Analysis
-
max time kernel
75s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
03-12-2022 16:54
General
-
Target
9cad27b72736424d15d4030aa9531671a780a89fcc9f703cc85d7fad4b229d28.exe
-
Size
72KB
-
MD5
0951260ee922038f8989191c7923de72
-
SHA1
c93047b8ee590e5fa666d8250bd69b67dacde867
-
SHA256
9cad27b72736424d15d4030aa9531671a780a89fcc9f703cc85d7fad4b229d28
-
SHA512
bf215dd2beeb1f893e9e96a597262a319f5c0b5b9f4a158bd1bfaf3cbbe378a91f507f292be0a9779c10379af220b012cd790a76083641280382bf6795187e12
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2Q:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrPE
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 58 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 63 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in Program Files directory 52 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 63 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9cad27b72736424d15d4030aa9531671a780a89fcc9f703cc85d7fad4b229d28.exe"C:\Users\Admin\AppData\Local\Temp\9cad27b72736424d15d4030aa9531671a780a89fcc9f703cc85d7fad4b229d28.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\4052809933\backup.exeC:\Users\Admin\AppData\Local\Temp\4052809933\backup.exe C:\Users\Admin\AppData\Local\Temp\4052809933\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\backup.exe\backup.exe \3⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\Admin\backup.exeC:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\backup.exe"C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\9⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\9⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\9⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
- Executes dropped EXE
-
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\7⤵
-
-
-
C:\Program Files\Common Files\Services\System Restore.exe"C:\Program Files\Common Files\Services\System Restore.exe" C:\Program Files\Common Files\Services\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\SpeechEngines\backup.exe"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe"C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\7⤵
-
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
-
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
-
-
-
-
C:\Program Files\DVD Maker\backup.exe"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\DVD Maker\de-DE\backup.exe"C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\6⤵
- Executes dropped EXE
-
-
C:\Program Files\DVD Maker\en-US\backup.exe"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\6⤵
-
-
C:\Program Files\DVD Maker\es-ES\backup.exe"C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\6⤵
-
-
C:\Program Files\DVD Maker\fr-FR\backup.exe"C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\6⤵
-
-
C:\Program Files\DVD Maker\it-IT\backup.exe"C:\Program Files\DVD Maker\it-IT\backup.exe" C:\Program Files\DVD Maker\it-IT\6⤵
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
-
-
C:\Program Files\Java\System Restore.exe"C:\Program Files\Java\System Restore.exe" C:\Program Files\Java\5⤵
-
-
C:\Program Files\Microsoft Games\backup.exe"C:\Program Files\Microsoft Games\backup.exe" C:\Program Files\Microsoft Games\5⤵
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵
- Modifies visibility of file extensions in Explorer
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\10⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\10⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\11⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\10⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\10⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\7⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Updater6\7⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe AIR\System Restore.exe"C:\Program Files (x86)\Common Files\Adobe AIR\System Restore.exe" C:\Program Files (x86)\Common Files\Adobe AIR\6⤵
-
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\Versions\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\Versions\7⤵
-
-
-
C:\Program Files (x86)\Common Files\DESIGNER\backup.exe"C:\Program Files (x86)\Common Files\DESIGNER\backup.exe" C:\Program Files (x86)\Common Files\DESIGNER\6⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\6⤵
-
-
C:\Program Files (x86)\Common Files\Services\backup.exe"C:\Program Files (x86)\Common Files\Services\backup.exe" C:\Program Files (x86)\Common Files\Services\6⤵
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
-
-
C:\Program Files (x86)\Microsoft Analysis Services\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\5⤵
-
-
C:\Program Files (x86)\Microsoft Office\System Restore.exe"C:\Program Files (x86)\Microsoft Office\System Restore.exe" C:\Program Files (x86)\Microsoft Office\5⤵
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
-
-
C:\Windows\AppCompat\backup.exeC:\Windows\AppCompat\backup.exe C:\Windows\AppCompat\5⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeC:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD5c390b1a13d3b8a3758d89e17ae28b931
SHA13d9a2294290d40b2f8582dc71866c21a91354fe1
SHA25699762b54e844f697b33d6a42b50f705a1ce22357b5e193c825cd8aa87ac26757
SHA512e83a4b3f7f8e0174f210f42a21c7ab98f052e20a60ad4e820d96b537c1c4f7e405ae827022249a097199131982720d9aaaa8b38b94b2187de1b4706ed5467548
-
Filesize
72KB
MD5c526c199686fc76dfc0b611f7432f58e
SHA1e75046a4b74a4442b92c88870a9ba362e5ca2d13
SHA256638697bdf612fe7c53f53d3ab0ce3babbefc4049c3ae6368cc90208553d5bb5c
SHA5123fe0db9d1293231d5a898e302ef2cffd3d2f6e13aeb98e341e659b5d1e11e0428d5c606e495d8e4eb7fa146b04245f0eeab3bd87d94b2020099da5a333d5d24a
-
Filesize
72KB
MD5c526c199686fc76dfc0b611f7432f58e
SHA1e75046a4b74a4442b92c88870a9ba362e5ca2d13
SHA256638697bdf612fe7c53f53d3ab0ce3babbefc4049c3ae6368cc90208553d5bb5c
SHA5123fe0db9d1293231d5a898e302ef2cffd3d2f6e13aeb98e341e659b5d1e11e0428d5c606e495d8e4eb7fa146b04245f0eeab3bd87d94b2020099da5a333d5d24a
-
Filesize
72KB
MD561b9f4f7586303a57dd0be2b900af5b2
SHA12667e3a58c936753a88370306eb36e799df3642a
SHA2562a0c10522114a8f353c414baf2f2495fb73795390078bacebc9c9f0eb56b09de
SHA512403a7c08cc35aafc6c9089c3d246f9cdf95f5d8a4f13b555f28d9e09c18fc93a2b5afc50626fbd2f0c61d01364f8e6645510a122d6d97b9b75167ba0189ba7bb
-
Filesize
72KB
MD5a19fdc37381d57066464de7b3d72f858
SHA12a3d040af19c7021dc5d031d05b52a50613c5a1e
SHA2569b63af01ef4df511f242889a81e47ad1535b0982ba40283e90359f7f0e0486dd
SHA5122fefdc3bd7c427fd9276ddf45827fc39ecbaae364b0fde102acf3ea96ab5b0e22668fb26b255e6ba16d335a7c9dc9f1073ac97b34d64924557cfa8f316f55092
-
Filesize
72KB
MD5a19fdc37381d57066464de7b3d72f858
SHA12a3d040af19c7021dc5d031d05b52a50613c5a1e
SHA2569b63af01ef4df511f242889a81e47ad1535b0982ba40283e90359f7f0e0486dd
SHA5122fefdc3bd7c427fd9276ddf45827fc39ecbaae364b0fde102acf3ea96ab5b0e22668fb26b255e6ba16d335a7c9dc9f1073ac97b34d64924557cfa8f316f55092
-
Filesize
72KB
MD56e92626b03dd4217ce7a4d49384a6a0c
SHA1c54dc0c36080eefc8ae02089f95015ca60b99682
SHA256d7764b2078d07bd22e45d3fcd2a2dfe9fd65427383351aad8a9687f7fc55d830
SHA512b6059143bdbb9f23d4bdb5cb78088a5b21d6a33471f95bebb8cafbd5402bfa7f33d1924c37520c9b431089ee506036dd71fbb2e2d8c751ba481d40a43890f452
-
Filesize
72KB
MD56e92626b03dd4217ce7a4d49384a6a0c
SHA1c54dc0c36080eefc8ae02089f95015ca60b99682
SHA256d7764b2078d07bd22e45d3fcd2a2dfe9fd65427383351aad8a9687f7fc55d830
SHA512b6059143bdbb9f23d4bdb5cb78088a5b21d6a33471f95bebb8cafbd5402bfa7f33d1924c37520c9b431089ee506036dd71fbb2e2d8c751ba481d40a43890f452
-
Filesize
72KB
MD588cc552aecd53f82adb7956d26fe79e5
SHA1283952c791f20c325210e2440618c88ed086c77b
SHA256259f48d95ea99386b70c4e493d78740b738f60fadadabb86da0d6d5231414c56
SHA512a246aff2dcb882a063d5a19f4ecab5de8dd59be36660e5b9cc148879c82bd46d355e9f21cd79bbfd726e014ba462158b14a44912dc62fb96a89881182398501c
-
Filesize
72KB
MD56101dcc6d16b6ddcf466b1be28ec95f2
SHA1ed3f0fb1022231c56873715a2ae026042cf13f4c
SHA256f384fe0b67eb5ed679780511ed4bf58bd5171d66320cd128b8695eaffbf1d3f0
SHA512772845317aac5a351f172a849debfa1f9bef4aa0362c1b00b463f4462f9041cb4b3a0eb4007bdaeb8bd443cbe46c7857c8f3d05b15bd951d17f9241be9d73125
-
Filesize
72KB
MD56101dcc6d16b6ddcf466b1be28ec95f2
SHA1ed3f0fb1022231c56873715a2ae026042cf13f4c
SHA256f384fe0b67eb5ed679780511ed4bf58bd5171d66320cd128b8695eaffbf1d3f0
SHA512772845317aac5a351f172a849debfa1f9bef4aa0362c1b00b463f4462f9041cb4b3a0eb4007bdaeb8bd443cbe46c7857c8f3d05b15bd951d17f9241be9d73125
-
Filesize
72KB
MD55f07f5295091b1cc3c0b717ebd11265e
SHA1e45fa5b137d4f377071bbec7b7b51c479299e6ff
SHA256ac6cd89f5709da18da241c59e05011033c4181b896e18fc5d852f984e8f4ca49
SHA5122205751191369b5eb48b7a60c759ceb9e0652f0ef073649c63b647b88242642e6219621b1944197dc1f15fd3d5636c927ce765a2719cdf6fd539845ec8b46ee9
-
Filesize
72KB
MD588cc552aecd53f82adb7956d26fe79e5
SHA1283952c791f20c325210e2440618c88ed086c77b
SHA256259f48d95ea99386b70c4e493d78740b738f60fadadabb86da0d6d5231414c56
SHA512a246aff2dcb882a063d5a19f4ecab5de8dd59be36660e5b9cc148879c82bd46d355e9f21cd79bbfd726e014ba462158b14a44912dc62fb96a89881182398501c
-
Filesize
72KB
MD588cc552aecd53f82adb7956d26fe79e5
SHA1283952c791f20c325210e2440618c88ed086c77b
SHA256259f48d95ea99386b70c4e493d78740b738f60fadadabb86da0d6d5231414c56
SHA512a246aff2dcb882a063d5a19f4ecab5de8dd59be36660e5b9cc148879c82bd46d355e9f21cd79bbfd726e014ba462158b14a44912dc62fb96a89881182398501c
-
Filesize
72KB
MD56101dcc6d16b6ddcf466b1be28ec95f2
SHA1ed3f0fb1022231c56873715a2ae026042cf13f4c
SHA256f384fe0b67eb5ed679780511ed4bf58bd5171d66320cd128b8695eaffbf1d3f0
SHA512772845317aac5a351f172a849debfa1f9bef4aa0362c1b00b463f4462f9041cb4b3a0eb4007bdaeb8bd443cbe46c7857c8f3d05b15bd951d17f9241be9d73125
-
Filesize
72KB
MD56101dcc6d16b6ddcf466b1be28ec95f2
SHA1ed3f0fb1022231c56873715a2ae026042cf13f4c
SHA256f384fe0b67eb5ed679780511ed4bf58bd5171d66320cd128b8695eaffbf1d3f0
SHA512772845317aac5a351f172a849debfa1f9bef4aa0362c1b00b463f4462f9041cb4b3a0eb4007bdaeb8bd443cbe46c7857c8f3d05b15bd951d17f9241be9d73125
-
Filesize
72KB
MD58173093d1f0b1ec2ad2cb35fd2121521
SHA1af93219efe9c86d17497d29c41185acd021fff10
SHA256b43902cf4bdb3afc780a5d14e77873822f9fd8b503f0325fd34e0af791b6d0b2
SHA512107dda624974b959b9938b401f2ecfdeb619ffe340e851af739ad35c8686098928faa80c2127c64db24943fcbd2db0dd77ea02b0902dda82fba8eaa649d889e4
-
Filesize
72KB
MD58173093d1f0b1ec2ad2cb35fd2121521
SHA1af93219efe9c86d17497d29c41185acd021fff10
SHA256b43902cf4bdb3afc780a5d14e77873822f9fd8b503f0325fd34e0af791b6d0b2
SHA512107dda624974b959b9938b401f2ecfdeb619ffe340e851af739ad35c8686098928faa80c2127c64db24943fcbd2db0dd77ea02b0902dda82fba8eaa649d889e4
-
Filesize
72KB
MD59df23aafadec91390d36f82c33c8b10c
SHA14e221860e177ac52e6a0a3df27705dbd47026d07
SHA256ce22e117c170252309cc1186164c07130c0ce513d243abb23544a4a685f866c0
SHA5124328a62fca3992565beb15702bfb2d564676942c6da4b2342d4e380b5b3d59abedd147327c9ab87532ffa1b0afeb69ef2b7cd26427d4513665f57a3856fe4907
-
Filesize
72KB
MD59df23aafadec91390d36f82c33c8b10c
SHA14e221860e177ac52e6a0a3df27705dbd47026d07
SHA256ce22e117c170252309cc1186164c07130c0ce513d243abb23544a4a685f866c0
SHA5124328a62fca3992565beb15702bfb2d564676942c6da4b2342d4e380b5b3d59abedd147327c9ab87532ffa1b0afeb69ef2b7cd26427d4513665f57a3856fe4907
-
Filesize
72KB
MD59df23aafadec91390d36f82c33c8b10c
SHA14e221860e177ac52e6a0a3df27705dbd47026d07
SHA256ce22e117c170252309cc1186164c07130c0ce513d243abb23544a4a685f866c0
SHA5124328a62fca3992565beb15702bfb2d564676942c6da4b2342d4e380b5b3d59abedd147327c9ab87532ffa1b0afeb69ef2b7cd26427d4513665f57a3856fe4907
-
Filesize
72KB
MD59df23aafadec91390d36f82c33c8b10c
SHA14e221860e177ac52e6a0a3df27705dbd47026d07
SHA256ce22e117c170252309cc1186164c07130c0ce513d243abb23544a4a685f866c0
SHA5124328a62fca3992565beb15702bfb2d564676942c6da4b2342d4e380b5b3d59abedd147327c9ab87532ffa1b0afeb69ef2b7cd26427d4513665f57a3856fe4907
-
Filesize
72KB
MD56dc41b56a3f47ae47f4860676d0f2f57
SHA16369eef8b375d0b5826e7b397f4d16f576b1c5d1
SHA2566ff664c9dd1bfd5e9a3c4f0dff6945b61b0b2f01d51cbd879709f9050a3e32c5
SHA5121cf1be9445fffbb85eeda1ee962ce9d841f2ff43c0782b34d901804aa295effd376e417b52724f5fb2d76fcba67699a5f90f654e99aa67c61a52c0bcfc394602
-
Filesize
72KB
MD5b25aca0fc800f2f7787e0fd2ee4b6870
SHA1bedbade031f2b6f2485b62e92010d490fb375825
SHA256acbd0b2239a3e09b6c70f981215a9c7fa8c31bfd9a39b796219e04f0e2d73f42
SHA5122bdb059e937dbbacd0ccd1d2bd22589e413f6b8b7f133bec3c6fe4d67b4c1f672c9ea3f90d7db06faf341b51fcbea307df8e2f96ea22721bfad211ec09acfb82
-
Filesize
72KB
MD59df23aafadec91390d36f82c33c8b10c
SHA14e221860e177ac52e6a0a3df27705dbd47026d07
SHA256ce22e117c170252309cc1186164c07130c0ce513d243abb23544a4a685f866c0
SHA5124328a62fca3992565beb15702bfb2d564676942c6da4b2342d4e380b5b3d59abedd147327c9ab87532ffa1b0afeb69ef2b7cd26427d4513665f57a3856fe4907
-
Filesize
72KB
MD5b0f012cd549c65000121299bf7a19631
SHA17847f5524a4fc9fc7e525228e8d1c3211554caf8
SHA2568faf963976b12a5e04466d3e542149fb94d4323f956271c4c744be63a04cd9d9
SHA512a3c3b28b02dd2b745aa465d5e77073907429bd90997f4bac4fe58a3f2648b7c04c88c8b09442ed4848717dd8fe066597afbcbf9559013c14f0d60b79c30ac343
-
Filesize
72KB
MD59d8222125d55b5dcc43810d9b3e1cfe4
SHA1715a248e95abceed2055c412a4f8dc8a9011b940
SHA2561dd2132d0080132e243f3a378b409aaf55c6157b69544bdec3637edbafb4e5f1
SHA5127454f5d76bebd8fe4394c4f1d07b32a4bb0cffe8b1f5df42fb4209fe475fd2f30f7f08faf49f90de3baa7219bfdfd8d75f1eaabef36eafc3a75b0a12e57cb249
-
Filesize
72KB
MD59d8222125d55b5dcc43810d9b3e1cfe4
SHA1715a248e95abceed2055c412a4f8dc8a9011b940
SHA2561dd2132d0080132e243f3a378b409aaf55c6157b69544bdec3637edbafb4e5f1
SHA5127454f5d76bebd8fe4394c4f1d07b32a4bb0cffe8b1f5df42fb4209fe475fd2f30f7f08faf49f90de3baa7219bfdfd8d75f1eaabef36eafc3a75b0a12e57cb249
-
Filesize
72KB
MD5c390b1a13d3b8a3758d89e17ae28b931
SHA13d9a2294290d40b2f8582dc71866c21a91354fe1
SHA25699762b54e844f697b33d6a42b50f705a1ce22357b5e193c825cd8aa87ac26757
SHA512e83a4b3f7f8e0174f210f42a21c7ab98f052e20a60ad4e820d96b537c1c4f7e405ae827022249a097199131982720d9aaaa8b38b94b2187de1b4706ed5467548
-
Filesize
72KB
MD5c390b1a13d3b8a3758d89e17ae28b931
SHA13d9a2294290d40b2f8582dc71866c21a91354fe1
SHA25699762b54e844f697b33d6a42b50f705a1ce22357b5e193c825cd8aa87ac26757
SHA512e83a4b3f7f8e0174f210f42a21c7ab98f052e20a60ad4e820d96b537c1c4f7e405ae827022249a097199131982720d9aaaa8b38b94b2187de1b4706ed5467548
-
Filesize
72KB
MD5c526c199686fc76dfc0b611f7432f58e
SHA1e75046a4b74a4442b92c88870a9ba362e5ca2d13
SHA256638697bdf612fe7c53f53d3ab0ce3babbefc4049c3ae6368cc90208553d5bb5c
SHA5123fe0db9d1293231d5a898e302ef2cffd3d2f6e13aeb98e341e659b5d1e11e0428d5c606e495d8e4eb7fa146b04245f0eeab3bd87d94b2020099da5a333d5d24a
-
Filesize
72KB
MD5c526c199686fc76dfc0b611f7432f58e
SHA1e75046a4b74a4442b92c88870a9ba362e5ca2d13
SHA256638697bdf612fe7c53f53d3ab0ce3babbefc4049c3ae6368cc90208553d5bb5c
SHA5123fe0db9d1293231d5a898e302ef2cffd3d2f6e13aeb98e341e659b5d1e11e0428d5c606e495d8e4eb7fa146b04245f0eeab3bd87d94b2020099da5a333d5d24a
-
Filesize
72KB
MD561b9f4f7586303a57dd0be2b900af5b2
SHA12667e3a58c936753a88370306eb36e799df3642a
SHA2562a0c10522114a8f353c414baf2f2495fb73795390078bacebc9c9f0eb56b09de
SHA512403a7c08cc35aafc6c9089c3d246f9cdf95f5d8a4f13b555f28d9e09c18fc93a2b5afc50626fbd2f0c61d01364f8e6645510a122d6d97b9b75167ba0189ba7bb
-
Filesize
72KB
MD561b9f4f7586303a57dd0be2b900af5b2
SHA12667e3a58c936753a88370306eb36e799df3642a
SHA2562a0c10522114a8f353c414baf2f2495fb73795390078bacebc9c9f0eb56b09de
SHA512403a7c08cc35aafc6c9089c3d246f9cdf95f5d8a4f13b555f28d9e09c18fc93a2b5afc50626fbd2f0c61d01364f8e6645510a122d6d97b9b75167ba0189ba7bb
-
Filesize
72KB
MD5a19fdc37381d57066464de7b3d72f858
SHA12a3d040af19c7021dc5d031d05b52a50613c5a1e
SHA2569b63af01ef4df511f242889a81e47ad1535b0982ba40283e90359f7f0e0486dd
SHA5122fefdc3bd7c427fd9276ddf45827fc39ecbaae364b0fde102acf3ea96ab5b0e22668fb26b255e6ba16d335a7c9dc9f1073ac97b34d64924557cfa8f316f55092
-
Filesize
72KB
MD5a19fdc37381d57066464de7b3d72f858
SHA12a3d040af19c7021dc5d031d05b52a50613c5a1e
SHA2569b63af01ef4df511f242889a81e47ad1535b0982ba40283e90359f7f0e0486dd
SHA5122fefdc3bd7c427fd9276ddf45827fc39ecbaae364b0fde102acf3ea96ab5b0e22668fb26b255e6ba16d335a7c9dc9f1073ac97b34d64924557cfa8f316f55092
-
Filesize
72KB
MD56e92626b03dd4217ce7a4d49384a6a0c
SHA1c54dc0c36080eefc8ae02089f95015ca60b99682
SHA256d7764b2078d07bd22e45d3fcd2a2dfe9fd65427383351aad8a9687f7fc55d830
SHA512b6059143bdbb9f23d4bdb5cb78088a5b21d6a33471f95bebb8cafbd5402bfa7f33d1924c37520c9b431089ee506036dd71fbb2e2d8c751ba481d40a43890f452
-
Filesize
72KB
MD56e92626b03dd4217ce7a4d49384a6a0c
SHA1c54dc0c36080eefc8ae02089f95015ca60b99682
SHA256d7764b2078d07bd22e45d3fcd2a2dfe9fd65427383351aad8a9687f7fc55d830
SHA512b6059143bdbb9f23d4bdb5cb78088a5b21d6a33471f95bebb8cafbd5402bfa7f33d1924c37520c9b431089ee506036dd71fbb2e2d8c751ba481d40a43890f452
-
Filesize
72KB
MD588cc552aecd53f82adb7956d26fe79e5
SHA1283952c791f20c325210e2440618c88ed086c77b
SHA256259f48d95ea99386b70c4e493d78740b738f60fadadabb86da0d6d5231414c56
SHA512a246aff2dcb882a063d5a19f4ecab5de8dd59be36660e5b9cc148879c82bd46d355e9f21cd79bbfd726e014ba462158b14a44912dc62fb96a89881182398501c
-
Filesize
72KB
MD588cc552aecd53f82adb7956d26fe79e5
SHA1283952c791f20c325210e2440618c88ed086c77b
SHA256259f48d95ea99386b70c4e493d78740b738f60fadadabb86da0d6d5231414c56
SHA512a246aff2dcb882a063d5a19f4ecab5de8dd59be36660e5b9cc148879c82bd46d355e9f21cd79bbfd726e014ba462158b14a44912dc62fb96a89881182398501c
-
Filesize
72KB
MD56101dcc6d16b6ddcf466b1be28ec95f2
SHA1ed3f0fb1022231c56873715a2ae026042cf13f4c
SHA256f384fe0b67eb5ed679780511ed4bf58bd5171d66320cd128b8695eaffbf1d3f0
SHA512772845317aac5a351f172a849debfa1f9bef4aa0362c1b00b463f4462f9041cb4b3a0eb4007bdaeb8bd443cbe46c7857c8f3d05b15bd951d17f9241be9d73125
-
Filesize
72KB
MD56101dcc6d16b6ddcf466b1be28ec95f2
SHA1ed3f0fb1022231c56873715a2ae026042cf13f4c
SHA256f384fe0b67eb5ed679780511ed4bf58bd5171d66320cd128b8695eaffbf1d3f0
SHA512772845317aac5a351f172a849debfa1f9bef4aa0362c1b00b463f4462f9041cb4b3a0eb4007bdaeb8bd443cbe46c7857c8f3d05b15bd951d17f9241be9d73125
-
Filesize
72KB
MD55f07f5295091b1cc3c0b717ebd11265e
SHA1e45fa5b137d4f377071bbec7b7b51c479299e6ff
SHA256ac6cd89f5709da18da241c59e05011033c4181b896e18fc5d852f984e8f4ca49
SHA5122205751191369b5eb48b7a60c759ceb9e0652f0ef073649c63b647b88242642e6219621b1944197dc1f15fd3d5636c927ce765a2719cdf6fd539845ec8b46ee9
-
Filesize
72KB
MD55f07f5295091b1cc3c0b717ebd11265e
SHA1e45fa5b137d4f377071bbec7b7b51c479299e6ff
SHA256ac6cd89f5709da18da241c59e05011033c4181b896e18fc5d852f984e8f4ca49
SHA5122205751191369b5eb48b7a60c759ceb9e0652f0ef073649c63b647b88242642e6219621b1944197dc1f15fd3d5636c927ce765a2719cdf6fd539845ec8b46ee9
-
Filesize
72KB
MD588cc552aecd53f82adb7956d26fe79e5
SHA1283952c791f20c325210e2440618c88ed086c77b
SHA256259f48d95ea99386b70c4e493d78740b738f60fadadabb86da0d6d5231414c56
SHA512a246aff2dcb882a063d5a19f4ecab5de8dd59be36660e5b9cc148879c82bd46d355e9f21cd79bbfd726e014ba462158b14a44912dc62fb96a89881182398501c
-
Filesize
72KB
MD588cc552aecd53f82adb7956d26fe79e5
SHA1283952c791f20c325210e2440618c88ed086c77b
SHA256259f48d95ea99386b70c4e493d78740b738f60fadadabb86da0d6d5231414c56
SHA512a246aff2dcb882a063d5a19f4ecab5de8dd59be36660e5b9cc148879c82bd46d355e9f21cd79bbfd726e014ba462158b14a44912dc62fb96a89881182398501c
-
Filesize
72KB
MD56101dcc6d16b6ddcf466b1be28ec95f2
SHA1ed3f0fb1022231c56873715a2ae026042cf13f4c
SHA256f384fe0b67eb5ed679780511ed4bf58bd5171d66320cd128b8695eaffbf1d3f0
SHA512772845317aac5a351f172a849debfa1f9bef4aa0362c1b00b463f4462f9041cb4b3a0eb4007bdaeb8bd443cbe46c7857c8f3d05b15bd951d17f9241be9d73125
-
Filesize
72KB
MD56101dcc6d16b6ddcf466b1be28ec95f2
SHA1ed3f0fb1022231c56873715a2ae026042cf13f4c
SHA256f384fe0b67eb5ed679780511ed4bf58bd5171d66320cd128b8695eaffbf1d3f0
SHA512772845317aac5a351f172a849debfa1f9bef4aa0362c1b00b463f4462f9041cb4b3a0eb4007bdaeb8bd443cbe46c7857c8f3d05b15bd951d17f9241be9d73125
-
Filesize
72KB
MD58173093d1f0b1ec2ad2cb35fd2121521
SHA1af93219efe9c86d17497d29c41185acd021fff10
SHA256b43902cf4bdb3afc780a5d14e77873822f9fd8b503f0325fd34e0af791b6d0b2
SHA512107dda624974b959b9938b401f2ecfdeb619ffe340e851af739ad35c8686098928faa80c2127c64db24943fcbd2db0dd77ea02b0902dda82fba8eaa649d889e4
-
Filesize
72KB
MD58173093d1f0b1ec2ad2cb35fd2121521
SHA1af93219efe9c86d17497d29c41185acd021fff10
SHA256b43902cf4bdb3afc780a5d14e77873822f9fd8b503f0325fd34e0af791b6d0b2
SHA512107dda624974b959b9938b401f2ecfdeb619ffe340e851af739ad35c8686098928faa80c2127c64db24943fcbd2db0dd77ea02b0902dda82fba8eaa649d889e4
-
Filesize
72KB
MD59df23aafadec91390d36f82c33c8b10c
SHA14e221860e177ac52e6a0a3df27705dbd47026d07
SHA256ce22e117c170252309cc1186164c07130c0ce513d243abb23544a4a685f866c0
SHA5124328a62fca3992565beb15702bfb2d564676942c6da4b2342d4e380b5b3d59abedd147327c9ab87532ffa1b0afeb69ef2b7cd26427d4513665f57a3856fe4907
-
Filesize
72KB
MD59df23aafadec91390d36f82c33c8b10c
SHA14e221860e177ac52e6a0a3df27705dbd47026d07
SHA256ce22e117c170252309cc1186164c07130c0ce513d243abb23544a4a685f866c0
SHA5124328a62fca3992565beb15702bfb2d564676942c6da4b2342d4e380b5b3d59abedd147327c9ab87532ffa1b0afeb69ef2b7cd26427d4513665f57a3856fe4907
-
Filesize
72KB
MD59df23aafadec91390d36f82c33c8b10c
SHA14e221860e177ac52e6a0a3df27705dbd47026d07
SHA256ce22e117c170252309cc1186164c07130c0ce513d243abb23544a4a685f866c0
SHA5124328a62fca3992565beb15702bfb2d564676942c6da4b2342d4e380b5b3d59abedd147327c9ab87532ffa1b0afeb69ef2b7cd26427d4513665f57a3856fe4907
-
Filesize
72KB
MD59df23aafadec91390d36f82c33c8b10c
SHA14e221860e177ac52e6a0a3df27705dbd47026d07
SHA256ce22e117c170252309cc1186164c07130c0ce513d243abb23544a4a685f866c0
SHA5124328a62fca3992565beb15702bfb2d564676942c6da4b2342d4e380b5b3d59abedd147327c9ab87532ffa1b0afeb69ef2b7cd26427d4513665f57a3856fe4907
-
Filesize
72KB
MD59df23aafadec91390d36f82c33c8b10c
SHA14e221860e177ac52e6a0a3df27705dbd47026d07
SHA256ce22e117c170252309cc1186164c07130c0ce513d243abb23544a4a685f866c0
SHA5124328a62fca3992565beb15702bfb2d564676942c6da4b2342d4e380b5b3d59abedd147327c9ab87532ffa1b0afeb69ef2b7cd26427d4513665f57a3856fe4907
-
Filesize
72KB
MD59df23aafadec91390d36f82c33c8b10c
SHA14e221860e177ac52e6a0a3df27705dbd47026d07
SHA256ce22e117c170252309cc1186164c07130c0ce513d243abb23544a4a685f866c0
SHA5124328a62fca3992565beb15702bfb2d564676942c6da4b2342d4e380b5b3d59abedd147327c9ab87532ffa1b0afeb69ef2b7cd26427d4513665f57a3856fe4907
-
Filesize
72KB
MD56dc41b56a3f47ae47f4860676d0f2f57
SHA16369eef8b375d0b5826e7b397f4d16f576b1c5d1
SHA2566ff664c9dd1bfd5e9a3c4f0dff6945b61b0b2f01d51cbd879709f9050a3e32c5
SHA5121cf1be9445fffbb85eeda1ee962ce9d841f2ff43c0782b34d901804aa295effd376e417b52724f5fb2d76fcba67699a5f90f654e99aa67c61a52c0bcfc394602
-
Filesize
72KB
MD56dc41b56a3f47ae47f4860676d0f2f57
SHA16369eef8b375d0b5826e7b397f4d16f576b1c5d1
SHA2566ff664c9dd1bfd5e9a3c4f0dff6945b61b0b2f01d51cbd879709f9050a3e32c5
SHA5121cf1be9445fffbb85eeda1ee962ce9d841f2ff43c0782b34d901804aa295effd376e417b52724f5fb2d76fcba67699a5f90f654e99aa67c61a52c0bcfc394602
-
Filesize
72KB
MD5b25aca0fc800f2f7787e0fd2ee4b6870
SHA1bedbade031f2b6f2485b62e92010d490fb375825
SHA256acbd0b2239a3e09b6c70f981215a9c7fa8c31bfd9a39b796219e04f0e2d73f42
SHA5122bdb059e937dbbacd0ccd1d2bd22589e413f6b8b7f133bec3c6fe4d67b4c1f672c9ea3f90d7db06faf341b51fcbea307df8e2f96ea22721bfad211ec09acfb82
-
Filesize
72KB
MD5b25aca0fc800f2f7787e0fd2ee4b6870
SHA1bedbade031f2b6f2485b62e92010d490fb375825
SHA256acbd0b2239a3e09b6c70f981215a9c7fa8c31bfd9a39b796219e04f0e2d73f42
SHA5122bdb059e937dbbacd0ccd1d2bd22589e413f6b8b7f133bec3c6fe4d67b4c1f672c9ea3f90d7db06faf341b51fcbea307df8e2f96ea22721bfad211ec09acfb82
-
Filesize
72KB
MD59df23aafadec91390d36f82c33c8b10c
SHA14e221860e177ac52e6a0a3df27705dbd47026d07
SHA256ce22e117c170252309cc1186164c07130c0ce513d243abb23544a4a685f866c0
SHA5124328a62fca3992565beb15702bfb2d564676942c6da4b2342d4e380b5b3d59abedd147327c9ab87532ffa1b0afeb69ef2b7cd26427d4513665f57a3856fe4907
-
Filesize
72KB
MD59df23aafadec91390d36f82c33c8b10c
SHA14e221860e177ac52e6a0a3df27705dbd47026d07
SHA256ce22e117c170252309cc1186164c07130c0ce513d243abb23544a4a685f866c0
SHA5124328a62fca3992565beb15702bfb2d564676942c6da4b2342d4e380b5b3d59abedd147327c9ab87532ffa1b0afeb69ef2b7cd26427d4513665f57a3856fe4907
-
Filesize
72KB
MD5b0f012cd549c65000121299bf7a19631
SHA17847f5524a4fc9fc7e525228e8d1c3211554caf8
SHA2568faf963976b12a5e04466d3e542149fb94d4323f956271c4c744be63a04cd9d9
SHA512a3c3b28b02dd2b745aa465d5e77073907429bd90997f4bac4fe58a3f2648b7c04c88c8b09442ed4848717dd8fe066597afbcbf9559013c14f0d60b79c30ac343
-
Filesize
72KB
MD5b0f012cd549c65000121299bf7a19631
SHA17847f5524a4fc9fc7e525228e8d1c3211554caf8
SHA2568faf963976b12a5e04466d3e542149fb94d4323f956271c4c744be63a04cd9d9
SHA512a3c3b28b02dd2b745aa465d5e77073907429bd90997f4bac4fe58a3f2648b7c04c88c8b09442ed4848717dd8fe066597afbcbf9559013c14f0d60b79c30ac343
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Filesize
8KB
-
Filesize
8KB
-
-
-
-
-
-
-
-
-
-
-
-
-