Analysis
-
max time kernel
153s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
02/12/2022, 20:04
General
-
Target
9f1d9eec86bf6294eb696a664c29eb362cd36240aba11679923feee35583219e.exe
-
Size
72KB
-
MD5
5cb13e64d036c6f319e986abce63f1ed
-
SHA1
013a5ba2c1983e5be87663ce4e465a97153e9808
-
SHA256
9f1d9eec86bf6294eb696a664c29eb362cd36240aba11679923feee35583219e
-
SHA512
5cf0f03fee33ca4385a69593278a6565a08b2f831d866623f297d8332f31399f61651af2986bd6639fc3913b86972ff0ccfc45bd6e6244ac0c101615435914be
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2g:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrM
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 16 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9f1d9eec86bf6294eb696a664c29eb362cd36240aba11679923feee35583219e.exe"C:\Users\Admin\AppData\Local\Temp\9f1d9eec86bf6294eb696a664c29eb362cd36240aba11679923feee35583219e.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\2625381166\backup.exeC:\Users\Admin\AppData\Local\Temp\2625381166\backup.exe C:\Users\Admin\AppData\Local\Temp\2625381166\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\update.exe\update.exe \3⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\Admin\backup.exeC:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\data.exe"C:\Program Files\Common Files\Microsoft Shared\data.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\Filters\data.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\data.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\SpeechEngines\backup.exe"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe"C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\7⤵
-
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
-
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
-
-
-
-
C:\Program Files\DVD Maker\backup.exe"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\DVD Maker\de-DE\backup.exe"C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\en-US\backup.exe"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\DVD Maker\es-ES\backup.exe"C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\6⤵
-
-
C:\Program Files\DVD Maker\fr-FR\backup.exe"C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\6⤵
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
-
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\10⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\9⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\8⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\7⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\6⤵
-
-
C:\Program Files (x86)\Common Files\DESIGNER\backup.exe"C:\Program Files (x86)\Common Files\DESIGNER\backup.exe" C:\Program Files (x86)\Common Files\DESIGNER\6⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\6⤵
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Google\CrashReports\backup.exe"C:\Program Files (x86)\Google\CrashReports\backup.exe" C:\Program Files (x86)\Google\CrashReports\6⤵
-
-
C:\Program Files (x86)\Google\Policies\backup.exe"C:\Program Files (x86)\Google\Policies\backup.exe" C:\Program Files (x86)\Google\Policies\6⤵
-
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
-
-
C:\Program Files (x86)\Microsoft Analysis Services\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\5⤵
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\Favorites\backup.exeC:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Links\backup.exeC:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- System policy modification
-
-
C:\Users\Admin\Music\backup.exeC:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Users\Admin\Pictures\backup.exeC:\Users\Admin\Pictures\backup.exe C:\Users\Admin\Pictures\6⤵
-
-
C:\Users\Admin\Saved Games\backup.exe"C:\Users\Admin\Saved Games\backup.exe" C:\Users\Admin\Saved Games\6⤵
-
-
C:\Users\Admin\Searches\backup.exeC:\Users\Admin\Searches\backup.exe C:\Users\Admin\Searches\6⤵
-
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Users\Public\Documents\backup.exeC:\Users\Public\Documents\backup.exe C:\Users\Public\Documents\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Public\Downloads\backup.exeC:\Users\Public\Downloads\backup.exe C:\Users\Public\Downloads\6⤵
-
-
C:\Users\Public\Music\backup.exeC:\Users\Public\Music\backup.exe C:\Users\Public\Music\6⤵
-
-
C:\Users\Public\Pictures\backup.exeC:\Users\Public\Pictures\backup.exe C:\Users\Public\Pictures\6⤵
-
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Windows\AppCompat\backup.exeC:\Windows\AppCompat\backup.exe C:\Windows\AppCompat\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Windows\AppPatch\backup.exeC:\Windows\AppPatch\backup.exe C:\Windows\AppPatch\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Windows\AppPatch\AppPatch64\backup.exeC:\Windows\AppPatch\AppPatch64\backup.exe C:\Windows\AppPatch\AppPatch64\6⤵
-
-
C:\Windows\AppPatch\Custom\backup.exeC:\Windows\AppPatch\Custom\backup.exe C:\Windows\AppPatch\Custom\6⤵
-
-
C:\Windows\AppPatch\de-DE\update.exeC:\Windows\AppPatch\de-DE\update.exe C:\Windows\AppPatch\de-DE\6⤵
-
-
-
C:\Windows\assembly\backup.exeC:\Windows\assembly\backup.exe C:\Windows\assembly\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Windows directory
-
C:\Windows\assembly\GAC\update.exeC:\Windows\assembly\GAC\update.exe C:\Windows\assembly\GAC\6⤵
-
-
C:\Windows\assembly\GAC_32\backup.exeC:\Windows\assembly\GAC_32\backup.exe C:\Windows\assembly\GAC_32\6⤵
-
-
-
C:\Windows\Branding\update.exeC:\Windows\Branding\update.exe C:\Windows\Branding\5⤵
-
-
C:\Windows\CSC\backup.exeC:\Windows\CSC\backup.exe C:\Windows\CSC\5⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeC:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD5f4625a9d42aa23e93b2c2df5987eb92f
SHA114b0eb840f4031633ceeb080582cea0437c39ee5
SHA25609d868d5229b4e424b7927666924902a59420a54b9983c3816f16b80a2b0e5a6
SHA51235d3d3a88670155314d85a6c0143e4b93f61bd818bbf9b27e927d972b7805d9241ca8b9f60b51cee8e67df24617502ddd9d7c783da61533df739777540fb6290
-
Filesize
72KB
MD5f4625a9d42aa23e93b2c2df5987eb92f
SHA114b0eb840f4031633ceeb080582cea0437c39ee5
SHA25609d868d5229b4e424b7927666924902a59420a54b9983c3816f16b80a2b0e5a6
SHA51235d3d3a88670155314d85a6c0143e4b93f61bd818bbf9b27e927d972b7805d9241ca8b9f60b51cee8e67df24617502ddd9d7c783da61533df739777540fb6290
-
Filesize
72KB
MD5f25f5852134ef08a4bd30452dd353895
SHA17e14c70ecbee67dd49812b82ea4f704a4e42e932
SHA2563e4819f2ad7bead33f007bb0c763c281576744fabcff92d1b65a019f4bb142cc
SHA512477deefeace3f59af97221093ab3550885934f5d170e0eda30bbf9cfd2f1ce3b984bca5361e055b40941ea538358bd4bc0348d4504bef3647f338446922d0fb5
-
Filesize
72KB
MD5f25f5852134ef08a4bd30452dd353895
SHA17e14c70ecbee67dd49812b82ea4f704a4e42e932
SHA2563e4819f2ad7bead33f007bb0c763c281576744fabcff92d1b65a019f4bb142cc
SHA512477deefeace3f59af97221093ab3550885934f5d170e0eda30bbf9cfd2f1ce3b984bca5361e055b40941ea538358bd4bc0348d4504bef3647f338446922d0fb5
-
Filesize
72KB
MD5c1eae1df3583e71e04f26ebcf60ecf65
SHA181d92071aa9b1a94222d29a3092a3485ed69ed66
SHA256cd498925cf036a49ce36f3187560373cec894af9e63c6d322055f3f9c0dad350
SHA512b5264dc004bee7b9be86b7c7f1716e0d4d6860baf866850df053cd1e387f98cc7184bb47a701fba2b3bab57b40f714c2d307c53780d348fe41639fb910344abf
-
Filesize
72KB
MD5c1eae1df3583e71e04f26ebcf60ecf65
SHA181d92071aa9b1a94222d29a3092a3485ed69ed66
SHA256cd498925cf036a49ce36f3187560373cec894af9e63c6d322055f3f9c0dad350
SHA512b5264dc004bee7b9be86b7c7f1716e0d4d6860baf866850df053cd1e387f98cc7184bb47a701fba2b3bab57b40f714c2d307c53780d348fe41639fb910344abf
-
Filesize
72KB
MD52197f2f2db47a1bfc55c24a21221150a
SHA18512d35ec7e8da993fc8541b3039e8cfcb928578
SHA256b7f4b8cd82bbab65b09205fc095f324f7ed7cbf18eeaf40db3cd38d5516d889a
SHA512a8c3303ad2117dc319e10763e0d3aecc410a8a3101f4e6f17811b1395098f13485a74671b0f47a2632be76e7070e4aa041b3e2daa21d0c9a1215e1547ce0edad
-
Filesize
72KB
MD52197f2f2db47a1bfc55c24a21221150a
SHA18512d35ec7e8da993fc8541b3039e8cfcb928578
SHA256b7f4b8cd82bbab65b09205fc095f324f7ed7cbf18eeaf40db3cd38d5516d889a
SHA512a8c3303ad2117dc319e10763e0d3aecc410a8a3101f4e6f17811b1395098f13485a74671b0f47a2632be76e7070e4aa041b3e2daa21d0c9a1215e1547ce0edad
-
Filesize
72KB
MD5956456d1219cdd3146ee9851a4f70d5b
SHA16639ab612827f69d360ecdd5b64fa8d72cc4f538
SHA256f79735f7585c7b9e37e614f427ed021512ec072bd90203f579e006e7f70b9705
SHA512aa598a74ccd8e105b8f3eb74156816e4547d2c8ca829a1e75ab87d552c788308c612f2b5199dcd3867dd3ef3437ae3ad02397840bae87510e84182707bd1a6df
-
Filesize
72KB
MD5956456d1219cdd3146ee9851a4f70d5b
SHA16639ab612827f69d360ecdd5b64fa8d72cc4f538
SHA256f79735f7585c7b9e37e614f427ed021512ec072bd90203f579e006e7f70b9705
SHA512aa598a74ccd8e105b8f3eb74156816e4547d2c8ca829a1e75ab87d552c788308c612f2b5199dcd3867dd3ef3437ae3ad02397840bae87510e84182707bd1a6df
-
Filesize
72KB
MD5ff8a95daaa8b3c87e003f3317193466a
SHA1c0c370541bc430a4858d286b65a04ffda8351a1a
SHA2566127b6e925890d79b82609683fd1d326cb5a26c408bebe5a19b1b6879b76a3d0
SHA512fc98c0a6272d85651847a73404d612d61ec317ab70f47d1933eb137d565a8957e526f1bd027d83c35df569df6ec927a4e053f24bb73d9c02299ee9a0ccad43ad
-
Filesize
72KB
MD5ff8a95daaa8b3c87e003f3317193466a
SHA1c0c370541bc430a4858d286b65a04ffda8351a1a
SHA2566127b6e925890d79b82609683fd1d326cb5a26c408bebe5a19b1b6879b76a3d0
SHA512fc98c0a6272d85651847a73404d612d61ec317ab70f47d1933eb137d565a8957e526f1bd027d83c35df569df6ec927a4e053f24bb73d9c02299ee9a0ccad43ad
-
Filesize
72KB
MD534fed304386d1d757bc84a66226e5418
SHA188e376b08bda09a931e0b050ce923c80c733c56b
SHA256a3ce0076441b342dea002fc5470f580d9126bdcab9f5af3aad82cdf50779be12
SHA512005d4955e5dad3d653bcddc16a32db077063c69c5316375552453c48d6d7d588c0cd24131810a7160763323888ad9ce001cc8b0c2bdc626387271230d47ca910
-
Filesize
72KB
MD534fed304386d1d757bc84a66226e5418
SHA188e376b08bda09a931e0b050ce923c80c733c56b
SHA256a3ce0076441b342dea002fc5470f580d9126bdcab9f5af3aad82cdf50779be12
SHA512005d4955e5dad3d653bcddc16a32db077063c69c5316375552453c48d6d7d588c0cd24131810a7160763323888ad9ce001cc8b0c2bdc626387271230d47ca910
-
Filesize
72KB
MD574c7e9ab6897b1d11ef3e917972075e2
SHA1707585e811801f5beb66a6802f9f0c9c8c5baf86
SHA256b675e9a7be32a9d91b1af0438625e972803f0702bf9d783fe563d06e23541085
SHA5120f0505f7db7a483b6a96ea664034378d173104fb47eb2ee2ef4868d95fdd5c28fe7080d6dfd10dd9b5dea3b819ae7ad1435591c96dc8a2de690d8b3ffc0219ae
-
Filesize
72KB
MD574c7e9ab6897b1d11ef3e917972075e2
SHA1707585e811801f5beb66a6802f9f0c9c8c5baf86
SHA256b675e9a7be32a9d91b1af0438625e972803f0702bf9d783fe563d06e23541085
SHA5120f0505f7db7a483b6a96ea664034378d173104fb47eb2ee2ef4868d95fdd5c28fe7080d6dfd10dd9b5dea3b819ae7ad1435591c96dc8a2de690d8b3ffc0219ae
-
Filesize
72KB
MD5ff8a95daaa8b3c87e003f3317193466a
SHA1c0c370541bc430a4858d286b65a04ffda8351a1a
SHA2566127b6e925890d79b82609683fd1d326cb5a26c408bebe5a19b1b6879b76a3d0
SHA512fc98c0a6272d85651847a73404d612d61ec317ab70f47d1933eb137d565a8957e526f1bd027d83c35df569df6ec927a4e053f24bb73d9c02299ee9a0ccad43ad
-
Filesize
72KB
MD574c7e9ab6897b1d11ef3e917972075e2
SHA1707585e811801f5beb66a6802f9f0c9c8c5baf86
SHA256b675e9a7be32a9d91b1af0438625e972803f0702bf9d783fe563d06e23541085
SHA5120f0505f7db7a483b6a96ea664034378d173104fb47eb2ee2ef4868d95fdd5c28fe7080d6dfd10dd9b5dea3b819ae7ad1435591c96dc8a2de690d8b3ffc0219ae
-
Filesize
72KB
MD5e1273a402e1880bfa09a606bb87d7bf3
SHA1dcf1863106724b53be1224d202e5cad3bc9064a5
SHA256a4644e1a52fec1c2894f72ba9bf00a4202fb98e03c8f2b8911b68c36d6dc03ea
SHA5126220f4ffc4278f24e0864176e0f252d5f20b572e0906e721a7ca5b18756ace61889acb6a3689e860fc3e6825532e7e1cc405266d195561387c075d26f73c6433
-
Filesize
72KB
MD5e1273a402e1880bfa09a606bb87d7bf3
SHA1dcf1863106724b53be1224d202e5cad3bc9064a5
SHA256a4644e1a52fec1c2894f72ba9bf00a4202fb98e03c8f2b8911b68c36d6dc03ea
SHA5126220f4ffc4278f24e0864176e0f252d5f20b572e0906e721a7ca5b18756ace61889acb6a3689e860fc3e6825532e7e1cc405266d195561387c075d26f73c6433
-
Filesize
72KB
MD556fc6ffd923278e5af81756cf12695e1
SHA16c2d6d7fff86ab3964e2dbef49952e9f98c81efc
SHA2565365820d266ffcd3c7d8abd9970f787c4adfa6dd898bb6ef6fa64898b26044a1
SHA5122cb9963e0c890fb6e4a1e4e6fa6928b86ad72e2923cdcfea7bbb320ff89acab9616ee76605ec0517c31668ad199b4e776a9fc408f932a3dee3b13f9d9fbe97be
-
Filesize
72KB
MD556fc6ffd923278e5af81756cf12695e1
SHA16c2d6d7fff86ab3964e2dbef49952e9f98c81efc
SHA2565365820d266ffcd3c7d8abd9970f787c4adfa6dd898bb6ef6fa64898b26044a1
SHA5122cb9963e0c890fb6e4a1e4e6fa6928b86ad72e2923cdcfea7bbb320ff89acab9616ee76605ec0517c31668ad199b4e776a9fc408f932a3dee3b13f9d9fbe97be
-
Filesize
72KB
MD5f4625a9d42aa23e93b2c2df5987eb92f
SHA114b0eb840f4031633ceeb080582cea0437c39ee5
SHA25609d868d5229b4e424b7927666924902a59420a54b9983c3816f16b80a2b0e5a6
SHA51235d3d3a88670155314d85a6c0143e4b93f61bd818bbf9b27e927d972b7805d9241ca8b9f60b51cee8e67df24617502ddd9d7c783da61533df739777540fb6290
-
Filesize
72KB
MD5f4625a9d42aa23e93b2c2df5987eb92f
SHA114b0eb840f4031633ceeb080582cea0437c39ee5
SHA25609d868d5229b4e424b7927666924902a59420a54b9983c3816f16b80a2b0e5a6
SHA51235d3d3a88670155314d85a6c0143e4b93f61bd818bbf9b27e927d972b7805d9241ca8b9f60b51cee8e67df24617502ddd9d7c783da61533df739777540fb6290
-
Filesize
72KB
MD5f4625a9d42aa23e93b2c2df5987eb92f
SHA114b0eb840f4031633ceeb080582cea0437c39ee5
SHA25609d868d5229b4e424b7927666924902a59420a54b9983c3816f16b80a2b0e5a6
SHA51235d3d3a88670155314d85a6c0143e4b93f61bd818bbf9b27e927d972b7805d9241ca8b9f60b51cee8e67df24617502ddd9d7c783da61533df739777540fb6290
-
Filesize
72KB
MD5f4625a9d42aa23e93b2c2df5987eb92f
SHA114b0eb840f4031633ceeb080582cea0437c39ee5
SHA25609d868d5229b4e424b7927666924902a59420a54b9983c3816f16b80a2b0e5a6
SHA51235d3d3a88670155314d85a6c0143e4b93f61bd818bbf9b27e927d972b7805d9241ca8b9f60b51cee8e67df24617502ddd9d7c783da61533df739777540fb6290
-
Filesize
72KB
MD5f4625a9d42aa23e93b2c2df5987eb92f
SHA114b0eb840f4031633ceeb080582cea0437c39ee5
SHA25609d868d5229b4e424b7927666924902a59420a54b9983c3816f16b80a2b0e5a6
SHA51235d3d3a88670155314d85a6c0143e4b93f61bd818bbf9b27e927d972b7805d9241ca8b9f60b51cee8e67df24617502ddd9d7c783da61533df739777540fb6290
-
Filesize
72KB
MD5f25f5852134ef08a4bd30452dd353895
SHA17e14c70ecbee67dd49812b82ea4f704a4e42e932
SHA2563e4819f2ad7bead33f007bb0c763c281576744fabcff92d1b65a019f4bb142cc
SHA512477deefeace3f59af97221093ab3550885934f5d170e0eda30bbf9cfd2f1ce3b984bca5361e055b40941ea538358bd4bc0348d4504bef3647f338446922d0fb5
-
Filesize
72KB
MD5f25f5852134ef08a4bd30452dd353895
SHA17e14c70ecbee67dd49812b82ea4f704a4e42e932
SHA2563e4819f2ad7bead33f007bb0c763c281576744fabcff92d1b65a019f4bb142cc
SHA512477deefeace3f59af97221093ab3550885934f5d170e0eda30bbf9cfd2f1ce3b984bca5361e055b40941ea538358bd4bc0348d4504bef3647f338446922d0fb5
-
Filesize
72KB
MD5f25f5852134ef08a4bd30452dd353895
SHA17e14c70ecbee67dd49812b82ea4f704a4e42e932
SHA2563e4819f2ad7bead33f007bb0c763c281576744fabcff92d1b65a019f4bb142cc
SHA512477deefeace3f59af97221093ab3550885934f5d170e0eda30bbf9cfd2f1ce3b984bca5361e055b40941ea538358bd4bc0348d4504bef3647f338446922d0fb5
-
Filesize
72KB
MD5f25f5852134ef08a4bd30452dd353895
SHA17e14c70ecbee67dd49812b82ea4f704a4e42e932
SHA2563e4819f2ad7bead33f007bb0c763c281576744fabcff92d1b65a019f4bb142cc
SHA512477deefeace3f59af97221093ab3550885934f5d170e0eda30bbf9cfd2f1ce3b984bca5361e055b40941ea538358bd4bc0348d4504bef3647f338446922d0fb5
-
Filesize
72KB
MD5f25f5852134ef08a4bd30452dd353895
SHA17e14c70ecbee67dd49812b82ea4f704a4e42e932
SHA2563e4819f2ad7bead33f007bb0c763c281576744fabcff92d1b65a019f4bb142cc
SHA512477deefeace3f59af97221093ab3550885934f5d170e0eda30bbf9cfd2f1ce3b984bca5361e055b40941ea538358bd4bc0348d4504bef3647f338446922d0fb5
-
Filesize
72KB
MD5c1eae1df3583e71e04f26ebcf60ecf65
SHA181d92071aa9b1a94222d29a3092a3485ed69ed66
SHA256cd498925cf036a49ce36f3187560373cec894af9e63c6d322055f3f9c0dad350
SHA512b5264dc004bee7b9be86b7c7f1716e0d4d6860baf866850df053cd1e387f98cc7184bb47a701fba2b3bab57b40f714c2d307c53780d348fe41639fb910344abf
-
Filesize
72KB
MD5c1eae1df3583e71e04f26ebcf60ecf65
SHA181d92071aa9b1a94222d29a3092a3485ed69ed66
SHA256cd498925cf036a49ce36f3187560373cec894af9e63c6d322055f3f9c0dad350
SHA512b5264dc004bee7b9be86b7c7f1716e0d4d6860baf866850df053cd1e387f98cc7184bb47a701fba2b3bab57b40f714c2d307c53780d348fe41639fb910344abf
-
Filesize
72KB
MD5c1eae1df3583e71e04f26ebcf60ecf65
SHA181d92071aa9b1a94222d29a3092a3485ed69ed66
SHA256cd498925cf036a49ce36f3187560373cec894af9e63c6d322055f3f9c0dad350
SHA512b5264dc004bee7b9be86b7c7f1716e0d4d6860baf866850df053cd1e387f98cc7184bb47a701fba2b3bab57b40f714c2d307c53780d348fe41639fb910344abf
-
Filesize
72KB
MD5c1eae1df3583e71e04f26ebcf60ecf65
SHA181d92071aa9b1a94222d29a3092a3485ed69ed66
SHA256cd498925cf036a49ce36f3187560373cec894af9e63c6d322055f3f9c0dad350
SHA512b5264dc004bee7b9be86b7c7f1716e0d4d6860baf866850df053cd1e387f98cc7184bb47a701fba2b3bab57b40f714c2d307c53780d348fe41639fb910344abf
-
Filesize
72KB
MD5c1eae1df3583e71e04f26ebcf60ecf65
SHA181d92071aa9b1a94222d29a3092a3485ed69ed66
SHA256cd498925cf036a49ce36f3187560373cec894af9e63c6d322055f3f9c0dad350
SHA512b5264dc004bee7b9be86b7c7f1716e0d4d6860baf866850df053cd1e387f98cc7184bb47a701fba2b3bab57b40f714c2d307c53780d348fe41639fb910344abf
-
Filesize
72KB
MD52197f2f2db47a1bfc55c24a21221150a
SHA18512d35ec7e8da993fc8541b3039e8cfcb928578
SHA256b7f4b8cd82bbab65b09205fc095f324f7ed7cbf18eeaf40db3cd38d5516d889a
SHA512a8c3303ad2117dc319e10763e0d3aecc410a8a3101f4e6f17811b1395098f13485a74671b0f47a2632be76e7070e4aa041b3e2daa21d0c9a1215e1547ce0edad
-
Filesize
72KB
MD52197f2f2db47a1bfc55c24a21221150a
SHA18512d35ec7e8da993fc8541b3039e8cfcb928578
SHA256b7f4b8cd82bbab65b09205fc095f324f7ed7cbf18eeaf40db3cd38d5516d889a
SHA512a8c3303ad2117dc319e10763e0d3aecc410a8a3101f4e6f17811b1395098f13485a74671b0f47a2632be76e7070e4aa041b3e2daa21d0c9a1215e1547ce0edad
-
Filesize
72KB
MD52197f2f2db47a1bfc55c24a21221150a
SHA18512d35ec7e8da993fc8541b3039e8cfcb928578
SHA256b7f4b8cd82bbab65b09205fc095f324f7ed7cbf18eeaf40db3cd38d5516d889a
SHA512a8c3303ad2117dc319e10763e0d3aecc410a8a3101f4e6f17811b1395098f13485a74671b0f47a2632be76e7070e4aa041b3e2daa21d0c9a1215e1547ce0edad
-
Filesize
72KB
MD5956456d1219cdd3146ee9851a4f70d5b
SHA16639ab612827f69d360ecdd5b64fa8d72cc4f538
SHA256f79735f7585c7b9e37e614f427ed021512ec072bd90203f579e006e7f70b9705
SHA512aa598a74ccd8e105b8f3eb74156816e4547d2c8ca829a1e75ab87d552c788308c612f2b5199dcd3867dd3ef3437ae3ad02397840bae87510e84182707bd1a6df
-
Filesize
72KB
MD5956456d1219cdd3146ee9851a4f70d5b
SHA16639ab612827f69d360ecdd5b64fa8d72cc4f538
SHA256f79735f7585c7b9e37e614f427ed021512ec072bd90203f579e006e7f70b9705
SHA512aa598a74ccd8e105b8f3eb74156816e4547d2c8ca829a1e75ab87d552c788308c612f2b5199dcd3867dd3ef3437ae3ad02397840bae87510e84182707bd1a6df
-
Filesize
72KB
MD5956456d1219cdd3146ee9851a4f70d5b
SHA16639ab612827f69d360ecdd5b64fa8d72cc4f538
SHA256f79735f7585c7b9e37e614f427ed021512ec072bd90203f579e006e7f70b9705
SHA512aa598a74ccd8e105b8f3eb74156816e4547d2c8ca829a1e75ab87d552c788308c612f2b5199dcd3867dd3ef3437ae3ad02397840bae87510e84182707bd1a6df
-
Filesize
72KB
MD5956456d1219cdd3146ee9851a4f70d5b
SHA16639ab612827f69d360ecdd5b64fa8d72cc4f538
SHA256f79735f7585c7b9e37e614f427ed021512ec072bd90203f579e006e7f70b9705
SHA512aa598a74ccd8e105b8f3eb74156816e4547d2c8ca829a1e75ab87d552c788308c612f2b5199dcd3867dd3ef3437ae3ad02397840bae87510e84182707bd1a6df
-
Filesize
72KB
MD5956456d1219cdd3146ee9851a4f70d5b
SHA16639ab612827f69d360ecdd5b64fa8d72cc4f538
SHA256f79735f7585c7b9e37e614f427ed021512ec072bd90203f579e006e7f70b9705
SHA512aa598a74ccd8e105b8f3eb74156816e4547d2c8ca829a1e75ab87d552c788308c612f2b5199dcd3867dd3ef3437ae3ad02397840bae87510e84182707bd1a6df
-
Filesize
72KB
MD5ff8a95daaa8b3c87e003f3317193466a
SHA1c0c370541bc430a4858d286b65a04ffda8351a1a
SHA2566127b6e925890d79b82609683fd1d326cb5a26c408bebe5a19b1b6879b76a3d0
SHA512fc98c0a6272d85651847a73404d612d61ec317ab70f47d1933eb137d565a8957e526f1bd027d83c35df569df6ec927a4e053f24bb73d9c02299ee9a0ccad43ad
-
Filesize
72KB
MD5ff8a95daaa8b3c87e003f3317193466a
SHA1c0c370541bc430a4858d286b65a04ffda8351a1a
SHA2566127b6e925890d79b82609683fd1d326cb5a26c408bebe5a19b1b6879b76a3d0
SHA512fc98c0a6272d85651847a73404d612d61ec317ab70f47d1933eb137d565a8957e526f1bd027d83c35df569df6ec927a4e053f24bb73d9c02299ee9a0ccad43ad
-
Filesize
72KB
MD534fed304386d1d757bc84a66226e5418
SHA188e376b08bda09a931e0b050ce923c80c733c56b
SHA256a3ce0076441b342dea002fc5470f580d9126bdcab9f5af3aad82cdf50779be12
SHA512005d4955e5dad3d653bcddc16a32db077063c69c5316375552453c48d6d7d588c0cd24131810a7160763323888ad9ce001cc8b0c2bdc626387271230d47ca910
-
Filesize
72KB
MD534fed304386d1d757bc84a66226e5418
SHA188e376b08bda09a931e0b050ce923c80c733c56b
SHA256a3ce0076441b342dea002fc5470f580d9126bdcab9f5af3aad82cdf50779be12
SHA512005d4955e5dad3d653bcddc16a32db077063c69c5316375552453c48d6d7d588c0cd24131810a7160763323888ad9ce001cc8b0c2bdc626387271230d47ca910
-
Filesize
72KB
MD534fed304386d1d757bc84a66226e5418
SHA188e376b08bda09a931e0b050ce923c80c733c56b
SHA256a3ce0076441b342dea002fc5470f580d9126bdcab9f5af3aad82cdf50779be12
SHA512005d4955e5dad3d653bcddc16a32db077063c69c5316375552453c48d6d7d588c0cd24131810a7160763323888ad9ce001cc8b0c2bdc626387271230d47ca910
-
Filesize
72KB
MD534fed304386d1d757bc84a66226e5418
SHA188e376b08bda09a931e0b050ce923c80c733c56b
SHA256a3ce0076441b342dea002fc5470f580d9126bdcab9f5af3aad82cdf50779be12
SHA512005d4955e5dad3d653bcddc16a32db077063c69c5316375552453c48d6d7d588c0cd24131810a7160763323888ad9ce001cc8b0c2bdc626387271230d47ca910
-
Filesize
72KB
MD574c7e9ab6897b1d11ef3e917972075e2
SHA1707585e811801f5beb66a6802f9f0c9c8c5baf86
SHA256b675e9a7be32a9d91b1af0438625e972803f0702bf9d783fe563d06e23541085
SHA5120f0505f7db7a483b6a96ea664034378d173104fb47eb2ee2ef4868d95fdd5c28fe7080d6dfd10dd9b5dea3b819ae7ad1435591c96dc8a2de690d8b3ffc0219ae
-
Filesize
72KB
MD574c7e9ab6897b1d11ef3e917972075e2
SHA1707585e811801f5beb66a6802f9f0c9c8c5baf86
SHA256b675e9a7be32a9d91b1af0438625e972803f0702bf9d783fe563d06e23541085
SHA5120f0505f7db7a483b6a96ea664034378d173104fb47eb2ee2ef4868d95fdd5c28fe7080d6dfd10dd9b5dea3b819ae7ad1435591c96dc8a2de690d8b3ffc0219ae
-
Filesize
72KB
MD574c7e9ab6897b1d11ef3e917972075e2
SHA1707585e811801f5beb66a6802f9f0c9c8c5baf86
SHA256b675e9a7be32a9d91b1af0438625e972803f0702bf9d783fe563d06e23541085
SHA5120f0505f7db7a483b6a96ea664034378d173104fb47eb2ee2ef4868d95fdd5c28fe7080d6dfd10dd9b5dea3b819ae7ad1435591c96dc8a2de690d8b3ffc0219ae
-
Filesize
72KB
MD574c7e9ab6897b1d11ef3e917972075e2
SHA1707585e811801f5beb66a6802f9f0c9c8c5baf86
SHA256b675e9a7be32a9d91b1af0438625e972803f0702bf9d783fe563d06e23541085
SHA5120f0505f7db7a483b6a96ea664034378d173104fb47eb2ee2ef4868d95fdd5c28fe7080d6dfd10dd9b5dea3b819ae7ad1435591c96dc8a2de690d8b3ffc0219ae
-
Filesize
72KB
MD5ff8a95daaa8b3c87e003f3317193466a
SHA1c0c370541bc430a4858d286b65a04ffda8351a1a
SHA2566127b6e925890d79b82609683fd1d326cb5a26c408bebe5a19b1b6879b76a3d0
SHA512fc98c0a6272d85651847a73404d612d61ec317ab70f47d1933eb137d565a8957e526f1bd027d83c35df569df6ec927a4e053f24bb73d9c02299ee9a0ccad43ad
-
Filesize
72KB
MD5ff8a95daaa8b3c87e003f3317193466a
SHA1c0c370541bc430a4858d286b65a04ffda8351a1a
SHA2566127b6e925890d79b82609683fd1d326cb5a26c408bebe5a19b1b6879b76a3d0
SHA512fc98c0a6272d85651847a73404d612d61ec317ab70f47d1933eb137d565a8957e526f1bd027d83c35df569df6ec927a4e053f24bb73d9c02299ee9a0ccad43ad
-
Filesize
72KB
MD574c7e9ab6897b1d11ef3e917972075e2
SHA1707585e811801f5beb66a6802f9f0c9c8c5baf86
SHA256b675e9a7be32a9d91b1af0438625e972803f0702bf9d783fe563d06e23541085
SHA5120f0505f7db7a483b6a96ea664034378d173104fb47eb2ee2ef4868d95fdd5c28fe7080d6dfd10dd9b5dea3b819ae7ad1435591c96dc8a2de690d8b3ffc0219ae
-
Filesize
72KB
MD574c7e9ab6897b1d11ef3e917972075e2
SHA1707585e811801f5beb66a6802f9f0c9c8c5baf86
SHA256b675e9a7be32a9d91b1af0438625e972803f0702bf9d783fe563d06e23541085
SHA5120f0505f7db7a483b6a96ea664034378d173104fb47eb2ee2ef4868d95fdd5c28fe7080d6dfd10dd9b5dea3b819ae7ad1435591c96dc8a2de690d8b3ffc0219ae
-
Filesize
72KB
MD5e1273a402e1880bfa09a606bb87d7bf3
SHA1dcf1863106724b53be1224d202e5cad3bc9064a5
SHA256a4644e1a52fec1c2894f72ba9bf00a4202fb98e03c8f2b8911b68c36d6dc03ea
SHA5126220f4ffc4278f24e0864176e0f252d5f20b572e0906e721a7ca5b18756ace61889acb6a3689e860fc3e6825532e7e1cc405266d195561387c075d26f73c6433
-
Filesize
72KB
MD5e1273a402e1880bfa09a606bb87d7bf3
SHA1dcf1863106724b53be1224d202e5cad3bc9064a5
SHA256a4644e1a52fec1c2894f72ba9bf00a4202fb98e03c8f2b8911b68c36d6dc03ea
SHA5126220f4ffc4278f24e0864176e0f252d5f20b572e0906e721a7ca5b18756ace61889acb6a3689e860fc3e6825532e7e1cc405266d195561387c075d26f73c6433
-
Filesize
72KB
MD5e1273a402e1880bfa09a606bb87d7bf3
SHA1dcf1863106724b53be1224d202e5cad3bc9064a5
SHA256a4644e1a52fec1c2894f72ba9bf00a4202fb98e03c8f2b8911b68c36d6dc03ea
SHA5126220f4ffc4278f24e0864176e0f252d5f20b572e0906e721a7ca5b18756ace61889acb6a3689e860fc3e6825532e7e1cc405266d195561387c075d26f73c6433
-
Filesize
72KB
MD5e1273a402e1880bfa09a606bb87d7bf3
SHA1dcf1863106724b53be1224d202e5cad3bc9064a5
SHA256a4644e1a52fec1c2894f72ba9bf00a4202fb98e03c8f2b8911b68c36d6dc03ea
SHA5126220f4ffc4278f24e0864176e0f252d5f20b572e0906e721a7ca5b18756ace61889acb6a3689e860fc3e6825532e7e1cc405266d195561387c075d26f73c6433
-
Filesize
72KB
MD5e1273a402e1880bfa09a606bb87d7bf3
SHA1dcf1863106724b53be1224d202e5cad3bc9064a5
SHA256a4644e1a52fec1c2894f72ba9bf00a4202fb98e03c8f2b8911b68c36d6dc03ea
SHA5126220f4ffc4278f24e0864176e0f252d5f20b572e0906e721a7ca5b18756ace61889acb6a3689e860fc3e6825532e7e1cc405266d195561387c075d26f73c6433
-
Filesize
8KB
-
Filesize
8KB