Analysis
-
max time kernel
115s -
max time network
35s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
05-12-2022 19:06
General
-
Target
c74fef34dcc5561a9491e9c0688b4f7fca34d44bd78bcd4c818b230bf277715d.exe
-
Size
72KB
-
MD5
08f9e4b192762d633497f593dc37069d
-
SHA1
1f9ca6850bd89736ed7fde20bbb86fd7157d6dc2
-
SHA256
c74fef34dcc5561a9491e9c0688b4f7fca34d44bd78bcd4c818b230bf277715d
-
SHA512
b9f8daf2c16eee3fdccd23ea4ac1ed0831522ef504ebb9191ad816a5c7f59c7611ce135b020f996d028183372d524505fc41c7eee5881aed3a87913cf5539670
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf23:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrPj
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c74fef34dcc5561a9491e9c0688b4f7fca34d44bd78bcd4c818b230bf277715d.exe"C:\Users\Admin\AppData\Local\Temp\c74fef34dcc5561a9491e9c0688b4f7fca34d44bd78bcd4c818b230bf277715d.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2417700346\backup.exeC:\Users\Admin\AppData\Local\Temp\2417700346\backup.exe C:\Users\Admin\AppData\Local\Temp\2417700346\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\backup.exe\backup.exe \3⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\data.exeC:\PerfLogs\data.exe C:\PerfLogs\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\Admin\backup.exeC:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\update.exe"C:\Program Files\7-Zip\update.exe" C:\Program Files\7-Zip\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\backup.exe"C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\update.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\update.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
- Executes dropped EXE
-
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\7⤵
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\SpeechEngines\backup.exe"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\6⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe"C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\7⤵
-
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
-
-
-
C:\Program Files\DVD Maker\update.exe"C:\Program Files\DVD Maker\update.exe" C:\Program Files\DVD Maker\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\DVD Maker\de-DE\backup.exe"C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\6⤵
-
-
C:\Program Files\DVD Maker\en-US\backup.exe"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\6⤵
-
-
C:\Program Files\DVD Maker\es-ES\backup.exe"C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\6⤵
-
-
C:\Program Files\DVD Maker\fr-FR\data.exe"C:\Program Files\DVD Maker\fr-FR\data.exe" C:\Program Files\DVD Maker\fr-FR\6⤵
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\10⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\10⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\11⤵
-
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\9⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\9⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\8⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\7⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Updater6\7⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\6⤵
-
-
C:\Program Files (x86)\Common Files\DESIGNER\backup.exe"C:\Program Files (x86)\Common Files\DESIGNER\backup.exe" C:\Program Files (x86)\Common Files\DESIGNER\6⤵
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
-
-
C:\Program Files (x86)\Microsoft Analysis Services\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\5⤵
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\6⤵
-
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
-
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\6⤵
-
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\System Restore.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\System Restore.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\update.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\update.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeC:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD5c783bdfb4e71a95338ddb52d50957074
SHA18a847553ce98055b6dd6600ab8fb449c7e4cefcd
SHA256c0779358e5a42badc1a51bfc30f318b701a7d41793892f1923f74b6e7ea33c6a
SHA5120b740f8479d42f93a79421fed4aeda7f8cd634f280629b252c571bd124c5559322f501b8877ad4c3f036f3eacf76874f8aff0cca85fac7726a637b77f470ab6e
-
Filesize
72KB
MD5da67eef1aee6bfaf0cf7769ca012b349
SHA1e9cba605d5720eec6385247b748d51f7a94db12b
SHA2565b5231fe99a3d3f1d7f316a37761a47580b11c86e7b7de1eb332ed996b094c21
SHA512a56a7b84a63242aedfcfa88cef4e20a9ccb4552f22ac12941cb7621f30d36c4f18efb79f7101029c95cff837acadcd4a9484e6bfc81745e96d3e828c9447c076
-
Filesize
72KB
MD5da67eef1aee6bfaf0cf7769ca012b349
SHA1e9cba605d5720eec6385247b748d51f7a94db12b
SHA2565b5231fe99a3d3f1d7f316a37761a47580b11c86e7b7de1eb332ed996b094c21
SHA512a56a7b84a63242aedfcfa88cef4e20a9ccb4552f22ac12941cb7621f30d36c4f18efb79f7101029c95cff837acadcd4a9484e6bfc81745e96d3e828c9447c076
-
Filesize
72KB
MD5c32c395ef50b632f82ed0484ccd2420a
SHA100d8f2a43a9b0851eb8922d6795b073d0e8c22df
SHA2566abf0d0b97dc3748c22ca68663dc9288ee23cbdef59ea00085ef447dd11bffa4
SHA512acbeea758b46cf720249954baab5cb26eb1997b8d763615c4fbada24d6ecca793de9c5afc27a4a5dba83b65592090a6ef4510c5b86839b68afcb8d4cd8c56f11
-
Filesize
72KB
MD5c32c395ef50b632f82ed0484ccd2420a
SHA100d8f2a43a9b0851eb8922d6795b073d0e8c22df
SHA2566abf0d0b97dc3748c22ca68663dc9288ee23cbdef59ea00085ef447dd11bffa4
SHA512acbeea758b46cf720249954baab5cb26eb1997b8d763615c4fbada24d6ecca793de9c5afc27a4a5dba83b65592090a6ef4510c5b86839b68afcb8d4cd8c56f11
-
Filesize
72KB
MD5b40e1cd6b4c4e0f8ad267f4fa92ec6ec
SHA1150dc2b30f8076efd9daa4f3dd4109b5515ac95f
SHA2568cc0bbbb7228bb2f70ee7315ccf39e4dd7de104f0cabe6bcafa1d2a99fd101f3
SHA51273351174376b9815a7820133709d8c176ae01176cb342416496a656467c4be035b3ee88fa39030c37bd83967b4328780e25a094645ff3069eb34f390a5b0dec9
-
Filesize
72KB
MD5b40e1cd6b4c4e0f8ad267f4fa92ec6ec
SHA1150dc2b30f8076efd9daa4f3dd4109b5515ac95f
SHA2568cc0bbbb7228bb2f70ee7315ccf39e4dd7de104f0cabe6bcafa1d2a99fd101f3
SHA51273351174376b9815a7820133709d8c176ae01176cb342416496a656467c4be035b3ee88fa39030c37bd83967b4328780e25a094645ff3069eb34f390a5b0dec9
-
Filesize
72KB
MD546133f9a726e63f4d0597812a7de01a5
SHA163cd2e77d35845e1cd6f158717540a9daca3dfb4
SHA256ff2fb12c87dd2799db5affda93279ea4162cdfa6f10f78b15d43953208c09f19
SHA51269318b8a0a4b3480628e9939a63448148e1eea87de151af60cb035cd97af84045adfd89a625a64b16d36b5a6b6ed621b0fd9ace11a35549cf1dcb7cde7fcc323
-
Filesize
72KB
MD5a26a517b8f2289a70452bdfdf002e962
SHA10087e8a2de2622b7a8b5cc597824d781faefbc2d
SHA256637949237a6f9d34d72b0c61f5d52ff5d88436a1ab2170ea6ecfee274c2a51ec
SHA51214dde59c9a56cecb38433e49f48a37522e29bc07e6e58733d0fa7df74c582c2e12c0a6397232165fba6718883a5cd150d212eb092c120a485c75a4debaac6a6f
-
Filesize
72KB
MD5a26a517b8f2289a70452bdfdf002e962
SHA10087e8a2de2622b7a8b5cc597824d781faefbc2d
SHA256637949237a6f9d34d72b0c61f5d52ff5d88436a1ab2170ea6ecfee274c2a51ec
SHA51214dde59c9a56cecb38433e49f48a37522e29bc07e6e58733d0fa7df74c582c2e12c0a6397232165fba6718883a5cd150d212eb092c120a485c75a4debaac6a6f
-
Filesize
72KB
MD50a304173a3b7a4f6f3f6b723ec826193
SHA170bb24b0f2b63c36626c36d878bc6d3bc1bc7cb2
SHA256bb1b80eccf4e61d449f7ceb5b420c5b15651ea6f36ed67c31d22283bd74687f5
SHA512e67541cf38eee294f5125643eee8c4ed2cbcfd090febf89e5a877bef05009c5764b112f91e9d9e6b17e56ef8342d845058fdd8bb926c1f26906358b0d94a0f11
-
Filesize
72KB
MD50a304173a3b7a4f6f3f6b723ec826193
SHA170bb24b0f2b63c36626c36d878bc6d3bc1bc7cb2
SHA256bb1b80eccf4e61d449f7ceb5b420c5b15651ea6f36ed67c31d22283bd74687f5
SHA512e67541cf38eee294f5125643eee8c4ed2cbcfd090febf89e5a877bef05009c5764b112f91e9d9e6b17e56ef8342d845058fdd8bb926c1f26906358b0d94a0f11
-
Filesize
72KB
MD56deb282bb481b8eead7ffd908c988856
SHA1c381c888b6a186c393c4f328c34a12c7383120fc
SHA256997670e297a422095fad460c9ac48f0fde2b823bbc11f900a5f9e54005fd732d
SHA5128e7c1fa0be564229929dadc6160ff67a41a4be082d943f26524f1bf56e31a3b68e9ba1874b692d0faf72116d40c045a48561bfa3caac0e930f4d2d7f72f76657
-
Filesize
72KB
MD56deb282bb481b8eead7ffd908c988856
SHA1c381c888b6a186c393c4f328c34a12c7383120fc
SHA256997670e297a422095fad460c9ac48f0fde2b823bbc11f900a5f9e54005fd732d
SHA5128e7c1fa0be564229929dadc6160ff67a41a4be082d943f26524f1bf56e31a3b68e9ba1874b692d0faf72116d40c045a48561bfa3caac0e930f4d2d7f72f76657
-
Filesize
72KB
MD5decefb9e668cf15f6bb3a0e2f1280b16
SHA1a1237c18c224d104b5578b504f21fa6f52f86471
SHA256b82ebdef155d05f8fd152d26718cc77a6f7450f27d211bc469b9b1e1e2e861aa
SHA512cc665109bd5b71fc55e8a8d323f06ffb7e5398722845c3905ece0ffe62d07ee880f3875760c1e9a337e934eb7808bbc8f26a8c7972a2c6cc7588b1ba078c39a2
-
Filesize
72KB
MD5decefb9e668cf15f6bb3a0e2f1280b16
SHA1a1237c18c224d104b5578b504f21fa6f52f86471
SHA256b82ebdef155d05f8fd152d26718cc77a6f7450f27d211bc469b9b1e1e2e861aa
SHA512cc665109bd5b71fc55e8a8d323f06ffb7e5398722845c3905ece0ffe62d07ee880f3875760c1e9a337e934eb7808bbc8f26a8c7972a2c6cc7588b1ba078c39a2
-
Filesize
72KB
MD5c6ba5f91b1801478d0b84c858c1101ef
SHA132cb8fba749f3d75f61074c45f87bb400a8af64c
SHA256044672c1ce0d2d641d7ac7db3fe91ecbfcf6c3b86e58a1a71f14d4a9b963e460
SHA512b2b5f5097172f22c42a915c5a3ee712bab8a2cfd80c89ba60dcf633ff983c3798c32d9aa426fbd3ca91a05f339a109241dcc38b50ee6558e9c5e79c901c00261
-
Filesize
72KB
MD51c6e17aec00385b88e878b0f4ef60fdf
SHA1989714eb603429ccfe02532eae4ad688d10b1532
SHA256c7120ffe387384490eead7820c647f62ee88ff23a16bed2b4a4b3f6af26d5e1d
SHA51223494d0c6d2742c207e540b6e68323fef3d96149bc3baf4605703ae476bda03146a27024278fc98dca1af607970b955990f36bd057da560676c8f0888e0528c0
-
Filesize
72KB
MD5833d0dff4ce985070384805e1bb8a743
SHA1e6b80d3abe7ebc87b83703d0c05ab30d731699a9
SHA2565dc9e490c5f037ab3b0f79d54906b04184a9b7cec8c1fac0141a2ad6aad438f5
SHA512079fbd47eb843d07f32a5ccdba80186ba1685a419b254df8c3d88e1defccc4e16a6870c9e817770561be14e27b54e09323e56a42c7ebb7e12620e7cd3c971b23
-
Filesize
72KB
MD59175698f7a0295f5b57f47da77e818c5
SHA19bd860d1be66420f7c054f3a62c11c9c23fa0f97
SHA2561869e55a48b11a764aedaca137ae8c44db60807b919a306d599272222a73da32
SHA512736f5963e0fc617eaf409ec10f56de51fbe9221f971c5b056312d76daa47c7f0ea20bffe2bf7d77648348ae0b6f33f206c63eb6ecdc23d70c1267563f47f054a
-
Filesize
72KB
MD5c6ba5f91b1801478d0b84c858c1101ef
SHA132cb8fba749f3d75f61074c45f87bb400a8af64c
SHA256044672c1ce0d2d641d7ac7db3fe91ecbfcf6c3b86e58a1a71f14d4a9b963e460
SHA512b2b5f5097172f22c42a915c5a3ee712bab8a2cfd80c89ba60dcf633ff983c3798c32d9aa426fbd3ca91a05f339a109241dcc38b50ee6558e9c5e79c901c00261
-
Filesize
72KB
MD540ab48ba5f325ebf49b42268e0c0cd11
SHA1c74f35d99b13c4d6ed467eae784796e611e01b9f
SHA25626d9efdbf0f75b8bd6fb0d29138d3fbc2a984cf726fa01da0ec937cd68b3c62e
SHA51243752b2d8910def824dba73f011b6408c4626831c458d3340e38d481219914f7f70375ceeee8c8976a80e713e06a8067b62880730ab2c5ffef0d3b066f1fffb5
-
Filesize
72KB
MD540ab48ba5f325ebf49b42268e0c0cd11
SHA1c74f35d99b13c4d6ed467eae784796e611e01b9f
SHA25626d9efdbf0f75b8bd6fb0d29138d3fbc2a984cf726fa01da0ec937cd68b3c62e
SHA51243752b2d8910def824dba73f011b6408c4626831c458d3340e38d481219914f7f70375ceeee8c8976a80e713e06a8067b62880730ab2c5ffef0d3b066f1fffb5
-
Filesize
72KB
MD5bf08ad9dc3fcab46897a4022f555fefe
SHA13dbc9c23fc287dcdc12e4b8f01c20bc8cad6c421
SHA256fce39de1802c47fb6fe1f7d2e15bcbc4313558172cdce0fb0679be31cd4e97a1
SHA512800371b5fffee9499c4300348ff543b213862d2cc9e8436b8c09bbbe1957f2150ff26f1dab26676e9141354d777daadff8ccce74c84187e73c0152b01a146358
-
Filesize
72KB
MD5bf08ad9dc3fcab46897a4022f555fefe
SHA13dbc9c23fc287dcdc12e4b8f01c20bc8cad6c421
SHA256fce39de1802c47fb6fe1f7d2e15bcbc4313558172cdce0fb0679be31cd4e97a1
SHA512800371b5fffee9499c4300348ff543b213862d2cc9e8436b8c09bbbe1957f2150ff26f1dab26676e9141354d777daadff8ccce74c84187e73c0152b01a146358
-
Filesize
72KB
MD5c783bdfb4e71a95338ddb52d50957074
SHA18a847553ce98055b6dd6600ab8fb449c7e4cefcd
SHA256c0779358e5a42badc1a51bfc30f318b701a7d41793892f1923f74b6e7ea33c6a
SHA5120b740f8479d42f93a79421fed4aeda7f8cd634f280629b252c571bd124c5559322f501b8877ad4c3f036f3eacf76874f8aff0cca85fac7726a637b77f470ab6e
-
Filesize
72KB
MD5c783bdfb4e71a95338ddb52d50957074
SHA18a847553ce98055b6dd6600ab8fb449c7e4cefcd
SHA256c0779358e5a42badc1a51bfc30f318b701a7d41793892f1923f74b6e7ea33c6a
SHA5120b740f8479d42f93a79421fed4aeda7f8cd634f280629b252c571bd124c5559322f501b8877ad4c3f036f3eacf76874f8aff0cca85fac7726a637b77f470ab6e
-
Filesize
72KB
MD5da67eef1aee6bfaf0cf7769ca012b349
SHA1e9cba605d5720eec6385247b748d51f7a94db12b
SHA2565b5231fe99a3d3f1d7f316a37761a47580b11c86e7b7de1eb332ed996b094c21
SHA512a56a7b84a63242aedfcfa88cef4e20a9ccb4552f22ac12941cb7621f30d36c4f18efb79f7101029c95cff837acadcd4a9484e6bfc81745e96d3e828c9447c076
-
Filesize
72KB
MD5da67eef1aee6bfaf0cf7769ca012b349
SHA1e9cba605d5720eec6385247b748d51f7a94db12b
SHA2565b5231fe99a3d3f1d7f316a37761a47580b11c86e7b7de1eb332ed996b094c21
SHA512a56a7b84a63242aedfcfa88cef4e20a9ccb4552f22ac12941cb7621f30d36c4f18efb79f7101029c95cff837acadcd4a9484e6bfc81745e96d3e828c9447c076
-
Filesize
72KB
MD5c32c395ef50b632f82ed0484ccd2420a
SHA100d8f2a43a9b0851eb8922d6795b073d0e8c22df
SHA2566abf0d0b97dc3748c22ca68663dc9288ee23cbdef59ea00085ef447dd11bffa4
SHA512acbeea758b46cf720249954baab5cb26eb1997b8d763615c4fbada24d6ecca793de9c5afc27a4a5dba83b65592090a6ef4510c5b86839b68afcb8d4cd8c56f11
-
Filesize
72KB
MD5c32c395ef50b632f82ed0484ccd2420a
SHA100d8f2a43a9b0851eb8922d6795b073d0e8c22df
SHA2566abf0d0b97dc3748c22ca68663dc9288ee23cbdef59ea00085ef447dd11bffa4
SHA512acbeea758b46cf720249954baab5cb26eb1997b8d763615c4fbada24d6ecca793de9c5afc27a4a5dba83b65592090a6ef4510c5b86839b68afcb8d4cd8c56f11
-
Filesize
72KB
MD5c32c395ef50b632f82ed0484ccd2420a
SHA100d8f2a43a9b0851eb8922d6795b073d0e8c22df
SHA2566abf0d0b97dc3748c22ca68663dc9288ee23cbdef59ea00085ef447dd11bffa4
SHA512acbeea758b46cf720249954baab5cb26eb1997b8d763615c4fbada24d6ecca793de9c5afc27a4a5dba83b65592090a6ef4510c5b86839b68afcb8d4cd8c56f11
-
Filesize
72KB
MD5c32c395ef50b632f82ed0484ccd2420a
SHA100d8f2a43a9b0851eb8922d6795b073d0e8c22df
SHA2566abf0d0b97dc3748c22ca68663dc9288ee23cbdef59ea00085ef447dd11bffa4
SHA512acbeea758b46cf720249954baab5cb26eb1997b8d763615c4fbada24d6ecca793de9c5afc27a4a5dba83b65592090a6ef4510c5b86839b68afcb8d4cd8c56f11
-
Filesize
72KB
MD5c32c395ef50b632f82ed0484ccd2420a
SHA100d8f2a43a9b0851eb8922d6795b073d0e8c22df
SHA2566abf0d0b97dc3748c22ca68663dc9288ee23cbdef59ea00085ef447dd11bffa4
SHA512acbeea758b46cf720249954baab5cb26eb1997b8d763615c4fbada24d6ecca793de9c5afc27a4a5dba83b65592090a6ef4510c5b86839b68afcb8d4cd8c56f11
-
Filesize
72KB
MD5b40e1cd6b4c4e0f8ad267f4fa92ec6ec
SHA1150dc2b30f8076efd9daa4f3dd4109b5515ac95f
SHA2568cc0bbbb7228bb2f70ee7315ccf39e4dd7de104f0cabe6bcafa1d2a99fd101f3
SHA51273351174376b9815a7820133709d8c176ae01176cb342416496a656467c4be035b3ee88fa39030c37bd83967b4328780e25a094645ff3069eb34f390a5b0dec9
-
Filesize
72KB
MD5b40e1cd6b4c4e0f8ad267f4fa92ec6ec
SHA1150dc2b30f8076efd9daa4f3dd4109b5515ac95f
SHA2568cc0bbbb7228bb2f70ee7315ccf39e4dd7de104f0cabe6bcafa1d2a99fd101f3
SHA51273351174376b9815a7820133709d8c176ae01176cb342416496a656467c4be035b3ee88fa39030c37bd83967b4328780e25a094645ff3069eb34f390a5b0dec9
-
Filesize
72KB
MD5b40e1cd6b4c4e0f8ad267f4fa92ec6ec
SHA1150dc2b30f8076efd9daa4f3dd4109b5515ac95f
SHA2568cc0bbbb7228bb2f70ee7315ccf39e4dd7de104f0cabe6bcafa1d2a99fd101f3
SHA51273351174376b9815a7820133709d8c176ae01176cb342416496a656467c4be035b3ee88fa39030c37bd83967b4328780e25a094645ff3069eb34f390a5b0dec9
-
Filesize
72KB
MD5b40e1cd6b4c4e0f8ad267f4fa92ec6ec
SHA1150dc2b30f8076efd9daa4f3dd4109b5515ac95f
SHA2568cc0bbbb7228bb2f70ee7315ccf39e4dd7de104f0cabe6bcafa1d2a99fd101f3
SHA51273351174376b9815a7820133709d8c176ae01176cb342416496a656467c4be035b3ee88fa39030c37bd83967b4328780e25a094645ff3069eb34f390a5b0dec9
-
Filesize
72KB
MD546133f9a726e63f4d0597812a7de01a5
SHA163cd2e77d35845e1cd6f158717540a9daca3dfb4
SHA256ff2fb12c87dd2799db5affda93279ea4162cdfa6f10f78b15d43953208c09f19
SHA51269318b8a0a4b3480628e9939a63448148e1eea87de151af60cb035cd97af84045adfd89a625a64b16d36b5a6b6ed621b0fd9ace11a35549cf1dcb7cde7fcc323
-
Filesize
72KB
MD546133f9a726e63f4d0597812a7de01a5
SHA163cd2e77d35845e1cd6f158717540a9daca3dfb4
SHA256ff2fb12c87dd2799db5affda93279ea4162cdfa6f10f78b15d43953208c09f19
SHA51269318b8a0a4b3480628e9939a63448148e1eea87de151af60cb035cd97af84045adfd89a625a64b16d36b5a6b6ed621b0fd9ace11a35549cf1dcb7cde7fcc323
-
Filesize
72KB
MD5a26a517b8f2289a70452bdfdf002e962
SHA10087e8a2de2622b7a8b5cc597824d781faefbc2d
SHA256637949237a6f9d34d72b0c61f5d52ff5d88436a1ab2170ea6ecfee274c2a51ec
SHA51214dde59c9a56cecb38433e49f48a37522e29bc07e6e58733d0fa7df74c582c2e12c0a6397232165fba6718883a5cd150d212eb092c120a485c75a4debaac6a6f
-
Filesize
72KB
MD5a26a517b8f2289a70452bdfdf002e962
SHA10087e8a2de2622b7a8b5cc597824d781faefbc2d
SHA256637949237a6f9d34d72b0c61f5d52ff5d88436a1ab2170ea6ecfee274c2a51ec
SHA51214dde59c9a56cecb38433e49f48a37522e29bc07e6e58733d0fa7df74c582c2e12c0a6397232165fba6718883a5cd150d212eb092c120a485c75a4debaac6a6f
-
Filesize
72KB
MD5b8929fe96334f156d576a900750a191b
SHA1ff1ecabaf755b5044403684b17b109b11acf820c
SHA256d34bd78eb3e7f328fa6928818b6734d03927de7bcb4cb2ec86de33e55ba7a159
SHA5121176d6235960f80140a1504c641fe73bcb5cf84d1cf2ea80f03cda080a690a1cafa6ec634992929b022a9a7e11f33db0a71bb0af51be84ccf9b42fd4ec612a3b
-
Filesize
72KB
MD5b8929fe96334f156d576a900750a191b
SHA1ff1ecabaf755b5044403684b17b109b11acf820c
SHA256d34bd78eb3e7f328fa6928818b6734d03927de7bcb4cb2ec86de33e55ba7a159
SHA5121176d6235960f80140a1504c641fe73bcb5cf84d1cf2ea80f03cda080a690a1cafa6ec634992929b022a9a7e11f33db0a71bb0af51be84ccf9b42fd4ec612a3b
-
Filesize
72KB
MD50a304173a3b7a4f6f3f6b723ec826193
SHA170bb24b0f2b63c36626c36d878bc6d3bc1bc7cb2
SHA256bb1b80eccf4e61d449f7ceb5b420c5b15651ea6f36ed67c31d22283bd74687f5
SHA512e67541cf38eee294f5125643eee8c4ed2cbcfd090febf89e5a877bef05009c5764b112f91e9d9e6b17e56ef8342d845058fdd8bb926c1f26906358b0d94a0f11
-
Filesize
72KB
MD50a304173a3b7a4f6f3f6b723ec826193
SHA170bb24b0f2b63c36626c36d878bc6d3bc1bc7cb2
SHA256bb1b80eccf4e61d449f7ceb5b420c5b15651ea6f36ed67c31d22283bd74687f5
SHA512e67541cf38eee294f5125643eee8c4ed2cbcfd090febf89e5a877bef05009c5764b112f91e9d9e6b17e56ef8342d845058fdd8bb926c1f26906358b0d94a0f11
-
Filesize
72KB
MD56deb282bb481b8eead7ffd908c988856
SHA1c381c888b6a186c393c4f328c34a12c7383120fc
SHA256997670e297a422095fad460c9ac48f0fde2b823bbc11f900a5f9e54005fd732d
SHA5128e7c1fa0be564229929dadc6160ff67a41a4be082d943f26524f1bf56e31a3b68e9ba1874b692d0faf72116d40c045a48561bfa3caac0e930f4d2d7f72f76657
-
Filesize
72KB
MD56deb282bb481b8eead7ffd908c988856
SHA1c381c888b6a186c393c4f328c34a12c7383120fc
SHA256997670e297a422095fad460c9ac48f0fde2b823bbc11f900a5f9e54005fd732d
SHA5128e7c1fa0be564229929dadc6160ff67a41a4be082d943f26524f1bf56e31a3b68e9ba1874b692d0faf72116d40c045a48561bfa3caac0e930f4d2d7f72f76657
-
Filesize
72KB
MD5decefb9e668cf15f6bb3a0e2f1280b16
SHA1a1237c18c224d104b5578b504f21fa6f52f86471
SHA256b82ebdef155d05f8fd152d26718cc77a6f7450f27d211bc469b9b1e1e2e861aa
SHA512cc665109bd5b71fc55e8a8d323f06ffb7e5398722845c3905ece0ffe62d07ee880f3875760c1e9a337e934eb7808bbc8f26a8c7972a2c6cc7588b1ba078c39a2
-
Filesize
72KB
MD5decefb9e668cf15f6bb3a0e2f1280b16
SHA1a1237c18c224d104b5578b504f21fa6f52f86471
SHA256b82ebdef155d05f8fd152d26718cc77a6f7450f27d211bc469b9b1e1e2e861aa
SHA512cc665109bd5b71fc55e8a8d323f06ffb7e5398722845c3905ece0ffe62d07ee880f3875760c1e9a337e934eb7808bbc8f26a8c7972a2c6cc7588b1ba078c39a2
-
Filesize
72KB
MD5c6ba5f91b1801478d0b84c858c1101ef
SHA132cb8fba749f3d75f61074c45f87bb400a8af64c
SHA256044672c1ce0d2d641d7ac7db3fe91ecbfcf6c3b86e58a1a71f14d4a9b963e460
SHA512b2b5f5097172f22c42a915c5a3ee712bab8a2cfd80c89ba60dcf633ff983c3798c32d9aa426fbd3ca91a05f339a109241dcc38b50ee6558e9c5e79c901c00261
-
Filesize
72KB
MD5c6ba5f91b1801478d0b84c858c1101ef
SHA132cb8fba749f3d75f61074c45f87bb400a8af64c
SHA256044672c1ce0d2d641d7ac7db3fe91ecbfcf6c3b86e58a1a71f14d4a9b963e460
SHA512b2b5f5097172f22c42a915c5a3ee712bab8a2cfd80c89ba60dcf633ff983c3798c32d9aa426fbd3ca91a05f339a109241dcc38b50ee6558e9c5e79c901c00261
-
Filesize
72KB
MD51c6e17aec00385b88e878b0f4ef60fdf
SHA1989714eb603429ccfe02532eae4ad688d10b1532
SHA256c7120ffe387384490eead7820c647f62ee88ff23a16bed2b4a4b3f6af26d5e1d
SHA51223494d0c6d2742c207e540b6e68323fef3d96149bc3baf4605703ae476bda03146a27024278fc98dca1af607970b955990f36bd057da560676c8f0888e0528c0
-
Filesize
72KB
MD51c6e17aec00385b88e878b0f4ef60fdf
SHA1989714eb603429ccfe02532eae4ad688d10b1532
SHA256c7120ffe387384490eead7820c647f62ee88ff23a16bed2b4a4b3f6af26d5e1d
SHA51223494d0c6d2742c207e540b6e68323fef3d96149bc3baf4605703ae476bda03146a27024278fc98dca1af607970b955990f36bd057da560676c8f0888e0528c0
-
Filesize
72KB
MD5833d0dff4ce985070384805e1bb8a743
SHA1e6b80d3abe7ebc87b83703d0c05ab30d731699a9
SHA2565dc9e490c5f037ab3b0f79d54906b04184a9b7cec8c1fac0141a2ad6aad438f5
SHA512079fbd47eb843d07f32a5ccdba80186ba1685a419b254df8c3d88e1defccc4e16a6870c9e817770561be14e27b54e09323e56a42c7ebb7e12620e7cd3c971b23
-
Filesize
72KB
MD5833d0dff4ce985070384805e1bb8a743
SHA1e6b80d3abe7ebc87b83703d0c05ab30d731699a9
SHA2565dc9e490c5f037ab3b0f79d54906b04184a9b7cec8c1fac0141a2ad6aad438f5
SHA512079fbd47eb843d07f32a5ccdba80186ba1685a419b254df8c3d88e1defccc4e16a6870c9e817770561be14e27b54e09323e56a42c7ebb7e12620e7cd3c971b23
-
Filesize
72KB
MD59175698f7a0295f5b57f47da77e818c5
SHA19bd860d1be66420f7c054f3a62c11c9c23fa0f97
SHA2561869e55a48b11a764aedaca137ae8c44db60807b919a306d599272222a73da32
SHA512736f5963e0fc617eaf409ec10f56de51fbe9221f971c5b056312d76daa47c7f0ea20bffe2bf7d77648348ae0b6f33f206c63eb6ecdc23d70c1267563f47f054a
-
Filesize
72KB
MD59175698f7a0295f5b57f47da77e818c5
SHA19bd860d1be66420f7c054f3a62c11c9c23fa0f97
SHA2561869e55a48b11a764aedaca137ae8c44db60807b919a306d599272222a73da32
SHA512736f5963e0fc617eaf409ec10f56de51fbe9221f971c5b056312d76daa47c7f0ea20bffe2bf7d77648348ae0b6f33f206c63eb6ecdc23d70c1267563f47f054a
-
Filesize
72KB
MD5c6ba5f91b1801478d0b84c858c1101ef
SHA132cb8fba749f3d75f61074c45f87bb400a8af64c
SHA256044672c1ce0d2d641d7ac7db3fe91ecbfcf6c3b86e58a1a71f14d4a9b963e460
SHA512b2b5f5097172f22c42a915c5a3ee712bab8a2cfd80c89ba60dcf633ff983c3798c32d9aa426fbd3ca91a05f339a109241dcc38b50ee6558e9c5e79c901c00261
-
Filesize
72KB
MD5c6ba5f91b1801478d0b84c858c1101ef
SHA132cb8fba749f3d75f61074c45f87bb400a8af64c
SHA256044672c1ce0d2d641d7ac7db3fe91ecbfcf6c3b86e58a1a71f14d4a9b963e460
SHA512b2b5f5097172f22c42a915c5a3ee712bab8a2cfd80c89ba60dcf633ff983c3798c32d9aa426fbd3ca91a05f339a109241dcc38b50ee6558e9c5e79c901c00261
-
Filesize
72KB
MD540ab48ba5f325ebf49b42268e0c0cd11
SHA1c74f35d99b13c4d6ed467eae784796e611e01b9f
SHA25626d9efdbf0f75b8bd6fb0d29138d3fbc2a984cf726fa01da0ec937cd68b3c62e
SHA51243752b2d8910def824dba73f011b6408c4626831c458d3340e38d481219914f7f70375ceeee8c8976a80e713e06a8067b62880730ab2c5ffef0d3b066f1fffb5
-
Filesize
72KB
MD540ab48ba5f325ebf49b42268e0c0cd11
SHA1c74f35d99b13c4d6ed467eae784796e611e01b9f
SHA25626d9efdbf0f75b8bd6fb0d29138d3fbc2a984cf726fa01da0ec937cd68b3c62e
SHA51243752b2d8910def824dba73f011b6408c4626831c458d3340e38d481219914f7f70375ceeee8c8976a80e713e06a8067b62880730ab2c5ffef0d3b066f1fffb5
-
Filesize
72KB
MD540ab48ba5f325ebf49b42268e0c0cd11
SHA1c74f35d99b13c4d6ed467eae784796e611e01b9f
SHA25626d9efdbf0f75b8bd6fb0d29138d3fbc2a984cf726fa01da0ec937cd68b3c62e
SHA51243752b2d8910def824dba73f011b6408c4626831c458d3340e38d481219914f7f70375ceeee8c8976a80e713e06a8067b62880730ab2c5ffef0d3b066f1fffb5
-
Filesize
72KB
MD540ab48ba5f325ebf49b42268e0c0cd11
SHA1c74f35d99b13c4d6ed467eae784796e611e01b9f
SHA25626d9efdbf0f75b8bd6fb0d29138d3fbc2a984cf726fa01da0ec937cd68b3c62e
SHA51243752b2d8910def824dba73f011b6408c4626831c458d3340e38d481219914f7f70375ceeee8c8976a80e713e06a8067b62880730ab2c5ffef0d3b066f1fffb5
-
Filesize
8KB
-
Filesize
8KB