Analysis
-
max time kernel
246s -
max time network
283s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
03-12-2022 16:47
General
-
Target
ba7dca3221d441c1df00c3dedc4a0b1146d96ad15e367abce1f8602798ca054b.exe
-
Size
72KB
-
MD5
075970d46a79e133713fbe1dc6252b4f
-
SHA1
b21a9c4f518b2e5f0e67c07fbcf21fb6734fcaac
-
SHA256
ba7dca3221d441c1df00c3dedc4a0b1146d96ad15e367abce1f8602798ca054b
-
SHA512
34c9ab00b13c46acbb1708485d9946d72184c3782d6035aedc03d2b877e18855d40f987a4e1afe3ee7729b43fceb13c5604a99d9b0bffc90d456a853fde7499a
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2i:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrP2
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 11 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ba7dca3221d441c1df00c3dedc4a0b1146d96ad15e367abce1f8602798ca054b.exe"C:\Users\Admin\AppData\Local\Temp\ba7dca3221d441c1df00c3dedc4a0b1146d96ad15e367abce1f8602798ca054b.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3272947263\backup.exeC:\Users\Admin\AppData\Local\Temp\3272947263\backup.exe C:\Users\Admin\AppData\Local\Temp\3272947263\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\backup.exe\backup.exe \3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\odt\backup.exeC:\odt\backup.exe C:\odt\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\DESIGNER\backup.exe"C:\Program Files\Common Files\DESIGNER\backup.exe" C:\Program Files\Common Files\DESIGNER\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\backup.exe"C:\Program Files\Common Files\microsoft shared\backup.exe" C:\Program Files\Common Files\microsoft shared\6⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe"C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe" C:\Program Files\Common Files\microsoft shared\ClickToRun\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ar-SA\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\bg-BG\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\da-DK\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\de-DE\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\el-GR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\en-GB\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
-
-
C:\Program Files\Common Files\microsoft shared\ink\en-US\update.exe"C:\Program Files\Common Files\microsoft shared\ink\en-US\update.exe" C:\Program Files\Common Files\microsoft shared\ink\en-US\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\es-MX\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\es-MX\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\es-MX\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\et-EE\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fi-FI\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fr-CA\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fr-CA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-CA\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-FR\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\8⤵
-
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\System Restore.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\System Restore.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\microsoft shared\OFFICE16\System Restore.exe"C:\Program Files\Common Files\microsoft shared\OFFICE16\System Restore.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\backup.exe"C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\backup.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\8⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\7⤵
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\Source Engine\backup.exe"C:\Program Files\Common Files\microsoft shared\Source Engine\backup.exe" C:\Program Files\Common Files\microsoft shared\Source Engine\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\Stationery\update.exe"C:\Program Files\Common Files\microsoft shared\Stationery\update.exe" C:\Program Files\Common Files\microsoft shared\Stationery\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\TextConv\backup.exe"C:\Program Files\Common Files\microsoft shared\TextConv\backup.exe" C:\Program Files\Common Files\microsoft shared\TextConv\7⤵
-
C:\Program Files\Common Files\microsoft shared\TextConv\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\TextConv\en-US\8⤵
-
-
-
C:\Program Files\Common Files\microsoft shared\Triedit\data.exe"C:\Program Files\Common Files\microsoft shared\Triedit\data.exe" C:\Program Files\Common Files\microsoft shared\Triedit\7⤵
-
C:\Program Files\Common Files\microsoft shared\Triedit\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\Triedit\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\Triedit\en-US\8⤵
-
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
-
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
-
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
-
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\data.exe"C:\Program Files\Google\Chrome\data.exe" C:\Program Files\Google\Chrome\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\8⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\9⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\data.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\data.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\10⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
-
C:\Program Files\Google\Chrome\Application\SetupMetrics\update.exe"C:\Program Files\Google\Chrome\Application\SetupMetrics\update.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\de-DE\backup.exe"C:\Program Files\Internet Explorer\de-DE\backup.exe" C:\Program Files\Internet Explorer\de-DE\6⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Internet Explorer\en-US\backup.exe"C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Internet Explorer\es-ES\backup.exe"C:\Program Files\Internet Explorer\es-ES\backup.exe" C:\Program Files\Internet Explorer\es-ES\6⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Internet Explorer\fr-FR\backup.exe"C:\Program Files\Internet Explorer\fr-FR\backup.exe" C:\Program Files\Internet Explorer\fr-FR\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Internet Explorer\images\backup.exe"C:\Program Files\Internet Explorer\images\backup.exe" C:\Program Files\Internet Explorer\images\6⤵
-
-
C:\Program Files\Internet Explorer\it-IT\backup.exe"C:\Program Files\Internet Explorer\it-IT\backup.exe" C:\Program Files\Internet Explorer\it-IT\6⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Internet Explorer\ja-JP\backup.exe"C:\Program Files\Internet Explorer\ja-JP\backup.exe" C:\Program Files\Internet Explorer\ja-JP\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Internet Explorer\SIGNUP\backup.exe"C:\Program Files\Internet Explorer\SIGNUP\backup.exe" C:\Program Files\Internet Explorer\SIGNUP\6⤵
-
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Java\jdk1.8.0_66\backup.exe"C:\Program Files\Java\jdk1.8.0_66\backup.exe" C:\Program Files\Java\jdk1.8.0_66\6⤵
-
C:\Program Files\Java\jdk1.8.0_66\db\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\7⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Java\jdk1.8.0_66\db\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\bin\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Java\jdk1.8.0_66\db\lib\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\lib\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\lib\8⤵
-
-
-
C:\Program Files\Java\jdk1.8.0_66\bin\data.exe"C:\Program Files\Java\jdk1.8.0_66\bin\data.exe" C:\Program Files\Java\jdk1.8.0_66\bin\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Java\jdk1.8.0_66\include\backup.exe"C:\Program Files\Java\jdk1.8.0_66\include\backup.exe" C:\Program Files\Java\jdk1.8.0_66\include\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\include\win32\backup.exe"C:\Program Files\Java\jdk1.8.0_66\include\win32\backup.exe" C:\Program Files\Java\jdk1.8.0_66\include\win32\8⤵
-
C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\backup.exe"C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\backup.exe" C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\9⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\7⤵
-
C:\Program Files\Java\jdk1.8.0_66\jre\bin\data.exe"C:\Program Files\Java\jdk1.8.0_66\jre\bin\data.exe" C:\Program Files\Java\jdk1.8.0_66\jre\bin\8⤵
-
-
-
-
C:\Program Files\Java\jre1.8.0_66\data.exe"C:\Program Files\Java\jre1.8.0_66\data.exe" C:\Program Files\Java\jre1.8.0_66\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Java\jre1.8.0_66\bin\update.exe"C:\Program Files\Java\jre1.8.0_66\bin\update.exe" C:\Program Files\Java\jre1.8.0_66\bin\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\backup.exe"C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\backup.exe" C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\8⤵
-
-
-
-
-
C:\Program Files\Microsoft Office\backup.exe"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Microsoft Office\Office16\backup.exe"C:\Program Files\Microsoft Office\Office16\backup.exe" C:\Program Files\Microsoft Office\Office16\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Microsoft Office\root\backup.exe"C:\Program Files\Microsoft Office\root\backup.exe" C:\Program Files\Microsoft Office\root\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Microsoft Office\root\Client\update.exe"C:\Program Files\Microsoft Office\root\Client\update.exe" C:\Program Files\Microsoft Office\root\Client\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Microsoft Office\root\Document Themes 16\backup.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\7⤵
- System policy modification
-
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\backup.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\8⤵
-
-
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\backup.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\8⤵
-
-
-
-
C:\Program Files\Microsoft Office\PackageManifests\backup.exe"C:\Program Files\Microsoft Office\PackageManifests\backup.exe" C:\Program Files\Microsoft Office\PackageManifests\6⤵
-
-
C:\Program Files\Microsoft Office\Updates\backup.exe"C:\Program Files\Microsoft Office\Updates\backup.exe" C:\Program Files\Microsoft Office\Updates\6⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Microsoft Office\Updates\Apply\backup.exe"C:\Program Files\Microsoft Office\Updates\Apply\backup.exe" C:\Program Files\Microsoft Office\Updates\Apply\7⤵
-
C:\Program Files\Microsoft Office\Updates\Apply\FilesInUse\backup.exe"C:\Program Files\Microsoft Office\Updates\Apply\FilesInUse\backup.exe" C:\Program Files\Microsoft Office\Updates\Apply\FilesInUse\8⤵
-
-
-
-
-
C:\Program Files\Microsoft Office 15\backup.exe"C:\Program Files\Microsoft Office 15\backup.exe" C:\Program Files\Microsoft Office 15\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Microsoft Office 15\ClientX64\backup.exe"C:\Program Files\Microsoft Office 15\ClientX64\backup.exe" C:\Program Files\Microsoft Office 15\ClientX64\6⤵
-
-
-
C:\Program Files\Mozilla Firefox\backup.exe"C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\5⤵
-
C:\Program Files\Mozilla Firefox\browser\backup.exe"C:\Program Files\Mozilla Firefox\browser\backup.exe" C:\Program Files\Mozilla Firefox\browser\6⤵
-
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\6⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\data.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\9⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\9⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\8⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\9⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\8⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\8⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\9⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\10⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\10⤵
-
-
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\7⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\System Restore.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\System Restore.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\9⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\8⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\9⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\10⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\data.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\10⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\11⤵
-
-
-
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\7⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
- Drops file in Program Files directory
-
-
C:\Program Files (x86)\Common Files\Adobe\ARM\backup.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\backup.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\backup.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\8⤵
- System policy modification
-
-
-
C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe"C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\7⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\8⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\9⤵
-
-
-
-
-
C:\Program Files (x86)\Common Files\Java\backup.exe"C:\Program Files (x86)\Common Files\Java\backup.exe" C:\Program Files (x86)\Common Files\Java\6⤵
-
C:\Program Files (x86)\Common Files\Java\Java Update\backup.exe"C:\Program Files (x86)\Common Files\Java\Java Update\backup.exe" C:\Program Files (x86)\Common Files\Java\Java Update\7⤵
-
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\6⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\System Restore.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\System Restore.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\7⤵
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\7⤵
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\7⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\8⤵
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\8⤵
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\8⤵
-
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\8⤵
-
-
-
-
C:\Program Files (x86)\Common Files\Services\backup.exe"C:\Program Files (x86)\Common Files\Services\backup.exe" C:\Program Files (x86)\Common Files\Services\6⤵
-
-
C:\Program Files (x86)\Common Files\System\backup.exe"C:\Program Files (x86)\Common Files\System\backup.exe" C:\Program Files (x86)\Common Files\System\6⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\System\ado\backup.exe"C:\Program Files (x86)\Common Files\System\ado\backup.exe" C:\Program Files (x86)\Common Files\System\ado\7⤵
-
C:\Program Files (x86)\Common Files\System\ado\de-DE\backup.exe"C:\Program Files (x86)\Common Files\System\ado\de-DE\backup.exe" C:\Program Files (x86)\Common Files\System\ado\de-DE\8⤵
-
-
C:\Program Files (x86)\Common Files\System\ado\en-US\backup.exe"C:\Program Files (x86)\Common Files\System\ado\en-US\backup.exe" C:\Program Files (x86)\Common Files\System\ado\en-US\8⤵
-
-
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files (x86)\Google\Policies\backup.exe"C:\Program Files (x86)\Google\Policies\backup.exe" C:\Program Files (x86)\Google\Policies\6⤵
- System policy modification
-
-
C:\Program Files (x86)\Google\CrashReports\backup.exe"C:\Program Files (x86)\Google\CrashReports\backup.exe" C:\Program Files (x86)\Google\CrashReports\6⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Google\Temp\backup.exe"C:\Program Files (x86)\Google\Temp\backup.exe" C:\Program Files (x86)\Google\Temp\6⤵
- System policy modification
-
-
C:\Program Files (x86)\Google\Update\backup.exe"C:\Program Files (x86)\Google\Update\backup.exe" C:\Program Files (x86)\Google\Update\6⤵
-
C:\Program Files (x86)\Google\Update\1.3.36.71\backup.exe"C:\Program Files (x86)\Google\Update\1.3.36.71\backup.exe" C:\Program Files (x86)\Google\Update\1.3.36.71\7⤵
-
-
C:\Program Files (x86)\Google\Update\Download\backup.exe"C:\Program Files (x86)\Google\Update\Download\backup.exe" C:\Program Files (x86)\Google\Update\Download\7⤵
-
-
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Internet Explorer\en-US\backup.exe"C:\Program Files (x86)\Internet Explorer\en-US\backup.exe" C:\Program Files (x86)\Internet Explorer\en-US\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe"C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe" C:\Program Files (x86)\Internet Explorer\es-ES\6⤵
- System policy modification
-
-
C:\Program Files (x86)\Internet Explorer\fr-FR\data.exe"C:\Program Files (x86)\Internet Explorer\fr-FR\data.exe" C:\Program Files (x86)\Internet Explorer\fr-FR\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\images\backup.exe"C:\Program Files (x86)\Internet Explorer\images\backup.exe" C:\Program Files (x86)\Internet Explorer\images\6⤵
-
-
-
C:\Program Files (x86)\Microsoft\backup.exe"C:\Program Files (x86)\Microsoft\backup.exe" C:\Program Files (x86)\Microsoft\5⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\backup.exe"C:\Program Files (x86)\Microsoft\Edge\backup.exe" C:\Program Files (x86)\Microsoft\Edge\6⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\7⤵
-
-
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\3D Objects\backup.exe"C:\Users\Admin\3D Objects\backup.exe" C:\Users\Admin\3D Objects\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Favorites\backup.exeC:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Links\backup.exeC:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Music\backup.exeC:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\OneDrive\backup.exeC:\Users\Admin\OneDrive\backup.exe C:\Users\Admin\OneDrive\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Pictures\backup.exeC:\Users\Admin\Pictures\backup.exe C:\Users\Admin\Pictures\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Pictures\Camera Roll\backup.exe"C:\Users\Admin\Pictures\Camera Roll\backup.exe" C:\Users\Admin\Pictures\Camera Roll\7⤵
-
-
C:\Users\Admin\Pictures\Saved Pictures\System Restore.exe"C:\Users\Admin\Pictures\Saved Pictures\System Restore.exe" C:\Users\Admin\Pictures\Saved Pictures\7⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
-
C:\Users\Admin\Saved Games\backup.exe"C:\Users\Admin\Saved Games\backup.exe" C:\Users\Admin\Saved Games\6⤵
-
-
C:\Users\Admin\Searches\backup.exeC:\Users\Admin\Searches\backup.exe C:\Users\Admin\Searches\6⤵
- System policy modification
-
-
C:\Users\Admin\Videos\backup.exeC:\Users\Admin\Videos\backup.exe C:\Users\Admin\Videos\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Public\Downloads\backup.exeC:\Users\Public\Downloads\backup.exe C:\Users\Public\Downloads\6⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Users\Public\Music\backup.exeC:\Users\Public\Music\backup.exe C:\Users\Public\Music\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Public\Videos\System Restore.exe"C:\Users\Public\Videos\System Restore.exe" C:\Users\Public\Videos\6⤵
-
-
C:\Users\Public\Pictures\backup.exeC:\Users\Public\Pictures\backup.exe C:\Users\Public\Pictures\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\appcompat\backup.exeC:\Windows\appcompat\backup.exe C:\Windows\appcompat\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Windows directory
-
C:\Windows\appcompat\appraiser\backup.exeC:\Windows\appcompat\appraiser\backup.exe C:\Windows\appcompat\appraiser\6⤵
- Drops file in Windows directory
-
-
C:\Windows\appcompat\encapsulation\backup.exeC:\Windows\appcompat\encapsulation\backup.exe C:\Windows\appcompat\encapsulation\6⤵
-
-
C:\Windows\appcompat\Programs\backup.exeC:\Windows\appcompat\Programs\backup.exe C:\Windows\appcompat\Programs\6⤵
-
-
-
C:\Windows\apppatch\backup.exeC:\Windows\apppatch\backup.exe C:\Windows\apppatch\5⤵
- Drops file in Windows directory
- System policy modification
-
C:\Windows\apppatch\AppPatch64\backup.exeC:\Windows\apppatch\AppPatch64\backup.exe C:\Windows\apppatch\AppPatch64\6⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\apppatch\Custom\backup.exeC:\Windows\apppatch\Custom\backup.exe C:\Windows\apppatch\Custom\6⤵
- Disables RegEdit via registry modification
- Drops file in Windows directory
- System policy modification
-
C:\Windows\apppatch\Custom\Custom64\backup.exeC:\Windows\apppatch\Custom\Custom64\backup.exe C:\Windows\apppatch\Custom\Custom64\7⤵
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exeC:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe C:\Users\Admin\AppData\Local\Temp\acrocef_low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\System Restore.exe"C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\System Restore.exe" C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Public\Documents\backup.exeC:\Users\Public\Documents\backup.exe C:\Users\Public\Documents\1⤵
- System policy modification
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\1⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\1⤵
-
C:\Windows\appcompat\appraiser\Telemetry\backup.exeC:\Windows\appcompat\appraiser\Telemetry\backup.exe C:\Windows\appcompat\appraiser\Telemetry\1⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\1⤵
- System policy modification
-
C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe"C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe" C:\Program Files (x86)\Internet Explorer\de-DE\1⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\1⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD55e383b5d0fa0ad59eebfec04992ec3d3
SHA13ef0ca774af163a4dbf7015aabaa838432471529
SHA256b28dd1eb089ef7d75de3a1e1ede5fc5ec2171d29ca21321a06352b5b5f7a6eca
SHA5123e7e0956543bc9753e7dc55f99abfa69daa3ff867cb2fdbce99599ad386a0a7fbaa620efc3602e499f3702e79b80584e84267313686b059a170eb176373a496b
-
Filesize
72KB
MD55e383b5d0fa0ad59eebfec04992ec3d3
SHA13ef0ca774af163a4dbf7015aabaa838432471529
SHA256b28dd1eb089ef7d75de3a1e1ede5fc5ec2171d29ca21321a06352b5b5f7a6eca
SHA5123e7e0956543bc9753e7dc55f99abfa69daa3ff867cb2fdbce99599ad386a0a7fbaa620efc3602e499f3702e79b80584e84267313686b059a170eb176373a496b
-
Filesize
72KB
MD561a02cc4756f4b8015cd5c3bbc884255
SHA1980439b7f504137be1b0d705a6b596cecfd0514d
SHA256f1b1da84d27588b5bd0a37ae7712d95d458d01b8a1552ecbb84d610b0d7dbfb1
SHA512c0afa788ea3504bb34ce97b5e0758e5e3a3b79187f8d53aeffeb98cc66723bf40532f6e273eed08e26625a4aac758d10c8e66ba9668d1892eb596281c6115db8
-
Filesize
72KB
MD561a02cc4756f4b8015cd5c3bbc884255
SHA1980439b7f504137be1b0d705a6b596cecfd0514d
SHA256f1b1da84d27588b5bd0a37ae7712d95d458d01b8a1552ecbb84d610b0d7dbfb1
SHA512c0afa788ea3504bb34ce97b5e0758e5e3a3b79187f8d53aeffeb98cc66723bf40532f6e273eed08e26625a4aac758d10c8e66ba9668d1892eb596281c6115db8
-
Filesize
72KB
MD506d9b428fa5c8dda06922938d3decb0c
SHA1a6df05fd325b194df680e0a26f815ec4260b5bfc
SHA2568f817571bae3d867a1e3695e68052705d3c892df256e8f0cdb3488de1e2e61d8
SHA5123768fb40be857ba0ef0145e32353a117aa11cc939261212b8cfde272206f7f8afc0b33ea79a0f11647f2a3bdcdeca99d4264ff68cf017a4ead78a47d063d9195
-
Filesize
72KB
MD506d9b428fa5c8dda06922938d3decb0c
SHA1a6df05fd325b194df680e0a26f815ec4260b5bfc
SHA2568f817571bae3d867a1e3695e68052705d3c892df256e8f0cdb3488de1e2e61d8
SHA5123768fb40be857ba0ef0145e32353a117aa11cc939261212b8cfde272206f7f8afc0b33ea79a0f11647f2a3bdcdeca99d4264ff68cf017a4ead78a47d063d9195
-
Filesize
72KB
MD5ba239fa3c28c80bd2b615419855559b5
SHA1ef57dfccab1b01a67049d21a726a3a2a0094b222
SHA2563b41f1158ccd190bc63e4372df38a490ea06dcab3a80afb7d9a8661e6ce11f6f
SHA512dae72b2a66c68d536a86b41dfbb577c4307899e8d34ac96e0cbfa1bcde799029df2211e6d30f870657162d93c55f5f8e3c86b78731262eccff76231e0813eb70
-
Filesize
72KB
MD5ba239fa3c28c80bd2b615419855559b5
SHA1ef57dfccab1b01a67049d21a726a3a2a0094b222
SHA2563b41f1158ccd190bc63e4372df38a490ea06dcab3a80afb7d9a8661e6ce11f6f
SHA512dae72b2a66c68d536a86b41dfbb577c4307899e8d34ac96e0cbfa1bcde799029df2211e6d30f870657162d93c55f5f8e3c86b78731262eccff76231e0813eb70
-
Filesize
72KB
MD5a27500ec4e2415ae8f67d28fd2b0b5e6
SHA15b15ee41ca625e3f9e28954a8e2d74749e5d2375
SHA256f0ce6b31231fff9eb59ff6923d112fbb0f44722e9f1538e3164fcb4a6ee4140d
SHA512348a1b7502f0ae79fb23a4d4b5776beac5c3c2b48ea66ae17136d85fd8429f33977aa98c8c5c716dfcff4ebe23a7f50f68ad6a922d06401b94121fd732b4aef0
-
Filesize
72KB
MD5a27500ec4e2415ae8f67d28fd2b0b5e6
SHA15b15ee41ca625e3f9e28954a8e2d74749e5d2375
SHA256f0ce6b31231fff9eb59ff6923d112fbb0f44722e9f1538e3164fcb4a6ee4140d
SHA512348a1b7502f0ae79fb23a4d4b5776beac5c3c2b48ea66ae17136d85fd8429f33977aa98c8c5c716dfcff4ebe23a7f50f68ad6a922d06401b94121fd732b4aef0
-
Filesize
72KB
MD5e6eacbf640635e0db50ccf6b55c66635
SHA1032ad6feb753a87a325f61c0ca1d3c22a9595144
SHA2568f0dbaf6c29ef4b4e8bafd789f4dfb31a19302ec0e26158e17139c32454a093b
SHA51287872d8c4b4492803833e2a974063875421027394626b6baef5b0423f61dac858597bb73424f7309d9265a7308cb16b4580145a70517ecb8daaa20134c067a74
-
Filesize
72KB
MD5e6eacbf640635e0db50ccf6b55c66635
SHA1032ad6feb753a87a325f61c0ca1d3c22a9595144
SHA2568f0dbaf6c29ef4b4e8bafd789f4dfb31a19302ec0e26158e17139c32454a093b
SHA51287872d8c4b4492803833e2a974063875421027394626b6baef5b0423f61dac858597bb73424f7309d9265a7308cb16b4580145a70517ecb8daaa20134c067a74
-
Filesize
72KB
MD5035fb5af998b47f9ce1b68f5acf7aa63
SHA1fb233d99f5819146454d25a2d84ee2fcbb28c702
SHA2562caf7025810578e0d6814bf6dc240d4db1996fe60e65259932a3f132ea8642b6
SHA512897ed94ef179216791502164dc7bc5032e704accfa755e75b7ff3db6435a5360e58000192f4a59c76d95cd644026a8e97884860b0c17be5966915ce1e58adf10
-
Filesize
72KB
MD5035fb5af998b47f9ce1b68f5acf7aa63
SHA1fb233d99f5819146454d25a2d84ee2fcbb28c702
SHA2562caf7025810578e0d6814bf6dc240d4db1996fe60e65259932a3f132ea8642b6
SHA512897ed94ef179216791502164dc7bc5032e704accfa755e75b7ff3db6435a5360e58000192f4a59c76d95cd644026a8e97884860b0c17be5966915ce1e58adf10
-
Filesize
72KB
MD5085d16d49beb66a3d41ead37b1de035e
SHA11bc8f76f74041c4e98fca9cca40101a473294e26
SHA2567f78360b6cf39790a4bc114f3dd0d0077eee45a2505a955897cbe75c1a43b0ed
SHA51231fa93ebed9e9afd3c8edd7688e48c36a593150913e1dbf863f1d9dd25d1fdbd7d6309ea168cb1348ea9beaab4068a371d60ae00b6320ea2d3083a6f868c27f6
-
Filesize
72KB
MD5085d16d49beb66a3d41ead37b1de035e
SHA11bc8f76f74041c4e98fca9cca40101a473294e26
SHA2567f78360b6cf39790a4bc114f3dd0d0077eee45a2505a955897cbe75c1a43b0ed
SHA51231fa93ebed9e9afd3c8edd7688e48c36a593150913e1dbf863f1d9dd25d1fdbd7d6309ea168cb1348ea9beaab4068a371d60ae00b6320ea2d3083a6f868c27f6
-
Filesize
72KB
MD5754eb66be23d018dbe291ac4c830e824
SHA1f9d7c0521058f827a5aa79b203bc957834e4ed48
SHA256f21a7d11515336ff7ab8657565d7886416538909c5c1739f40fddf351d1c1d62
SHA512c9625ea9c14e44adeb050bcf74a4326720c2f947c0e4e4c2cab58a4da32bc2fa5a43dd40830db74ed8dd087d92049f700843d9c12ee343b20d60ab8f23890827
-
Filesize
72KB
MD5754eb66be23d018dbe291ac4c830e824
SHA1f9d7c0521058f827a5aa79b203bc957834e4ed48
SHA256f21a7d11515336ff7ab8657565d7886416538909c5c1739f40fddf351d1c1d62
SHA512c9625ea9c14e44adeb050bcf74a4326720c2f947c0e4e4c2cab58a4da32bc2fa5a43dd40830db74ed8dd087d92049f700843d9c12ee343b20d60ab8f23890827
-
Filesize
72KB
MD56533c79b75757887376ba8f66ed18399
SHA1e45d92cc91515febf453150e82a55d85e163045b
SHA256d6b7a161298fc2cc6605cc3c0da5397adb183d0e89d8f31085aa2f805a0951a7
SHA512f968f0f8ef65df179ceb544d15ebd477f04b42d60ea841fc1ebfd20e2ed34d248dffc7679374075c7379849ba61b1c29c112ff8a7c8667ea0e7fa2a29c737c96
-
Filesize
72KB
MD56533c79b75757887376ba8f66ed18399
SHA1e45d92cc91515febf453150e82a55d85e163045b
SHA256d6b7a161298fc2cc6605cc3c0da5397adb183d0e89d8f31085aa2f805a0951a7
SHA512f968f0f8ef65df179ceb544d15ebd477f04b42d60ea841fc1ebfd20e2ed34d248dffc7679374075c7379849ba61b1c29c112ff8a7c8667ea0e7fa2a29c737c96
-
Filesize
72KB
MD541e1b924bf24843aa91f3dce488ca5d7
SHA17de9d98df4462a9db4152f65ffcbb065a0d438b2
SHA256b3ffabd02a9d74c778c5593529ee04d5493473e66ae1c6b5998654190b31ca93
SHA512256723a5dfb5347c097648e82666a7c29337223453941b570b90cfdaada1d61ebf8fbbaf7099dfd9b891c32916af05f7baf5a11aace26dba1af0fbf4b08bd743
-
Filesize
72KB
MD541e1b924bf24843aa91f3dce488ca5d7
SHA17de9d98df4462a9db4152f65ffcbb065a0d438b2
SHA256b3ffabd02a9d74c778c5593529ee04d5493473e66ae1c6b5998654190b31ca93
SHA512256723a5dfb5347c097648e82666a7c29337223453941b570b90cfdaada1d61ebf8fbbaf7099dfd9b891c32916af05f7baf5a11aace26dba1af0fbf4b08bd743
-
Filesize
72KB
MD5df93010c18d6df28e2e459c0302b76c0
SHA1dda718defd66849508794ddd4dcada31f16b6d6b
SHA256e02646a537fc708a866b55faa2a33d06d4e78bdbfb995180b2c53749867c9064
SHA5126572773407d4c15f643b3a7db961eb600dcf6e9bccb71023d03fe99021004e8803b56264f3b1ebd2b7e82895112597b5c024efddb607efe393b1993e911a100c
-
Filesize
72KB
MD5df93010c18d6df28e2e459c0302b76c0
SHA1dda718defd66849508794ddd4dcada31f16b6d6b
SHA256e02646a537fc708a866b55faa2a33d06d4e78bdbfb995180b2c53749867c9064
SHA5126572773407d4c15f643b3a7db961eb600dcf6e9bccb71023d03fe99021004e8803b56264f3b1ebd2b7e82895112597b5c024efddb607efe393b1993e911a100c
-
Filesize
72KB
MD56533c79b75757887376ba8f66ed18399
SHA1e45d92cc91515febf453150e82a55d85e163045b
SHA256d6b7a161298fc2cc6605cc3c0da5397adb183d0e89d8f31085aa2f805a0951a7
SHA512f968f0f8ef65df179ceb544d15ebd477f04b42d60ea841fc1ebfd20e2ed34d248dffc7679374075c7379849ba61b1c29c112ff8a7c8667ea0e7fa2a29c737c96
-
Filesize
72KB
MD56533c79b75757887376ba8f66ed18399
SHA1e45d92cc91515febf453150e82a55d85e163045b
SHA256d6b7a161298fc2cc6605cc3c0da5397adb183d0e89d8f31085aa2f805a0951a7
SHA512f968f0f8ef65df179ceb544d15ebd477f04b42d60ea841fc1ebfd20e2ed34d248dffc7679374075c7379849ba61b1c29c112ff8a7c8667ea0e7fa2a29c737c96
-
Filesize
72KB
MD56d6fff0c49befed34a0ebd5c4154e0bf
SHA17820ef6df28ff79c6af69ff3a48032f9fb4e6410
SHA25677d2ecff4d1814b31eb95915e145b0f8903fc48879585999ea1f7d2f88e9f5c3
SHA5120732fe24f49be1423dea0ad981682d85a464a5b27d83b4a3bb5271748ff541d91bf59687dc3ef61f7655bee180d0bf510360f52ca7cb092b26a10c40455e2bd6
-
Filesize
72KB
MD56d6fff0c49befed34a0ebd5c4154e0bf
SHA17820ef6df28ff79c6af69ff3a48032f9fb4e6410
SHA25677d2ecff4d1814b31eb95915e145b0f8903fc48879585999ea1f7d2f88e9f5c3
SHA5120732fe24f49be1423dea0ad981682d85a464a5b27d83b4a3bb5271748ff541d91bf59687dc3ef61f7655bee180d0bf510360f52ca7cb092b26a10c40455e2bd6
-
Filesize
72KB
MD51269bf86c77a1b8cfb3c2fa30aeb199b
SHA1df35c1c81aaf13f87ce3d3e6385bf352d4577794
SHA2567965eb0803a398ab8eb25fe0f689d69b43f7759c83012dbc54e2a1ae681dd593
SHA51224ba3c0f580b9d0c3156bc3d6dc002ed15c3571cd7cd71272351646e3e45ba778b388990acb41ddc03a72179c3d94060e62b018f394750961e78fdde53ee3b15
-
Filesize
72KB
MD51269bf86c77a1b8cfb3c2fa30aeb199b
SHA1df35c1c81aaf13f87ce3d3e6385bf352d4577794
SHA2567965eb0803a398ab8eb25fe0f689d69b43f7759c83012dbc54e2a1ae681dd593
SHA51224ba3c0f580b9d0c3156bc3d6dc002ed15c3571cd7cd71272351646e3e45ba778b388990acb41ddc03a72179c3d94060e62b018f394750961e78fdde53ee3b15
-
Filesize
72KB
MD5f53f166c0f6592d0635c0567e9b3d8ff
SHA12071579a15159f5474a977f8afd78c68e384d95c
SHA256a6e1d84621bb0ed42d34448e5ec59f94c432e3d07b7004a9d9210123985ac137
SHA5123c092c2e642d0cf395517f8401d54b8512c23e4375dbd54cfb1e8066dfcae752f2e172c9575cb273cb47559dad0477f1f998044f25ae97a01409c8b542257f49
-
Filesize
72KB
MD5f53f166c0f6592d0635c0567e9b3d8ff
SHA12071579a15159f5474a977f8afd78c68e384d95c
SHA256a6e1d84621bb0ed42d34448e5ec59f94c432e3d07b7004a9d9210123985ac137
SHA5123c092c2e642d0cf395517f8401d54b8512c23e4375dbd54cfb1e8066dfcae752f2e172c9575cb273cb47559dad0477f1f998044f25ae97a01409c8b542257f49
-
Filesize
72KB
MD53a34b44513e33cfe60b3bab5ed1f96d4
SHA1b9537517b78332ed03a4a8a630d17989070c52b6
SHA256f1e6529e66cd5ab6438b1c60349c8a5bec97c24b1444f5d100a441fa6eec6a8e
SHA5127e7dffc60b591c71e5ee5c9a74fc8ff338c6474c0c7fb4d55f09364405bb96f8b437f502fbb5d860729c0e2434c8a607faa6b72d4892ee9533d0305bf8ab936f
-
Filesize
72KB
MD53a34b44513e33cfe60b3bab5ed1f96d4
SHA1b9537517b78332ed03a4a8a630d17989070c52b6
SHA256f1e6529e66cd5ab6438b1c60349c8a5bec97c24b1444f5d100a441fa6eec6a8e
SHA5127e7dffc60b591c71e5ee5c9a74fc8ff338c6474c0c7fb4d55f09364405bb96f8b437f502fbb5d860729c0e2434c8a607faa6b72d4892ee9533d0305bf8ab936f
-
Filesize
72KB
MD5e54f37c62f81ec880b468cdf1a057212
SHA111b6ef726a9472217e93da9e2acbdad2e4d182d2
SHA256d21720c2f5301c88e1fa8a395c2b0d3de167ab7ff8b00472ae8bcb290a3ddd9a
SHA512d43fc5f3bc4ea8d9da5c0a0180cd5f142cc0b51d3ce657408a121debc1c81a08d8824eb499c6309c2b3017fefd374443fceed67433bbd1a21b98ca509506c39f
-
Filesize
72KB
MD5e54f37c62f81ec880b468cdf1a057212
SHA111b6ef726a9472217e93da9e2acbdad2e4d182d2
SHA256d21720c2f5301c88e1fa8a395c2b0d3de167ab7ff8b00472ae8bcb290a3ddd9a
SHA512d43fc5f3bc4ea8d9da5c0a0180cd5f142cc0b51d3ce657408a121debc1c81a08d8824eb499c6309c2b3017fefd374443fceed67433bbd1a21b98ca509506c39f
-
Filesize
72KB
MD5368960b5fe3e4f533d96df249688adfc
SHA10dab69975c76e44580f16a77cdcbeaa30cfb51e4
SHA256a6702718644908c7217fb47de7ba1a1057fc6718ff57e592a7123c398afa5b7a
SHA51299203441c02b856f9ab70a13de196e35bfc83bfe59c6f4bf2855cd21b392b5106b0044cd392a8109f2fb6cb92e26dcdf636a5938f9cd8e3e777d73f4fbab19da
-
Filesize
72KB
MD5368960b5fe3e4f533d96df249688adfc
SHA10dab69975c76e44580f16a77cdcbeaa30cfb51e4
SHA256a6702718644908c7217fb47de7ba1a1057fc6718ff57e592a7123c398afa5b7a
SHA51299203441c02b856f9ab70a13de196e35bfc83bfe59c6f4bf2855cd21b392b5106b0044cd392a8109f2fb6cb92e26dcdf636a5938f9cd8e3e777d73f4fbab19da
-
Filesize
72KB
MD5a0fbde2b5b890a1fed76df44ce0aedc3
SHA10eb93ddc4a55406a33a70c7ce1aa85a39ec470b8
SHA25685ee25ead6f80d0d97757de70597a16a1d9142c1ddc464422b8d3fb545b02e39
SHA512bfa40b30306f67f87239a94e9f9c0a44d8d51f873b67ccde8b54bfde22394654490be096d87ad66fb25c1a63155de74f5db550188b8d3800fa0394c53dcf1b8a
-
Filesize
72KB
MD5a0fbde2b5b890a1fed76df44ce0aedc3
SHA10eb93ddc4a55406a33a70c7ce1aa85a39ec470b8
SHA25685ee25ead6f80d0d97757de70597a16a1d9142c1ddc464422b8d3fb545b02e39
SHA512bfa40b30306f67f87239a94e9f9c0a44d8d51f873b67ccde8b54bfde22394654490be096d87ad66fb25c1a63155de74f5db550188b8d3800fa0394c53dcf1b8a
-
Filesize
72KB
MD592438b9a4e5b269fe3323bf5341a63fe
SHA12db054d798a38c9d9ba632647df75a36bf1a4469
SHA256396b5493978ec2907f7a3e4de72c0af10d0cd99fa541f327ece5942834711998
SHA512b909727e1971017136910fdbf516e5b7a8d1f013f9eb74565d45d4c097daf283f938d95a56296cd2981c1a6a1bb87d54756f658062f632da146bfd30a9b04fbc
-
Filesize
72KB
MD592438b9a4e5b269fe3323bf5341a63fe
SHA12db054d798a38c9d9ba632647df75a36bf1a4469
SHA256396b5493978ec2907f7a3e4de72c0af10d0cd99fa541f327ece5942834711998
SHA512b909727e1971017136910fdbf516e5b7a8d1f013f9eb74565d45d4c097daf283f938d95a56296cd2981c1a6a1bb87d54756f658062f632da146bfd30a9b04fbc
-
Filesize
72KB
MD57bff171a8ec65adab131f2d1edbe7467
SHA113920f0849288d70e7d5e89294d2bda6eae1fa60
SHA256da5b5f9f14b360b02ca565b9df20ffed14f3d0540ed563fa8859fd6bb09841ef
SHA51233dea6da381ff88022239d84ae3ada6cfa22e04e06c028a6361c555573d92fd6347a0651e26eefedc574e5d028b1625a6e4f2ec1d780064c5132312e1350c36e
-
Filesize
72KB
MD57bff171a8ec65adab131f2d1edbe7467
SHA113920f0849288d70e7d5e89294d2bda6eae1fa60
SHA256da5b5f9f14b360b02ca565b9df20ffed14f3d0540ed563fa8859fd6bb09841ef
SHA51233dea6da381ff88022239d84ae3ada6cfa22e04e06c028a6361c555573d92fd6347a0651e26eefedc574e5d028b1625a6e4f2ec1d780064c5132312e1350c36e
-
Filesize
72KB
MD57bff171a8ec65adab131f2d1edbe7467
SHA113920f0849288d70e7d5e89294d2bda6eae1fa60
SHA256da5b5f9f14b360b02ca565b9df20ffed14f3d0540ed563fa8859fd6bb09841ef
SHA51233dea6da381ff88022239d84ae3ada6cfa22e04e06c028a6361c555573d92fd6347a0651e26eefedc574e5d028b1625a6e4f2ec1d780064c5132312e1350c36e
-
Filesize
72KB
MD57bff171a8ec65adab131f2d1edbe7467
SHA113920f0849288d70e7d5e89294d2bda6eae1fa60
SHA256da5b5f9f14b360b02ca565b9df20ffed14f3d0540ed563fa8859fd6bb09841ef
SHA51233dea6da381ff88022239d84ae3ada6cfa22e04e06c028a6361c555573d92fd6347a0651e26eefedc574e5d028b1625a6e4f2ec1d780064c5132312e1350c36e
-
Filesize
72KB
MD57bff171a8ec65adab131f2d1edbe7467
SHA113920f0849288d70e7d5e89294d2bda6eae1fa60
SHA256da5b5f9f14b360b02ca565b9df20ffed14f3d0540ed563fa8859fd6bb09841ef
SHA51233dea6da381ff88022239d84ae3ada6cfa22e04e06c028a6361c555573d92fd6347a0651e26eefedc574e5d028b1625a6e4f2ec1d780064c5132312e1350c36e
-
Filesize
72KB
MD57bff171a8ec65adab131f2d1edbe7467
SHA113920f0849288d70e7d5e89294d2bda6eae1fa60
SHA256da5b5f9f14b360b02ca565b9df20ffed14f3d0540ed563fa8859fd6bb09841ef
SHA51233dea6da381ff88022239d84ae3ada6cfa22e04e06c028a6361c555573d92fd6347a0651e26eefedc574e5d028b1625a6e4f2ec1d780064c5132312e1350c36e
-
Filesize
72KB
MD592438b9a4e5b269fe3323bf5341a63fe
SHA12db054d798a38c9d9ba632647df75a36bf1a4469
SHA256396b5493978ec2907f7a3e4de72c0af10d0cd99fa541f327ece5942834711998
SHA512b909727e1971017136910fdbf516e5b7a8d1f013f9eb74565d45d4c097daf283f938d95a56296cd2981c1a6a1bb87d54756f658062f632da146bfd30a9b04fbc
-
Filesize
72KB
MD592438b9a4e5b269fe3323bf5341a63fe
SHA12db054d798a38c9d9ba632647df75a36bf1a4469
SHA256396b5493978ec2907f7a3e4de72c0af10d0cd99fa541f327ece5942834711998
SHA512b909727e1971017136910fdbf516e5b7a8d1f013f9eb74565d45d4c097daf283f938d95a56296cd2981c1a6a1bb87d54756f658062f632da146bfd30a9b04fbc
-
Filesize
72KB
MD592438b9a4e5b269fe3323bf5341a63fe
SHA12db054d798a38c9d9ba632647df75a36bf1a4469
SHA256396b5493978ec2907f7a3e4de72c0af10d0cd99fa541f327ece5942834711998
SHA512b909727e1971017136910fdbf516e5b7a8d1f013f9eb74565d45d4c097daf283f938d95a56296cd2981c1a6a1bb87d54756f658062f632da146bfd30a9b04fbc
-
Filesize
72KB
MD592438b9a4e5b269fe3323bf5341a63fe
SHA12db054d798a38c9d9ba632647df75a36bf1a4469
SHA256396b5493978ec2907f7a3e4de72c0af10d0cd99fa541f327ece5942834711998
SHA512b909727e1971017136910fdbf516e5b7a8d1f013f9eb74565d45d4c097daf283f938d95a56296cd2981c1a6a1bb87d54756f658062f632da146bfd30a9b04fbc
-
Filesize
72KB
MD5647f68ab41b263464c602bc77f0f78f6
SHA1ecbe2c44a3f3774a73445a9e4f87b00bed02345e
SHA25660ecda7525733dc4e1211dd997e5412462ac9e20cf08d0f5b735c19ca3257cb7
SHA5124552c64da88d6246929ecbed1dd63de474f94ce10d95025c142c6aa9a3bead441437c9f76b8f8af1505d1d277d286f2db78f257014b63db2440e2fa2a4fb7f67
-
Filesize
72KB
MD5647f68ab41b263464c602bc77f0f78f6
SHA1ecbe2c44a3f3774a73445a9e4f87b00bed02345e
SHA25660ecda7525733dc4e1211dd997e5412462ac9e20cf08d0f5b735c19ca3257cb7
SHA5124552c64da88d6246929ecbed1dd63de474f94ce10d95025c142c6aa9a3bead441437c9f76b8f8af1505d1d277d286f2db78f257014b63db2440e2fa2a4fb7f67
-
Filesize
72KB
MD5a0fbde2b5b890a1fed76df44ce0aedc3
SHA10eb93ddc4a55406a33a70c7ce1aa85a39ec470b8
SHA25685ee25ead6f80d0d97757de70597a16a1d9142c1ddc464422b8d3fb545b02e39
SHA512bfa40b30306f67f87239a94e9f9c0a44d8d51f873b67ccde8b54bfde22394654490be096d87ad66fb25c1a63155de74f5db550188b8d3800fa0394c53dcf1b8a
-
Filesize
72KB
MD5a0fbde2b5b890a1fed76df44ce0aedc3
SHA10eb93ddc4a55406a33a70c7ce1aa85a39ec470b8
SHA25685ee25ead6f80d0d97757de70597a16a1d9142c1ddc464422b8d3fb545b02e39
SHA512bfa40b30306f67f87239a94e9f9c0a44d8d51f873b67ccde8b54bfde22394654490be096d87ad66fb25c1a63155de74f5db550188b8d3800fa0394c53dcf1b8a
-
Filesize
72KB
MD5cae6fd2185d05dca12eb8622b38b5f0f
SHA1f6e3851bfeb2c1c0f1e6c265d2a1b29ba65d537e
SHA2568750e3f8d4ab90b8b0db1dc70f0626360fe085b1e6280befd7beadf7344c11be
SHA5126d4cfb22aa464fbe43083f91e629fdc2d74d4e951f47c49b0b6e10591ecc3aacbe3a80f398aef5925026f8eb76a2abb470423d65158a3410deeced58b4c9a0c2
-
Filesize
72KB
MD5cae6fd2185d05dca12eb8622b38b5f0f
SHA1f6e3851bfeb2c1c0f1e6c265d2a1b29ba65d537e
SHA2568750e3f8d4ab90b8b0db1dc70f0626360fe085b1e6280befd7beadf7344c11be
SHA5126d4cfb22aa464fbe43083f91e629fdc2d74d4e951f47c49b0b6e10591ecc3aacbe3a80f398aef5925026f8eb76a2abb470423d65158a3410deeced58b4c9a0c2
-
Filesize
72KB
MD516a77d344a07da335022d1fef0f2e00f
SHA1ee224c3dce12d21c59b66878aae5993b7ae31751
SHA2565328ac0423f3ba42a9bd155aa1c85344b301e684d3ee931ad5e313f4a4fcbe8a
SHA512f3396c44a356abe281df25c85b29f2e63d529ed11beeebb534f3b6579f339900b0f16fa457b3f79ddad18ff196c4eb5112c670ec0893cc1605ffac31332139ec
-
Filesize
72KB
MD516a77d344a07da335022d1fef0f2e00f
SHA1ee224c3dce12d21c59b66878aae5993b7ae31751
SHA2565328ac0423f3ba42a9bd155aa1c85344b301e684d3ee931ad5e313f4a4fcbe8a
SHA512f3396c44a356abe281df25c85b29f2e63d529ed11beeebb534f3b6579f339900b0f16fa457b3f79ddad18ff196c4eb5112c670ec0893cc1605ffac31332139ec
-
Filesize
72KB
MD5361a3263ab031f13803995549d44a714
SHA1da27db3c3ce2de00226bf10b108e95da0fad7f40
SHA2563dbb65d06201048019c7bcca2628224ec415c0c35b687b81f4cb2efd959403c3
SHA512250f16448e4414f268e70d63d8893dd9508b7acd622e31a30aad9636b6074126a5fd339aeb74d63d4c357f22aa8301104dc409d637e41e517d38097ec454dc0e
-
Filesize
72KB
MD5361a3263ab031f13803995549d44a714
SHA1da27db3c3ce2de00226bf10b108e95da0fad7f40
SHA2563dbb65d06201048019c7bcca2628224ec415c0c35b687b81f4cb2efd959403c3
SHA512250f16448e4414f268e70d63d8893dd9508b7acd622e31a30aad9636b6074126a5fd339aeb74d63d4c357f22aa8301104dc409d637e41e517d38097ec454dc0e
-
Filesize
72KB
MD5350af5deaf4d76983dafe595334ea613
SHA12bb030e9dbfddef5b826b58ad40f4638cfdea352
SHA25692d142cf4e6d448e3b72c502f0f5e2ed587c35d7c600df509242c30f19565667
SHA512fd8128b7ee86fc54f7cf0399a6487bacfb1c3776822839422767a1b54c8a37d0b348fcd28de0affafabd310d81ec3f92960282c33318a34b4c92023b5e152894
-
Filesize
72KB
MD5350af5deaf4d76983dafe595334ea613
SHA12bb030e9dbfddef5b826b58ad40f4638cfdea352
SHA25692d142cf4e6d448e3b72c502f0f5e2ed587c35d7c600df509242c30f19565667
SHA512fd8128b7ee86fc54f7cf0399a6487bacfb1c3776822839422767a1b54c8a37d0b348fcd28de0affafabd310d81ec3f92960282c33318a34b4c92023b5e152894