Analysis
-
max time kernel
152s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
05-12-2022 19:37
General
-
Target
06e54b660af5df4fe48398bb644745da75ea2384c971ce499b479d9b3188453e.exe
-
Size
72KB
-
MD5
09175f3e3008c5efad642b75c3ceaa05
-
SHA1
e12159ebbf35cd1afe0a854fb54986779e53122c
-
SHA256
06e54b660af5df4fe48398bb644745da75ea2384c971ce499b479d9b3188453e
-
SHA512
920641674b6f5049ad676bb3f24a5c5964819d6a9210c36ccbe3cba982997ab7cbcebb5679863428ce770a8d4e74e319c3225902fc369fd06387af45ca2c0129
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2k:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrPw
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 13 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\06e54b660af5df4fe48398bb644745da75ea2384c971ce499b479d9b3188453e.exe"C:\Users\Admin\AppData\Local\Temp\06e54b660af5df4fe48398bb644745da75ea2384c971ce499b479d9b3188453e.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3627730807\backup.exeC:\Users\Admin\AppData\Local\Temp\3627730807\backup.exe C:\Users\Admin\AppData\Local\Temp\3627730807\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\backup.exe\backup.exe \3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\odt\backup.exeC:\odt\backup.exe C:\odt\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\backup.exe"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\backup.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\7⤵
-
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\DESIGNER\backup.exe"C:\Program Files\Common Files\DESIGNER\backup.exe" C:\Program Files\Common Files\DESIGNER\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\backup.exe"C:\Program Files\Common Files\microsoft shared\backup.exe" C:\Program Files\Common Files\microsoft shared\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe"C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe" C:\Program Files\Common Files\microsoft shared\ClickToRun\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ar-SA\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\bg-BG\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\da-DK\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\el-GR\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\en-GB\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\en-US\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\es-ES\System Restore.exe"C:\Program Files\Common Files\microsoft shared\ink\es-ES\System Restore.exe" C:\Program Files\Common Files\microsoft shared\ink\es-ES\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\es-MX\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\es-MX\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\es-MX\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fi-FI\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fr-CA\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fr-CA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-CA\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\et-EE\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-FR\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\9⤵
-
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\9⤵
- Disables RegEdit via registry modification
-
-
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Java\jdk1.8.0_66\include\win32\data.exe"C:\Program Files\Java\jdk1.8.0_66\include\win32\data.exe" C:\Program Files\Java\jdk1.8.0_66\include\win32\9⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\backup.exe"C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\backup.exe" C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\10⤵
-
-
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\8⤵
-
-
C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files\Common Files\microsoft shared\OFFICE16\backup.exe"C:\Program Files\Common Files\microsoft shared\OFFICE16\backup.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\7⤵
- Disables RegEdit via registry modification
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\backup.exe"C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\backup.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
-
C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\Source Engine\backup.exe"C:\Program Files\Common Files\microsoft shared\Source Engine\backup.exe" C:\Program Files\Common Files\microsoft shared\Source Engine\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\Stationery\System Restore.exe"C:\Program Files\Common Files\microsoft shared\Stationery\System Restore.exe" C:\Program Files\Common Files\microsoft shared\Stationery\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\TextConv\backup.exe"C:\Program Files\Common Files\microsoft shared\TextConv\backup.exe" C:\Program Files\Common Files\microsoft shared\TextConv\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\microsoft shared\TextConv\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\TextConv\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
C:\Program Files\Common Files\microsoft shared\Triedit\backup.exe"C:\Program Files\Common Files\microsoft shared\Triedit\backup.exe" C:\Program Files\Common Files\microsoft shared\Triedit\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Common Files\microsoft shared\Triedit\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\Triedit\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\Triedit\en-US\8⤵
- System policy modification
-
-
-
C:\Program Files\Common Files\microsoft shared\VC\backup.exe"C:\Program Files\Common Files\microsoft shared\VC\backup.exe" C:\Program Files\Common Files\microsoft shared\VC\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\microsoft shared\VGX\backup.exe"C:\Program Files\Common Files\microsoft shared\VGX\backup.exe" C:\Program Files\Common Files\microsoft shared\VGX\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\microsoft shared\VSTO\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\10.0\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\10.0\8⤵
-
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\System\ado\System Restore.exe"C:\Program Files\Common Files\System\ado\System Restore.exe" C:\Program Files\Common Files\System\ado\7⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
-
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
-
-
C:\Program Files\Common Files\System\ado\es-ES\System Restore.exe"C:\Program Files\Common Files\System\ado\es-ES\System Restore.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
-
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\data.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\data.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\8⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\9⤵
- Executes dropped EXE
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\9⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\10⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\11⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\11⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\12⤵
-
-
-
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\9⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\10⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\11⤵
- System policy modification
-
-
-
-
-
C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe"C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
-
-
-
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\de-DE\update.exe"C:\Program Files\Internet Explorer\de-DE\update.exe" C:\Program Files\Internet Explorer\de-DE\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Internet Explorer\en-US\backup.exe"C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Internet Explorer\es-ES\backup.exe"C:\Program Files\Internet Explorer\es-ES\backup.exe" C:\Program Files\Internet Explorer\es-ES\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Internet Explorer\fr-FR\backup.exe"C:\Program Files\Internet Explorer\fr-FR\backup.exe" C:\Program Files\Internet Explorer\fr-FR\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
-
-
C:\Program Files\Internet Explorer\images\backup.exe"C:\Program Files\Internet Explorer\images\backup.exe" C:\Program Files\Internet Explorer\images\6⤵
-
-
C:\Program Files\Internet Explorer\it-IT\backup.exe"C:\Program Files\Internet Explorer\it-IT\backup.exe" C:\Program Files\Internet Explorer\it-IT\6⤵
-
-
C:\Program Files\Internet Explorer\ja-JP\backup.exe"C:\Program Files\Internet Explorer\ja-JP\backup.exe" C:\Program Files\Internet Explorer\ja-JP\6⤵
- System policy modification
-
-
C:\Program Files\Internet Explorer\SIGNUP\backup.exe"C:\Program Files\Internet Explorer\SIGNUP\backup.exe" C:\Program Files\Internet Explorer\SIGNUP\6⤵
-
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
- Executes dropped EXE
- System policy modification
-
C:\Program Files\Java\jdk1.8.0_66\backup.exe"C:\Program Files\Java\jdk1.8.0_66\backup.exe" C:\Program Files\Java\jdk1.8.0_66\6⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\bin\7⤵
-
-
C:\Program Files\Java\jdk1.8.0_66\db\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\db\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\bin\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Java\jdk1.8.0_66\db\lib\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\lib\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\lib\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
C:\Program Files\Java\jdk1.8.0_66\include\backup.exe"C:\Program Files\Java\jdk1.8.0_66\include\backup.exe" C:\Program Files\Java\jdk1.8.0_66\include\7⤵
-
-
C:\Program Files\Java\jdk1.8.0_66\jre\System Restore.exe"C:\Program Files\Java\jdk1.8.0_66\jre\System Restore.exe" C:\Program Files\Java\jdk1.8.0_66\jre\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Java\jdk1.8.0_66\jre\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\bin\8⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\jre\bin\dtplugin\data.exe"C:\Program Files\Java\jdk1.8.0_66\jre\bin\dtplugin\data.exe" C:\Program Files\Java\jdk1.8.0_66\jre\bin\dtplugin\9⤵
-
-
-
-
-
C:\Program Files\Java\jre1.8.0_66\backup.exe"C:\Program Files\Java\jre1.8.0_66\backup.exe" C:\Program Files\Java\jre1.8.0_66\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Java\jre1.8.0_66\bin\backup.exe"C:\Program Files\Java\jre1.8.0_66\bin\backup.exe" C:\Program Files\Java\jre1.8.0_66\bin\7⤵
-
-
-
-
C:\Program Files\Microsoft Office\backup.exe"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\5⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Microsoft Office\Office16\backup.exe"C:\Program Files\Microsoft Office\Office16\backup.exe" C:\Program Files\Microsoft Office\Office16\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Microsoft Office\PackageManifests\backup.exe"C:\Program Files\Microsoft Office\PackageManifests\backup.exe" C:\Program Files\Microsoft Office\PackageManifests\6⤵
-
-
C:\Program Files\Microsoft Office\root\backup.exe"C:\Program Files\Microsoft Office\root\backup.exe" C:\Program Files\Microsoft Office\root\6⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Microsoft Office\root\Document Themes 16\backup.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\backup.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\backup.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
-
C:\Program Files\Microsoft Office\root\Client\backup.exe"C:\Program Files\Microsoft Office\root\Client\backup.exe" C:\Program Files\Microsoft Office\root\Client\7⤵
-
-
C:\Program Files\Microsoft Office\root\fre\backup.exe"C:\Program Files\Microsoft Office\root\fre\backup.exe" C:\Program Files\Microsoft Office\root\fre\7⤵
-
-
C:\Program Files\Microsoft Office\root\Integration\update.exe"C:\Program Files\Microsoft Office\root\Integration\update.exe" C:\Program Files\Microsoft Office\root\Integration\7⤵
-
-
-
-
C:\Program Files\Microsoft Office 15\backup.exe"C:\Program Files\Microsoft Office 15\backup.exe" C:\Program Files\Microsoft Office 15\5⤵
-
C:\Program Files\Microsoft Office 15\ClientX64\backup.exe"C:\Program Files\Microsoft Office 15\ClientX64\backup.exe" C:\Program Files\Microsoft Office 15\ClientX64\6⤵
- System policy modification
-
-
-
C:\Program Files\Mozilla Firefox\backup.exe"C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Mozilla Firefox\browser\backup.exe"C:\Program Files\Mozilla Firefox\browser\backup.exe" C:\Program Files\Mozilla Firefox\browser\6⤵
-
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\update.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\9⤵
- Executes dropped EXE
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\8⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\9⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\update.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\9⤵
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\8⤵
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\update.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\9⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\9⤵
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\8⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\9⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\7⤵
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\8⤵
-
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
-
C:\Program Files (x86)\Common Files\Adobe\ARM\backup.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\backup.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\7⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\backup.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe"C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\8⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Common Files\Adobe\Reader\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\7⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\8⤵
- Disables RegEdit via registry modification
-
-
-
-
C:\Program Files (x86)\Common Files\Java\backup.exe"C:\Program Files (x86)\Common Files\Java\backup.exe" C:\Program Files (x86)\Common Files\Java\6⤵
- Drops file in Program Files directory
- System policy modification
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Google\CrashReports\backup.exe"C:\Program Files (x86)\Google\CrashReports\backup.exe" C:\Program Files (x86)\Google\CrashReports\6⤵
-
-
C:\Program Files (x86)\Google\Policies\backup.exe"C:\Program Files (x86)\Google\Policies\backup.exe" C:\Program Files (x86)\Google\Policies\6⤵
- System policy modification
-
-
C:\Program Files (x86)\Google\Temp\backup.exe"C:\Program Files (x86)\Google\Temp\backup.exe" C:\Program Files (x86)\Google\Temp\6⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Google\Update\backup.exe"C:\Program Files (x86)\Google\Update\backup.exe" C:\Program Files (x86)\Google\Update\6⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Google\Update\1.3.36.71\backup.exe"C:\Program Files (x86)\Google\Update\1.3.36.71\backup.exe" C:\Program Files (x86)\Google\Update\1.3.36.71\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Google\Update\Download\backup.exe"C:\Program Files (x86)\Google\Update\Download\backup.exe" C:\Program Files (x86)\Google\Update\Download\7⤵
- System policy modification
-
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\backup.exe"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\backup.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\8⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
-
-
C:\Program Files (x86)\Google\Update\Install\backup.exe"C:\Program Files (x86)\Google\Update\Install\backup.exe" C:\Program Files (x86)\Google\Update\Install\7⤵
-
C:\Program Files (x86)\Google\Update\Install\{9FE34FF4-CC04-4D7E-96B4-2FFAA3FF5050}\backup.exe"C:\Program Files (x86)\Google\Update\Install\{9FE34FF4-CC04-4D7E-96B4-2FFAA3FF5050}\backup.exe" C:\Program Files (x86)\Google\Update\Install\{9FE34FF4-CC04-4D7E-96B4-2FFAA3FF5050}\8⤵
-
-
-
C:\Program Files (x86)\Google\Update\Offline\backup.exe"C:\Program Files (x86)\Google\Update\Offline\backup.exe" C:\Program Files (x86)\Google\Update\Offline\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe"C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe" C:\Program Files (x86)\Internet Explorer\de-DE\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Internet Explorer\en-US\backup.exe"C:\Program Files (x86)\Internet Explorer\en-US\backup.exe" C:\Program Files (x86)\Internet Explorer\en-US\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe"C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe" C:\Program Files (x86)\Internet Explorer\es-ES\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Internet Explorer\fr-FR\backup.exe"C:\Program Files (x86)\Internet Explorer\fr-FR\backup.exe" C:\Program Files (x86)\Internet Explorer\fr-FR\6⤵
-
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Users\Admin\3D Objects\backup.exe"C:\Users\Admin\3D Objects\backup.exe" C:\Users\Admin\3D Objects\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Favorites\backup.exeC:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Links\backup.exeC:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Music\backup.exeC:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\6⤵
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\OneDrive\backup.exeC:\Users\Admin\OneDrive\backup.exe C:\Users\Admin\OneDrive\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Users\Admin\Pictures\backup.exeC:\Users\Admin\Pictures\backup.exe C:\Users\Admin\Pictures\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Users\Admin\Pictures\Camera Roll\backup.exe"C:\Users\Admin\Pictures\Camera Roll\backup.exe" C:\Users\Admin\Pictures\Camera Roll\7⤵
- Disables RegEdit via registry modification
-
-
C:\Users\Admin\Pictures\Saved Pictures\backup.exe"C:\Users\Admin\Pictures\Saved Pictures\backup.exe" C:\Users\Admin\Pictures\Saved Pictures\7⤵
-
-
-
C:\Users\Admin\Saved Games\backup.exe"C:\Users\Admin\Saved Games\backup.exe" C:\Users\Admin\Saved Games\6⤵
- System policy modification
-
-
C:\Users\Admin\Searches\backup.exeC:\Users\Admin\Searches\backup.exe C:\Users\Admin\Searches\6⤵
- System policy modification
-
-
C:\Users\Admin\Videos\update.exeC:\Users\Admin\Videos\update.exe C:\Users\Admin\Videos\6⤵
- System policy modification
-
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Public\Documents\backup.exeC:\Users\Public\Documents\backup.exe C:\Users\Public\Documents\6⤵
- Disables RegEdit via registry modification
-
-
C:\Users\Public\Downloads\backup.exeC:\Users\Public\Downloads\backup.exe C:\Users\Public\Downloads\6⤵
- Disables RegEdit via registry modification
-
-
C:\Users\Public\Music\backup.exeC:\Users\Public\Music\backup.exe C:\Users\Public\Music\6⤵
-
-
C:\Users\Public\Pictures\backup.exeC:\Users\Public\Pictures\backup.exe C:\Users\Public\Pictures\6⤵
-
-
C:\Users\Public\Videos\backup.exeC:\Users\Public\Videos\backup.exe C:\Users\Public\Videos\6⤵
- System policy modification
-
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
-
-
C:\Windows\appcompat\update.exeC:\Windows\appcompat\update.exe C:\Windows\appcompat\5⤵
- Drops file in Windows directory
- System policy modification
-
C:\Windows\appcompat\appraiser\backup.exeC:\Windows\appcompat\appraiser\backup.exe C:\Windows\appcompat\appraiser\6⤵
- Drops file in Windows directory
- System policy modification
-
C:\Windows\appcompat\appraiser\Telemetry\backup.exeC:\Windows\appcompat\appraiser\Telemetry\backup.exe C:\Windows\appcompat\appraiser\Telemetry\7⤵
-
-
-
C:\Windows\appcompat\encapsulation\backup.exeC:\Windows\appcompat\encapsulation\backup.exe C:\Windows\appcompat\encapsulation\6⤵
-
-
C:\Windows\appcompat\Programs\backup.exeC:\Windows\appcompat\Programs\backup.exe C:\Windows\appcompat\Programs\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
-
C:\Windows\apppatch\backup.exeC:\Windows\apppatch\backup.exe C:\Windows\apppatch\5⤵
- Drops file in Windows directory
- System policy modification
-
C:\Windows\apppatch\AppPatch64\backup.exeC:\Windows\apppatch\AppPatch64\backup.exe C:\Windows\apppatch\AppPatch64\6⤵
-
-
C:\Windows\apppatch\Custom\backup.exeC:\Windows\apppatch\Custom\backup.exe C:\Windows\apppatch\Custom\6⤵
- Drops file in Windows directory
-
C:\Windows\apppatch\Custom\Custom64\update.exeC:\Windows\apppatch\Custom\Custom64\update.exe C:\Windows\apppatch\Custom\Custom64\7⤵
-
-
-
C:\Windows\apppatch\CustomSDB\backup.exeC:\Windows\apppatch\CustomSDB\backup.exe C:\Windows\apppatch\CustomSDB\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\apppatch\de-DE\backup.exeC:\Windows\apppatch\de-DE\backup.exe C:\Windows\apppatch\de-DE\6⤵
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exeC:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe C:\Users\Admin\AppData\Local\Temp\acrocef_low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\System Restore.exe"C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\System Restore.exe" C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\update.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\1⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\1⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\update.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\2⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\2⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\System Restore.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\System Restore.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\backup.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\1⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD5cc290f4be677ae4c0d5ca0837b6ecd11
SHA195acff3c6bf703a18b0b21813f959280a2202fc6
SHA256f3a7494698fd86607df64955e8cca8a68d7e2e5feb7f72f106199bc5238e6156
SHA51212e398cb69982a01548b8dd0070eac10448120af74054ae6c85448390afb1711f186844bbb98c90c48e6f13bfb554f5b9877e9052c74d20370e9e20ddf7264f6
-
Filesize
72KB
MD5cc290f4be677ae4c0d5ca0837b6ecd11
SHA195acff3c6bf703a18b0b21813f959280a2202fc6
SHA256f3a7494698fd86607df64955e8cca8a68d7e2e5feb7f72f106199bc5238e6156
SHA51212e398cb69982a01548b8dd0070eac10448120af74054ae6c85448390afb1711f186844bbb98c90c48e6f13bfb554f5b9877e9052c74d20370e9e20ddf7264f6
-
Filesize
72KB
MD581d1d284eff0a2b93caa44d3dfeadd21
SHA1cdb6f2deb60749d5ba95a2f6f6e74c686560289d
SHA256a08e6349d9e95663e2671c65e5815aa4c499e7eed16664306f30378f7ae05300
SHA5127686cf5f3e510f20832b12c0133c9a57ec611fa8cfbc4eccf8e8fc03848acd2bedf1dd52d90e70b3dfd41842f4db477de99df27a4c88026ac63dc1ab09a78815
-
Filesize
72KB
MD581d1d284eff0a2b93caa44d3dfeadd21
SHA1cdb6f2deb60749d5ba95a2f6f6e74c686560289d
SHA256a08e6349d9e95663e2671c65e5815aa4c499e7eed16664306f30378f7ae05300
SHA5127686cf5f3e510f20832b12c0133c9a57ec611fa8cfbc4eccf8e8fc03848acd2bedf1dd52d90e70b3dfd41842f4db477de99df27a4c88026ac63dc1ab09a78815
-
Filesize
72KB
MD5e3866ab29f281f80b9fa771e959e41c8
SHA1817e198636dcb401cb2119336ccba7b48e3437f4
SHA2567d23e4ef2943e9e525bb93a0dc27697c8385fd9a00d4899c266dabc8515cbb1c
SHA5121aea88b495457ed3daa1502e9be1931b213e708e25b87099ccde9ecf0e1b39ccfffc2ba3688da1a7934ce2a45a12c5b030d4a6df2632bf17002a011167c5064b
-
Filesize
72KB
MD5e3866ab29f281f80b9fa771e959e41c8
SHA1817e198636dcb401cb2119336ccba7b48e3437f4
SHA2567d23e4ef2943e9e525bb93a0dc27697c8385fd9a00d4899c266dabc8515cbb1c
SHA5121aea88b495457ed3daa1502e9be1931b213e708e25b87099ccde9ecf0e1b39ccfffc2ba3688da1a7934ce2a45a12c5b030d4a6df2632bf17002a011167c5064b
-
Filesize
72KB
MD5cfc47f4b44ae22ef114f0ab445403ba2
SHA14d6e5ef8ac629c75640101a7789e86888b8f4bb3
SHA2566283e821fbe3db83e5bbf5e7427635a398f46341c0ebc42d8263ab1bfd506088
SHA512fc0e19447745593e38174a88e430b6d0a4cfd8c58c1915a7cfa596cf1075fb26bf3f0e5668165e1dda70e5194eb622cbbc74785ac69a2f0e06e566ce0b11034a
-
Filesize
72KB
MD5cfc47f4b44ae22ef114f0ab445403ba2
SHA14d6e5ef8ac629c75640101a7789e86888b8f4bb3
SHA2566283e821fbe3db83e5bbf5e7427635a398f46341c0ebc42d8263ab1bfd506088
SHA512fc0e19447745593e38174a88e430b6d0a4cfd8c58c1915a7cfa596cf1075fb26bf3f0e5668165e1dda70e5194eb622cbbc74785ac69a2f0e06e566ce0b11034a
-
Filesize
72KB
MD5f3297684a0e752a3eea5135eeb037938
SHA10e694e5b8a350c20d4537942a93d736fac728a19
SHA256c07ec192db4b07781179e0d68720cabf936f3eb06a76690ba996ece9faf2d18d
SHA5124bcecd710802cddf90b8ac838044c4a59e077d83eb1420f9ed160a03ad65988b29c9e24042e689e4f966f6356daeaa59bbeffa6e8916d6b80f697b4042dde4ac
-
Filesize
72KB
MD5f3297684a0e752a3eea5135eeb037938
SHA10e694e5b8a350c20d4537942a93d736fac728a19
SHA256c07ec192db4b07781179e0d68720cabf936f3eb06a76690ba996ece9faf2d18d
SHA5124bcecd710802cddf90b8ac838044c4a59e077d83eb1420f9ed160a03ad65988b29c9e24042e689e4f966f6356daeaa59bbeffa6e8916d6b80f697b4042dde4ac
-
Filesize
72KB
MD5f4ce4cc0245bae0622f897b226add84b
SHA15db6b56e70c4cc821e638ae2700eaa4b4cc116c6
SHA256c30dde3f739f30331d297ff9470ef3cf9fde5f83da0223cfffce86f428c41b02
SHA512712411a8955ed4493d5016f615903151bec4b986df72a53a9a1ae71a4530ee308e3e382ce5b9fa553258cfab3b82095e55179b99b424c1a96a4c6a129414eb19
-
Filesize
72KB
MD5f4ce4cc0245bae0622f897b226add84b
SHA15db6b56e70c4cc821e638ae2700eaa4b4cc116c6
SHA256c30dde3f739f30331d297ff9470ef3cf9fde5f83da0223cfffce86f428c41b02
SHA512712411a8955ed4493d5016f615903151bec4b986df72a53a9a1ae71a4530ee308e3e382ce5b9fa553258cfab3b82095e55179b99b424c1a96a4c6a129414eb19
-
Filesize
72KB
MD5ffdd14aa2348301ea608a746d7e37a3f
SHA10c70558d120404521b42cfd0d2da0772279201ff
SHA256b1507c4e9cafbd18912f061af27d2a9283be7a8148ef9e1945934eb9cc7334dd
SHA51257134be0fb83b74992ef6ec3be424d0d1af77b16dd6e3efd9a5d8b34a5da054b154be274bf965467f309344d18d7947bf59d36d2cb0f534f614eb15e135c1942
-
Filesize
72KB
MD5ffdd14aa2348301ea608a746d7e37a3f
SHA10c70558d120404521b42cfd0d2da0772279201ff
SHA256b1507c4e9cafbd18912f061af27d2a9283be7a8148ef9e1945934eb9cc7334dd
SHA51257134be0fb83b74992ef6ec3be424d0d1af77b16dd6e3efd9a5d8b34a5da054b154be274bf965467f309344d18d7947bf59d36d2cb0f534f614eb15e135c1942
-
Filesize
72KB
MD5e16bff992800e8fb34d6f0f03fdb0025
SHA1d209e80c9f1573460b8f696f2c7d589e0566d1ac
SHA2569ad280a2c357a06225737291c10c7f51bd3d4c6808362862b4c90b1a386ed2ae
SHA512f7e9536d7eeb69a91f69854744c7a248e3e82c7a37058dd6c894dca384795aa6ee8b99bf94983d2b1648c928287e9ab44bc393ac62c675750d62de83c3134437
-
Filesize
72KB
MD5e16bff992800e8fb34d6f0f03fdb0025
SHA1d209e80c9f1573460b8f696f2c7d589e0566d1ac
SHA2569ad280a2c357a06225737291c10c7f51bd3d4c6808362862b4c90b1a386ed2ae
SHA512f7e9536d7eeb69a91f69854744c7a248e3e82c7a37058dd6c894dca384795aa6ee8b99bf94983d2b1648c928287e9ab44bc393ac62c675750d62de83c3134437
-
Filesize
72KB
MD56f36afb358a832072c6eabc2d0891a81
SHA138fe98966bfc1614dfb51212e631a8c1b2947acd
SHA256a6a237bc6cbaf8f24325d115213d2678d5c614cc0c276b794f3260b09f4d32fa
SHA512f8dedd7d32836df2564ff8b29b71da2e7a13923af99eabb5bf0c8abc94791eed0291a0d9135ed1e446b3178ad88464abe4d3a4b85d856b34c9effe6cd2e0154f
-
Filesize
72KB
MD56f36afb358a832072c6eabc2d0891a81
SHA138fe98966bfc1614dfb51212e631a8c1b2947acd
SHA256a6a237bc6cbaf8f24325d115213d2678d5c614cc0c276b794f3260b09f4d32fa
SHA512f8dedd7d32836df2564ff8b29b71da2e7a13923af99eabb5bf0c8abc94791eed0291a0d9135ed1e446b3178ad88464abe4d3a4b85d856b34c9effe6cd2e0154f
-
Filesize
72KB
MD57ca5f3717f8166e33ae35255bf473374
SHA104848a1296c11f41b28f609e6ae8f600ff682ea5
SHA25677cb2f38c5c15b1f8634209c695c852455338f7a39d4e020effdba8805f0ebed
SHA5124aeebaba89fa103aa604e0c99a0998166c94e943d365ee0cdf559d84cf4b0841ff4a7009eebe794b6c4636f7b0d3ea4dd79b846a307936b200fbe263137d2c67
-
Filesize
72KB
MD57ca5f3717f8166e33ae35255bf473374
SHA104848a1296c11f41b28f609e6ae8f600ff682ea5
SHA25677cb2f38c5c15b1f8634209c695c852455338f7a39d4e020effdba8805f0ebed
SHA5124aeebaba89fa103aa604e0c99a0998166c94e943d365ee0cdf559d84cf4b0841ff4a7009eebe794b6c4636f7b0d3ea4dd79b846a307936b200fbe263137d2c67
-
Filesize
72KB
MD547de7cbbae6fa19f642ce6275e630ead
SHA12c4ca111f2ec164e6f37dd97938e3705d6ed9d81
SHA25616851fa9f5b8f7de39e452bcffe05b0968f093b87be76d850eb78331155a517d
SHA512466547e87742d9ac433151877bfee13e799edf9635350b511e5c729a4e0f0514dd4332da2f43512f0c0f119182fea628a67d381965a3f64d8cfb82d33228a4f6
-
Filesize
72KB
MD547de7cbbae6fa19f642ce6275e630ead
SHA12c4ca111f2ec164e6f37dd97938e3705d6ed9d81
SHA25616851fa9f5b8f7de39e452bcffe05b0968f093b87be76d850eb78331155a517d
SHA512466547e87742d9ac433151877bfee13e799edf9635350b511e5c729a4e0f0514dd4332da2f43512f0c0f119182fea628a67d381965a3f64d8cfb82d33228a4f6
-
Filesize
72KB
MD56f36afb358a832072c6eabc2d0891a81
SHA138fe98966bfc1614dfb51212e631a8c1b2947acd
SHA256a6a237bc6cbaf8f24325d115213d2678d5c614cc0c276b794f3260b09f4d32fa
SHA512f8dedd7d32836df2564ff8b29b71da2e7a13923af99eabb5bf0c8abc94791eed0291a0d9135ed1e446b3178ad88464abe4d3a4b85d856b34c9effe6cd2e0154f
-
Filesize
72KB
MD56f36afb358a832072c6eabc2d0891a81
SHA138fe98966bfc1614dfb51212e631a8c1b2947acd
SHA256a6a237bc6cbaf8f24325d115213d2678d5c614cc0c276b794f3260b09f4d32fa
SHA512f8dedd7d32836df2564ff8b29b71da2e7a13923af99eabb5bf0c8abc94791eed0291a0d9135ed1e446b3178ad88464abe4d3a4b85d856b34c9effe6cd2e0154f
-
Filesize
72KB
MD578b28e8edc1de8e8aeb05797d1917ab1
SHA18b499c06da98bb145caad6e98014b27b1f49cf4b
SHA25648054588b4312d1957ca24c0b2e0e76a87799a8068b73a94f558789c6aa14c75
SHA512002e6b99e6e6c9e27d601b86a9d195bbe7666dcd86adc8b0e390f42849c23debe1c793f729f8dce5993a8f3530ba675c7165f578b0936d14ea06727371dcbe03
-
Filesize
72KB
MD578b28e8edc1de8e8aeb05797d1917ab1
SHA18b499c06da98bb145caad6e98014b27b1f49cf4b
SHA25648054588b4312d1957ca24c0b2e0e76a87799a8068b73a94f558789c6aa14c75
SHA512002e6b99e6e6c9e27d601b86a9d195bbe7666dcd86adc8b0e390f42849c23debe1c793f729f8dce5993a8f3530ba675c7165f578b0936d14ea06727371dcbe03
-
Filesize
72KB
MD5a32ac3b0d9fa6c9e895e0ea2a5ea09c3
SHA19153eeee501631f41a14c138c3bf34028256fab5
SHA25653ef1f50194eec7397cacea0d7d977f332c3cd3bd63f1f18b92efc079ac60367
SHA512ded11b9615841f8b0c731dea03a3a75927e022e98c16a8335040710c3eaca1877e381aa2104a070529f382f2ad4340723caa02fd2e86e1ab8f3c37a970612171
-
Filesize
72KB
MD5a32ac3b0d9fa6c9e895e0ea2a5ea09c3
SHA19153eeee501631f41a14c138c3bf34028256fab5
SHA25653ef1f50194eec7397cacea0d7d977f332c3cd3bd63f1f18b92efc079ac60367
SHA512ded11b9615841f8b0c731dea03a3a75927e022e98c16a8335040710c3eaca1877e381aa2104a070529f382f2ad4340723caa02fd2e86e1ab8f3c37a970612171
-
Filesize
72KB
MD5350f5da14b935129efe5ef1db8eb7a8c
SHA1f70ac6241ad2a1af0d5bf61824b32531cf07a7f5
SHA25650a9a25991f7c41715d2d8b9ba266556d3e8369cd83dd2a8743e22e122462b7a
SHA5120c510cc5635c0af394219dfaf087585f373e86a1183d9458829b49decc17b3fa46d6297028c2492491a27f11840c6af30940af46fb66ff3b506922620fa50cfe
-
Filesize
72KB
MD5350f5da14b935129efe5ef1db8eb7a8c
SHA1f70ac6241ad2a1af0d5bf61824b32531cf07a7f5
SHA25650a9a25991f7c41715d2d8b9ba266556d3e8369cd83dd2a8743e22e122462b7a
SHA5120c510cc5635c0af394219dfaf087585f373e86a1183d9458829b49decc17b3fa46d6297028c2492491a27f11840c6af30940af46fb66ff3b506922620fa50cfe
-
Filesize
72KB
MD54dd470f42f267eab2ac533d5b66bfc9c
SHA1473d4a694d4f4b2b4c99f3b45d8255dd3629331b
SHA25674486a45111af608e08a8bbda0a5074e1888257c540f7eb75bff099f24f3116e
SHA51267fe8378eeb98abdbc0ad5f991c1f3865e12256c602235d72a2232f34a656507702f7d32a04ac19a65fd5c3298ab598de7f0e38c334efc12e128b644f4b5e8d6
-
Filesize
72KB
MD54dd470f42f267eab2ac533d5b66bfc9c
SHA1473d4a694d4f4b2b4c99f3b45d8255dd3629331b
SHA25674486a45111af608e08a8bbda0a5074e1888257c540f7eb75bff099f24f3116e
SHA51267fe8378eeb98abdbc0ad5f991c1f3865e12256c602235d72a2232f34a656507702f7d32a04ac19a65fd5c3298ab598de7f0e38c334efc12e128b644f4b5e8d6
-
Filesize
72KB
MD5cddf18ff602854c623558dfad59a00da
SHA1bad588ca2c5c16cfc6a699998b412d1ace1ca8d3
SHA256e513d3d3cc65679c093d239e9870787e6b9b603ed344d4d26a16b3f3c937f684
SHA5124da7fdfd76e033b81b8058deef0f0157b07ad7968568edab8a3431bb16254a9d8d10f3f78a44663c8d2e93194f3bf264e5b3023c4f9dd2f35c57f4003d71043c
-
Filesize
72KB
MD5cddf18ff602854c623558dfad59a00da
SHA1bad588ca2c5c16cfc6a699998b412d1ace1ca8d3
SHA256e513d3d3cc65679c093d239e9870787e6b9b603ed344d4d26a16b3f3c937f684
SHA5124da7fdfd76e033b81b8058deef0f0157b07ad7968568edab8a3431bb16254a9d8d10f3f78a44663c8d2e93194f3bf264e5b3023c4f9dd2f35c57f4003d71043c
-
Filesize
72KB
MD5cc290f4be677ae4c0d5ca0837b6ecd11
SHA195acff3c6bf703a18b0b21813f959280a2202fc6
SHA256f3a7494698fd86607df64955e8cca8a68d7e2e5feb7f72f106199bc5238e6156
SHA51212e398cb69982a01548b8dd0070eac10448120af74054ae6c85448390afb1711f186844bbb98c90c48e6f13bfb554f5b9877e9052c74d20370e9e20ddf7264f6
-
Filesize
72KB
MD5cc290f4be677ae4c0d5ca0837b6ecd11
SHA195acff3c6bf703a18b0b21813f959280a2202fc6
SHA256f3a7494698fd86607df64955e8cca8a68d7e2e5feb7f72f106199bc5238e6156
SHA51212e398cb69982a01548b8dd0070eac10448120af74054ae6c85448390afb1711f186844bbb98c90c48e6f13bfb554f5b9877e9052c74d20370e9e20ddf7264f6
-
Filesize
72KB
MD5e21bccd511b2f7fc5c08be93e8c0c3a2
SHA186a2bb7e48cf3d1f9b51485fef853730cffb4f89
SHA256347504dad2c62546edd996cb1e3c9365301ffb784943943509e375274880744d
SHA512b1062b2cca007f8846ae37074fa617563be598afc11c48002c5bce1377ce68f67f988d841d48e8194d4646dab4d747b8aa58c2744b0e9fba7283331c5938212c
-
Filesize
72KB
MD5e21bccd511b2f7fc5c08be93e8c0c3a2
SHA186a2bb7e48cf3d1f9b51485fef853730cffb4f89
SHA256347504dad2c62546edd996cb1e3c9365301ffb784943943509e375274880744d
SHA512b1062b2cca007f8846ae37074fa617563be598afc11c48002c5bce1377ce68f67f988d841d48e8194d4646dab4d747b8aa58c2744b0e9fba7283331c5938212c
-
Filesize
72KB
MD5d233242f92dae67e934dab1e948149c7
SHA144e179a142d4d9f8f185827dbd77919d9924f65b
SHA256e176741b05c9e2cf173c275903cdd56ce395e324fb8dca4ba08c89bc6a9388a4
SHA5124044e40a73ff77ce96d9d58322f92885084b9943c8b376cf62453dff4b239277a3f38560d9cc71371bfef88eeae0003d8819eaa4c2c1b3c648f9b939ce671e40
-
Filesize
72KB
MD5d233242f92dae67e934dab1e948149c7
SHA144e179a142d4d9f8f185827dbd77919d9924f65b
SHA256e176741b05c9e2cf173c275903cdd56ce395e324fb8dca4ba08c89bc6a9388a4
SHA5124044e40a73ff77ce96d9d58322f92885084b9943c8b376cf62453dff4b239277a3f38560d9cc71371bfef88eeae0003d8819eaa4c2c1b3c648f9b939ce671e40
-
Filesize
72KB
MD5d233242f92dae67e934dab1e948149c7
SHA144e179a142d4d9f8f185827dbd77919d9924f65b
SHA256e176741b05c9e2cf173c275903cdd56ce395e324fb8dca4ba08c89bc6a9388a4
SHA5124044e40a73ff77ce96d9d58322f92885084b9943c8b376cf62453dff4b239277a3f38560d9cc71371bfef88eeae0003d8819eaa4c2c1b3c648f9b939ce671e40
-
Filesize
72KB
MD5d233242f92dae67e934dab1e948149c7
SHA144e179a142d4d9f8f185827dbd77919d9924f65b
SHA256e176741b05c9e2cf173c275903cdd56ce395e324fb8dca4ba08c89bc6a9388a4
SHA5124044e40a73ff77ce96d9d58322f92885084b9943c8b376cf62453dff4b239277a3f38560d9cc71371bfef88eeae0003d8819eaa4c2c1b3c648f9b939ce671e40
-
Filesize
72KB
MD5d233242f92dae67e934dab1e948149c7
SHA144e179a142d4d9f8f185827dbd77919d9924f65b
SHA256e176741b05c9e2cf173c275903cdd56ce395e324fb8dca4ba08c89bc6a9388a4
SHA5124044e40a73ff77ce96d9d58322f92885084b9943c8b376cf62453dff4b239277a3f38560d9cc71371bfef88eeae0003d8819eaa4c2c1b3c648f9b939ce671e40
-
Filesize
72KB
MD5d233242f92dae67e934dab1e948149c7
SHA144e179a142d4d9f8f185827dbd77919d9924f65b
SHA256e176741b05c9e2cf173c275903cdd56ce395e324fb8dca4ba08c89bc6a9388a4
SHA5124044e40a73ff77ce96d9d58322f92885084b9943c8b376cf62453dff4b239277a3f38560d9cc71371bfef88eeae0003d8819eaa4c2c1b3c648f9b939ce671e40
-
Filesize
72KB
MD5f7ca1a1611b7317d1ef7a86f0e442b64
SHA1c7365abe0e403b2586c464a0c89ffb14603bf9d3
SHA2568d5c1fed3ad98ecab71237d15388c681dee3bc76155d5a344313b7c1b7127c05
SHA5129fb538d7416788f7259caf7660719e55adc3741bafa084e351284b85dcdb31391635df6b8d07d220089a86c91cf37a0f5d88ecf24e0cb36aaa82ac69b01a9650
-
Filesize
72KB
MD5f7ca1a1611b7317d1ef7a86f0e442b64
SHA1c7365abe0e403b2586c464a0c89ffb14603bf9d3
SHA2568d5c1fed3ad98ecab71237d15388c681dee3bc76155d5a344313b7c1b7127c05
SHA5129fb538d7416788f7259caf7660719e55adc3741bafa084e351284b85dcdb31391635df6b8d07d220089a86c91cf37a0f5d88ecf24e0cb36aaa82ac69b01a9650
-
Filesize
72KB
MD5d233242f92dae67e934dab1e948149c7
SHA144e179a142d4d9f8f185827dbd77919d9924f65b
SHA256e176741b05c9e2cf173c275903cdd56ce395e324fb8dca4ba08c89bc6a9388a4
SHA5124044e40a73ff77ce96d9d58322f92885084b9943c8b376cf62453dff4b239277a3f38560d9cc71371bfef88eeae0003d8819eaa4c2c1b3c648f9b939ce671e40
-
Filesize
72KB
MD5d233242f92dae67e934dab1e948149c7
SHA144e179a142d4d9f8f185827dbd77919d9924f65b
SHA256e176741b05c9e2cf173c275903cdd56ce395e324fb8dca4ba08c89bc6a9388a4
SHA5124044e40a73ff77ce96d9d58322f92885084b9943c8b376cf62453dff4b239277a3f38560d9cc71371bfef88eeae0003d8819eaa4c2c1b3c648f9b939ce671e40
-
Filesize
72KB
MD5d233242f92dae67e934dab1e948149c7
SHA144e179a142d4d9f8f185827dbd77919d9924f65b
SHA256e176741b05c9e2cf173c275903cdd56ce395e324fb8dca4ba08c89bc6a9388a4
SHA5124044e40a73ff77ce96d9d58322f92885084b9943c8b376cf62453dff4b239277a3f38560d9cc71371bfef88eeae0003d8819eaa4c2c1b3c648f9b939ce671e40
-
Filesize
72KB
MD5d233242f92dae67e934dab1e948149c7
SHA144e179a142d4d9f8f185827dbd77919d9924f65b
SHA256e176741b05c9e2cf173c275903cdd56ce395e324fb8dca4ba08c89bc6a9388a4
SHA5124044e40a73ff77ce96d9d58322f92885084b9943c8b376cf62453dff4b239277a3f38560d9cc71371bfef88eeae0003d8819eaa4c2c1b3c648f9b939ce671e40
-
Filesize
72KB
MD5f7ca1a1611b7317d1ef7a86f0e442b64
SHA1c7365abe0e403b2586c464a0c89ffb14603bf9d3
SHA2568d5c1fed3ad98ecab71237d15388c681dee3bc76155d5a344313b7c1b7127c05
SHA5129fb538d7416788f7259caf7660719e55adc3741bafa084e351284b85dcdb31391635df6b8d07d220089a86c91cf37a0f5d88ecf24e0cb36aaa82ac69b01a9650
-
Filesize
72KB
MD5f7ca1a1611b7317d1ef7a86f0e442b64
SHA1c7365abe0e403b2586c464a0c89ffb14603bf9d3
SHA2568d5c1fed3ad98ecab71237d15388c681dee3bc76155d5a344313b7c1b7127c05
SHA5129fb538d7416788f7259caf7660719e55adc3741bafa084e351284b85dcdb31391635df6b8d07d220089a86c91cf37a0f5d88ecf24e0cb36aaa82ac69b01a9650
-
Filesize
72KB
MD53487456896b33eed583e2780b5d048e3
SHA1060c1369dec5d847eedfdc4714b92d0756126a41
SHA256e482220e27cae27f5bd08dcb5725804c4cb8ad1f61130ea72a11f57095379262
SHA512b4b8b6871dbb6621ba997185f27fd9cdf171546d16be529237977b4449716090157c9f0d60b099fb9695681e27161f4c9f33c9394864d185fa1d9d5e5a059801
-
Filesize
72KB
MD53487456896b33eed583e2780b5d048e3
SHA1060c1369dec5d847eedfdc4714b92d0756126a41
SHA256e482220e27cae27f5bd08dcb5725804c4cb8ad1f61130ea72a11f57095379262
SHA512b4b8b6871dbb6621ba997185f27fd9cdf171546d16be529237977b4449716090157c9f0d60b099fb9695681e27161f4c9f33c9394864d185fa1d9d5e5a059801
-
Filesize
72KB
MD52763d17415176bf386529153f07447a0
SHA1c113ed3b38cacf5a35f2208e63aa950e11a15e26
SHA25636dffbdac1372fc2d071ec2530a1619c1fb7409fa4d4063352fedef3fc45a651
SHA512fcc433856d110d66dc2b5c4dea3eca1a908a3433eee4e6c35816aa4b3d44f2c64ea7a5b075f77c8867ca2921ac7830103aab2b54cccf85c3e25e371fc817c6f2
-
Filesize
72KB
MD52763d17415176bf386529153f07447a0
SHA1c113ed3b38cacf5a35f2208e63aa950e11a15e26
SHA25636dffbdac1372fc2d071ec2530a1619c1fb7409fa4d4063352fedef3fc45a651
SHA512fcc433856d110d66dc2b5c4dea3eca1a908a3433eee4e6c35816aa4b3d44f2c64ea7a5b075f77c8867ca2921ac7830103aab2b54cccf85c3e25e371fc817c6f2
-
Filesize
72KB
MD5b662dbb9cb5e05029d8791d3ba877704
SHA1027635d250c272fe3cbba9cbbdd61bbbb57ca786
SHA2567edbcdb1c51ec54e215b8efadad0f6526f720c0bdffe04296df1a3b00c81bfea
SHA5124aea167ee5e400d0cb3d66632d3667e69a9aa2ee4b9375d8d2ebb43bc9a0eac8a066c8045669cb49a292a29eabee9a164f4c9f51317c5804f770f92d63220740
-
Filesize
72KB
MD5b662dbb9cb5e05029d8791d3ba877704
SHA1027635d250c272fe3cbba9cbbdd61bbbb57ca786
SHA2567edbcdb1c51ec54e215b8efadad0f6526f720c0bdffe04296df1a3b00c81bfea
SHA5124aea167ee5e400d0cb3d66632d3667e69a9aa2ee4b9375d8d2ebb43bc9a0eac8a066c8045669cb49a292a29eabee9a164f4c9f51317c5804f770f92d63220740
-
Filesize
72KB
MD51dba0fa6d42c7d42ddb190768f234b40
SHA1e720813ce04928d8fd8d6a80ac6281d4cb857e4e
SHA2562e36b1ca991c9fdd0f560d5907816132664f54847b7fe7afa179cc5fe9867d86
SHA5123b7aa4c39c82d6201d8be1e7f86c03927ad23c6719713fc22bfe2f783fa577cf8c9f72ec3675adadb36e4617ca12b19e42b737ccc2253fc7dfb7876f814d93b6
-
Filesize
72KB
MD51dba0fa6d42c7d42ddb190768f234b40
SHA1e720813ce04928d8fd8d6a80ac6281d4cb857e4e
SHA2562e36b1ca991c9fdd0f560d5907816132664f54847b7fe7afa179cc5fe9867d86
SHA5123b7aa4c39c82d6201d8be1e7f86c03927ad23c6719713fc22bfe2f783fa577cf8c9f72ec3675adadb36e4617ca12b19e42b737ccc2253fc7dfb7876f814d93b6
-
Filesize
72KB
MD52ecf6d04ac7fc1c2d8c344ee8095a79b
SHA19cc1cf697ff86e98178b3115e793f251c8f9bb8a
SHA2561fac23e0b53e703ad08a7b11d8e513cf57f51ef1ef09facc5560aaffb1037f1e
SHA5121e0406cf452bf51a64087212a9fa58584cf670500961434e031fd6b4e786c94510fdef69f6413a2c6455f6a3786761239c6c038b44b2129ac909d4c9cbe39e2d
-
Filesize
72KB
MD52ecf6d04ac7fc1c2d8c344ee8095a79b
SHA19cc1cf697ff86e98178b3115e793f251c8f9bb8a
SHA2561fac23e0b53e703ad08a7b11d8e513cf57f51ef1ef09facc5560aaffb1037f1e
SHA5121e0406cf452bf51a64087212a9fa58584cf670500961434e031fd6b4e786c94510fdef69f6413a2c6455f6a3786761239c6c038b44b2129ac909d4c9cbe39e2d
-
Filesize
72KB
MD554408b78ebe189fa1d4078aa5afd880c
SHA158ac3b6e830b686b28108b322a8dc995ba55600d
SHA256b281a598f8e937a1f1d96d7bb1c0607d1b1edfef30ba1491997c9ca6e6b8c56a
SHA5120214cf6c57f07fe360e433d9309840fa541c89aecda2d8971e5aff3801c9cd75f6ec9fbeceb3362457c42557440bf27be148e089903b7d10578377f368f7d872
-
Filesize
72KB
MD554408b78ebe189fa1d4078aa5afd880c
SHA158ac3b6e830b686b28108b322a8dc995ba55600d
SHA256b281a598f8e937a1f1d96d7bb1c0607d1b1edfef30ba1491997c9ca6e6b8c56a
SHA5120214cf6c57f07fe360e433d9309840fa541c89aecda2d8971e5aff3801c9cd75f6ec9fbeceb3362457c42557440bf27be148e089903b7d10578377f368f7d872
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-