA1bec51076efd50004575ce4c6699ae79743dfd491
SHA25600fb466ec83a480d2779ba58ec459ecdc6de2da13ecc24a4b433777bc98aa4f2
SHA512dcee3b8b0ae040121b5bdfa484e7f0f32566a72f257315aa256551fffd49d7b9e99a721a8387832c794cc90e9224adf250a4f197d558661faa7be00734d1d14d
-
Filesize
72KB
MD5e3d3e417bf0c5c38fd6f744b7ae5b0fd
SHA1bec51076efd50004575ce4c6699ae79743dfd491
SHA25600fb466ec83a480d2779ba58ec459ecdc6de2da13ecc24a4b433777bc98aa4f2
SHA512dcee3b8b0ae040121b5bdfa484e7f0f32566a72f257315aa256551fffd49d7b9e99a721a8387832c794cc90e9224adf250a4f197d558661faa7be00734d1d14d
-
Filesize
72KB
MD5e3d3e417bf0c5c38fd6f744b7ae5b0fd
SHA1bec51076efd50004575ce4c6699ae79743dfd491
SHA25600fb466ec83a480d2779ba58ec459ecdc6de2da13ecc24a4b433777bc98aa4f2
SHA512dcee3b8b0ae040121b5bdfa484e7f0f32566a72f257315aa256551fffd49d7b9e99a721a8387832c794cc90e9224adf250a4f197d558661faa7be00734d1d14d
-
Filesize
72KB
MD52bf36547b62e15ff38f26e81a189d935
SHA17fd74f20c117226f71ea91e5d5bd1ba3ffba6f8f
SHA2568f9a8911a7338010d1901c9109d09143b3b92ea9343b8951b254cf355f84a396
SHA512ee74eb29987d7fa76554c38125766621993cfd789fa3261845a40a919dd0fffec80c13752546c73f31b79bbdb1d02c7632002efbbb25a7a29603f9f258c567a5
-
Filesize
72KB
MD52bf36547b62e15ff38f26e81a189d935
SHA17fd74f20c117226f71ea91e5d5bd1ba3ffba6f8f
SHA2568f9a8911a7338010d1901c9109d09143b3b92ea9343b8951b254cf355f84a396
SHA512ee74eb29987d7fa76554c38125766621993cfd789fa3261845a40a919dd0fffec80c13752546c73f31b79bbdb1d02c7632002efbbb25a7a29603f9f258c567a5
-
Filesize
72KB
MD50bd822587043efc685b0ed022088bd03
SHA1216a26721d92e91822fe4ecd14490bec6e286e63
SHA256731a32d036dcea8ba55f1ab488886264b66658ce3dc81a703cd71b6c507b6d7b
SHA512153aa83c84258d95b4244ea28967f1122c8e32e3bd799f5ecf78ab1c59fb2bef6aacc521866f3b9578ef925c47190d4e2987badc63fd81ca3820bcfdaa634ba9
-
Filesize
72KB
MD50bd822587043efc685b0ed022088bd03
SHA1216a26721d92e91822fe4ecd14490bec6e286e63
SHA256731a32d036dcea8ba55f1ab488886264b66658ce3dc81a703cd71b6c507b6d7b
SHA512153aa83c84258d95b4244ea28967f1122c8e32e3bd799f5ecf78ab1c59fb2bef6aacc521866f3b9578ef925c47190d4e2987badc63fd81ca3820bcfdaa634ba9
-
Filesize
72KB
MD5f738b18e3493c7292dfce8ac2a5e0576
SHA185a18a445c45d84299eeb7c86db4cf68e2f30796
SHA2561990ee5f5fdb9e210cc9a49c08b482a613e9291f6708dd79d23629c61b266a8e
SHA512aa6c31f0787a5e9cf032c97415b1a64cbc8f57dafd8e8e3faa6960a3290f8e782c5858e91db548fc260f9237d1adebb4ec1603b125d1d3ac56a2b909f19d57fb
-
Filesize
72KB
MD5f738b18e3493c7292dfce8ac2a5e0576
SHA185a18a445c45d84299eeb7c86db4cf68e2f30796
SHA2561990ee5f5fdb9e210cc9a49c08b482a613e9291f6708dd79d23629c61b266a8e
SHA512aa6c31f0787a5e9cf032c97415b1a64cbc8f57dafd8e8e3faa6960a3290f8e782c5858e91db548fc260f9237d1adebb4ec1603b125d1d3ac56a2b909f19d57fb