Overview

overview

10

Static

static

e8dfed8e5c...e2.exe

windows7_x64

10

e8dfed8e5c...e2.exe

windows10_x64

10

Analysis

  • max time kernel
    139s
  • max time network
    47s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    13-05-2021 12:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e8dfed8e5cf7d8f65690d21b1b1db8df7e2ca855e1b3cb963392c6e112a4d0e2.exe

  • Size

    2.1MB

  • MD5

    cafe69a59c0c3c646ea7f114180d4d8b

  • SHA1

    70961e60e1e279bd2882c4693ca7de7c9c96981b

  • SHA256

    e8dfed8e5cf7d8f65690d21b1b1db8df7e2ca855e1b3cb963392c6e112a4d0e2

  • SHA512

    40eda1da28f5fe0aa6bab25b6c6dcdca226a6dcd3385d9c8870b33c48f0398269643e887d6c1f390547fa97a31c817241c090da37830bcf67f6f44ceb2ea36d0

Score
10/10
evasion

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs
    evasion
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs
    evasion
  • Executes dropped EXE 58 IoCs
  • Checks BIOS information in registry 2 TTPs 64 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys 2 TTPs 59 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Suspicious use of NtSetInformationThreadHideFromDebugger 37 IoCs
  • Drops file in Program Files directory 39 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 26 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 48 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\e8dfed8e5cf7d8f65690d21b1b1db8df7e2ca855e1b3cb963392c6e112a4d0e2.exe
    "C:\Users\Admin\AppData\Local\Temp\e8dfed8e5cf7d8f65690d21b1b1db8df7e2ca855e1b3cb963392c6e112a4d0e2.exe"
    1⤵
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:4024
    • C:\Users\Admin\AppData\Local\Temp\275545031\backup.exe
      C:\Users\Admin\AppData\Local\Temp\275545031\backup.exe C:\Users\Admin\AppData\Local\Temp\275545031\
      2⤵
      • Executes dropped EXE
      • Checks BIOS information in registry
      • Identifies Wine through registry keys
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      • System policy modification
      PID:3392
      • C:\backup.exe
        \backup.exe \
        3⤵
        • Executes dropped EXE
        • Checks BIOS information in registry
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        • System policy modification
        PID:2284
        • C:\odt\backup.exe
          C:\odt\backup.exe C:\odt\
          4⤵
          • Executes dropped EXE
          • Checks BIOS information in registry
          • Identifies Wine through registry keys
          • Suspicious use of NtSetInformationThreadHideFromDebugger
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of SetWindowsHookEx
          • System policy modification
          PID:2324
        • C:\PerfLogs\backup.exe
          C:\PerfLogs\backup.exe C:\PerfLogs\
          4⤵
          • Executes dropped EXE
          • Checks BIOS information in registry
          • Identifies Wine through registry keys
          • Suspicious use of NtSetInformationThreadHideFromDebugger
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of SetWindowsHookEx
          • System policy modification
          PID:4340
        • C:\Program Files\backup.exe
          "C:\Program Files\backup.exe" C:\Program Files\
          4⤵
          • Executes dropped EXE
          • Checks BIOS information in registry
          • Identifies Wine through registry keys
          • Suspicious use of NtSetInformationThreadHideFromDebugger
          • Drops file in Program Files directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          • System policy modification
          PID:4720
          • C:\Program Files\7-Zip\backup.exe
            "C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\
            5⤵
            • Executes dropped EXE
            • Checks BIOS information in registry
            • Identifies Wine through registry keys
            • Suspicious use of NtSetInformationThreadHideFromDebugger
            • Drops file in Program Files directory
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            • System policy modification
            PID:4972
            • C:\Program Files\7-Zip\Lang\backup.exe
              "C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\
              6⤵
              • Executes dropped EXE
              • Checks BIOS information in registry
              • Identifies Wine through registry keys
              • Suspicious use of NtSetInformationThreadHideFromDebugger
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of SetWindowsHookEx
              • System policy modification
              PID:4232
          • C:\Program Files\Common Files\backup.exe
            "C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\
            5⤵
            • Executes dropped EXE
            • Checks BIOS information in registry
            • Identifies Wine through registry keys
            • Suspicious use of NtSetInformationThreadHideFromDebugger
            • Drops file in Program Files directory
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            • System policy modification
            PID:4164
            • C:\Program Files\Common Files\DESIGNER\backup.exe
              "C:\Program Files\Common Files\DESIGNER\backup.exe" C:\Program Files\Common Files\DESIGNER\
              6⤵
              • Executes dropped EXE
              • Checks BIOS information in registry
              • Identifies Wine through registry keys
              • Suspicious use of NtSetInformationThreadHideFromDebugger
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of SetWindowsHookEx
              • System policy modification
              PID:4456
            • C:\Program Files\Common Files\microsoft shared\backup.exe
              "C:\Program Files\Common Files\microsoft shared\backup.exe" C:\Program Files\Common Files\microsoft shared\
              6⤵
              • Executes dropped EXE
              • Checks BIOS information in registry
              • Identifies Wine through registry keys
              • Suspicious use of NtSetInformationThreadHideFromDebugger
              • Drops file in Program Files directory
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of SetWindowsHookEx
              • System policy modification
              PID:2548
              • C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe
                "C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe" C:\Program Files\Common Files\microsoft shared\ClickToRun\
                7⤵
                • Executes dropped EXE
                • Identifies Wine through registry keys
                PID:3860
              • C:\Program Files\Common Files\microsoft shared\ink\backup.exe
                "C:\Program Files\Common Files\microsoft shared\ink\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\
                7⤵
                • Executes dropped EXE
                • Identifies Wine through registry keys
                PID:7032
              • C:\Program Files\Common Files\microsoft shared\MSInfo\backup.exe
                "C:\Program Files\Common Files\microsoft shared\MSInfo\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\
                7⤵
                  PID:7956
              • C:\Program Files\Common Files\Services\backup.exe
                "C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\
                6⤵
                • Executes dropped EXE
                • Checks BIOS information in registry
                • Identifies Wine through registry keys
                • Suspicious use of NtSetInformationThreadHideFromDebugger
                • Suspicious behavior: EnumeratesProcesses
                PID:1596
              • C:\Program Files\Common Files\System\backup.exe
                "C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\
                6⤵
                • Executes dropped EXE
                • Checks BIOS information in registry
                • Identifies Wine through registry keys
                • Suspicious use of NtSetInformationThreadHideFromDebugger
                PID:5656
            • C:\Program Files\Google\backup.exe
              "C:\Program Files\Google\backup.exe" C:\Program Files\Google\
              5⤵
              • Executes dropped EXE
              • Checks BIOS information in registry
              • Identifies Wine through registry keys
              • Suspicious use of NtSetInformationThreadHideFromDebugger
              • Drops file in Program Files directory
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of SetWindowsHookEx
              • System policy modification
              PID:4488
              • C:\Program Files\Google\Chrome\backup.exe
                "C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\
                6⤵
                • Executes dropped EXE
                • Checks BIOS information in registry
                • Identifies Wine through registry keys
                • Suspicious use of NtSetInformationThreadHideFromDebugger
                • Suspicious behavior: EnumeratesProcesses
                PID:5176
            • C:\Program Files\Internet Explorer\backup.exe
              "C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\
              5⤵
              • Executes dropped EXE
              • Checks BIOS information in registry
              • Identifies Wine through registry keys
              • Suspicious use of NtSetInformationThreadHideFromDebugger
              • Drops file in Program Files directory
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of SetWindowsHookEx
              • System policy modification
              PID:1588
              • C:\Program Files\Internet Explorer\en-US\backup.exe
                "C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\
                6⤵
                • Executes dropped EXE
                • Identifies Wine through registry keys
                PID:6284
              • C:\Program Files\Internet Explorer\images\backup.exe
                "C:\Program Files\Internet Explorer\images\backup.exe" C:\Program Files\Internet Explorer\images\
                6⤵
                • Executes dropped EXE
                • Identifies Wine through registry keys
                PID:7076
              • C:\Program Files\Internet Explorer\SIGNUP\backup.exe
                "C:\Program Files\Internet Explorer\SIGNUP\backup.exe" C:\Program Files\Internet Explorer\SIGNUP\
                6⤵
                  PID:8008
              • C:\Program Files\Java\backup.exe
                "C:\Program Files\Java\backup.exe" C:\Program Files\Java\
                5⤵
                • Executes dropped EXE
                • Identifies Wine through registry keys
                • Suspicious use of NtSetInformationThreadHideFromDebugger
                • Suspicious behavior: EnumeratesProcesses
                PID:2712
              • C:\Program Files\Microsoft Office\backup.exe
                "C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\
                5⤵
                • Executes dropped EXE
                • Checks BIOS information in registry
                • Identifies Wine through registry keys
                • Suspicious use of NtSetInformationThreadHideFromDebugger
                PID:5668
              • C:\Program Files\Microsoft Office 15\backup.exe
                "C:\Program Files\Microsoft Office 15\backup.exe" C:\Program Files\Microsoft Office 15\
                5⤵
                • Executes dropped EXE
                • Checks BIOS information in registry
                • Identifies Wine through registry keys
                PID:4628
              • C:\Program Files\Mozilla Firefox\backup.exe
                "C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\
                5⤵
                • Executes dropped EXE
                • Identifies Wine through registry keys
                PID:6528
              • C:\Program Files\MSBuild\backup.exe
                "C:\Program Files\MSBuild\backup.exe" C:\Program Files\MSBuild\
                5⤵
                • Executes dropped EXE
                • Identifies Wine through registry keys
                PID:7420
              • C:\Program Files\Reference Assemblies\backup.exe
                "C:\Program Files\Reference Assemblies\backup.exe" C:\Program Files\Reference Assemblies\
                5⤵
                  PID:7024
              • C:\Program Files (x86)\backup.exe
                "C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\
                4⤵
                • Executes dropped EXE
                • Identifies Wine through registry keys
                • Suspicious use of NtSetInformationThreadHideFromDebugger
                • Drops file in Program Files directory
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of SetWindowsHookEx
                • Suspicious use of WriteProcessMemory
                • System policy modification
                PID:2772
                • C:\Program Files (x86)\Adobe\backup.exe
                  "C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\
                  5⤵
                  • Executes dropped EXE
                  • Checks BIOS information in registry
                  • Identifies Wine through registry keys
                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                  • Drops file in Program Files directory
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious use of SetWindowsHookEx
                  • Suspicious use of WriteProcessMemory
                  • System policy modification
                  PID:4404
                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe
                    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\
                    6⤵
                    • Executes dropped EXE
                    • Identifies Wine through registry keys
                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                    • Drops file in Program Files directory
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of SetWindowsHookEx
                    • System policy modification
                    PID:4820
                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\data.exe
                      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\
                      7⤵
                      • Executes dropped EXE
                      • Checks BIOS information in registry
                      • Identifies Wine through registry keys
                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                      • Suspicious behavior: EnumeratesProcesses
                      PID:5620
                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\backup.exe
                      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\
                      7⤵
                      • Executes dropped EXE
                      • Checks BIOS information in registry
                      • Identifies Wine through registry keys
                      PID:4460
                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\backup.exe
                      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\
                      7⤵
                      • Executes dropped EXE
                      • Identifies Wine through registry keys
                      PID:6156
                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\backup.exe
                      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\
                      7⤵
                      • Executes dropped EXE
                      • Identifies Wine through registry keys
                      PID:7044
                • C:\Program Files (x86)\Common Files\backup.exe
                  "C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\
                  5⤵
                  • Executes dropped EXE
                  • Checks BIOS information in registry
                  • Identifies Wine through registry keys
                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                  • Drops file in Program Files directory
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:4832
                  • C:\Program Files (x86)\Common Files\Adobe\backup.exe
                    "C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\
                    6⤵
                    • Executes dropped EXE
                    • Checks BIOS information in registry
                    • Identifies Wine through registry keys
                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                    • Suspicious behavior: EnumeratesProcesses
                    PID:5500
                  • C:\Program Files (x86)\Common Files\Java\backup.exe
                    "C:\Program Files (x86)\Common Files\Java\backup.exe" C:\Program Files (x86)\Common Files\Java\
                    6⤵
                    • Executes dropped EXE
                    • Checks BIOS information in registry
                    • Identifies Wine through registry keys
                    PID:6124
                  • C:\Program Files (x86)\Common Files\Microsoft Shared\backup.exe
                    "C:\Program Files (x86)\Common Files\Microsoft Shared\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\
                    6⤵
                    • Executes dropped EXE
                    • Identifies Wine through registry keys
                    PID:4208
                  • C:\Program Files (x86)\Common Files\Services\System Restore.exe
                    "C:\Program Files (x86)\Common Files\Services\System Restore.exe" C:\Program Files (x86)\Common Files\Services\
                    6⤵
                    • Executes dropped EXE
                    • Identifies Wine through registry keys
                    PID:7004
                  • C:\Program Files (x86)\Common Files\System\backup.exe
                    "C:\Program Files (x86)\Common Files\System\backup.exe" C:\Program Files (x86)\Common Files\System\
                    6⤵
                      PID:7776
                  • C:\Program Files (x86)\Google\backup.exe
                    "C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\
                    5⤵
                    • Executes dropped EXE
                    • Checks BIOS information in registry
                    • Identifies Wine through registry keys
                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                    • Drops file in Program Files directory
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of SetWindowsHookEx
                    • System policy modification
                    PID:4280
                    • C:\Program Files (x86)\Google\CrashReports\backup.exe
                      "C:\Program Files (x86)\Google\CrashReports\backup.exe" C:\Program Files (x86)\Google\CrashReports\
                      6⤵
                      • Executes dropped EXE
                      • Identifies Wine through registry keys
                      PID:6512
                    • C:\Program Files (x86)\Google\Policies\backup.exe
                      "C:\Program Files (x86)\Google\Policies\backup.exe" C:\Program Files (x86)\Google\Policies\
                      6⤵
                      • Executes dropped EXE
                      • Identifies Wine through registry keys
                      PID:7340
                    • C:\Program Files (x86)\Google\Temp\backup.exe
                      "C:\Program Files (x86)\Google\Temp\backup.exe" C:\Program Files (x86)\Google\Temp\
                      6⤵
                        PID:8136
                    • C:\Program Files (x86)\Internet Explorer\backup.exe
                      "C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\
                      5⤵
                      • Executes dropped EXE
                      • Checks BIOS information in registry
                      • Identifies Wine through registry keys
                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                      • Suspicious behavior: EnumeratesProcesses
                      PID:5148
                    • C:\Program Files (x86)\Microsoft.NET\backup.exe
                      "C:\Program Files (x86)\Microsoft.NET\backup.exe" C:\Program Files (x86)\Microsoft.NET\
                      5⤵
                      • Executes dropped EXE
                      • Checks BIOS information in registry
                      • Identifies Wine through registry keys
                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                      PID:5888
                    • C:\Program Files (x86)\Mozilla Maintenance Service\backup.exe
                      "C:\Program Files (x86)\Mozilla Maintenance Service\backup.exe" C:\Program Files (x86)\Mozilla Maintenance Service\
                      5⤵
                      • Executes dropped EXE
                      • Checks BIOS information in registry
                      • Identifies Wine through registry keys
                      PID:4796
                    • C:\Program Files (x86)\MSBuild\backup.exe
                      "C:\Program Files (x86)\MSBuild\backup.exe" C:\Program Files (x86)\MSBuild\
                      5⤵
                      • Executes dropped EXE
                      • Identifies Wine through registry keys
                      PID:6564
                    • C:\Program Files (x86)\Reference Assemblies\backup.exe
                      "C:\Program Files (x86)\Reference Assemblies\backup.exe" C:\Program Files (x86)\Reference Assemblies\
                      5⤵
                        PID:7592
                    • C:\Users\backup.exe
                      C:\Users\backup.exe C:\Users\
                      4⤵
                      • Executes dropped EXE
                      • Checks BIOS information in registry
                      • Identifies Wine through registry keys
                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                      • Suspicious behavior: EnumeratesProcesses
                      • Suspicious use of SetWindowsHookEx
                      • Suspicious use of WriteProcessMemory
                      • System policy modification
                      PID:4556
                      • C:\Users\Admin\backup.exe
                        C:\Users\Admin\backup.exe C:\Users\Admin\
                        5⤵
                        • Executes dropped EXE
                        • Checks BIOS information in registry
                        • Identifies Wine through registry keys
                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                        • Suspicious behavior: EnumeratesProcesses
                        • Suspicious use of SetWindowsHookEx
                        • System policy modification
                        PID:3952
                        • C:\Users\Admin\Contacts\backup.exe
                          C:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\
                          6⤵
                          • Executes dropped EXE
                          • Checks BIOS information in registry
                          • Identifies Wine through registry keys
                          PID:4616
                        • C:\Users\Admin\Desktop\backup.exe
                          C:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\
                          6⤵
                          • Executes dropped EXE
                          • Identifies Wine through registry keys
                          PID:6500
                        • C:\Users\Admin\Documents\backup.exe
                          C:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\
                          6⤵
                          • Executes dropped EXE
                          • Identifies Wine through registry keys
                          PID:7352
                        • C:\Users\Admin\Downloads\backup.exe
                          C:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\
                          6⤵
                            PID:7028
                        • C:\Users\Public\backup.exe
                          C:\Users\Public\backup.exe C:\Users\Public\
                          5⤵
                          • Executes dropped EXE
                          • Checks BIOS information in registry
                          • Identifies Wine through registry keys
                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                          • Suspicious behavior: EnumeratesProcesses
                          PID:4552
                          • C:\Users\Public\Documents\data.exe
                            C:\Users\Public\Documents\data.exe C:\Users\Public\Documents\
                            6⤵
                              PID:7668
                        • C:\Windows\backup.exe
                          C:\Windows\backup.exe C:\Windows\
                          4⤵
                          • Executes dropped EXE
                          • Checks BIOS information in registry
                          • Identifies Wine through registry keys
                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                          • Drops file in Windows directory
                          • Suspicious behavior: EnumeratesProcesses
                          • Suspicious use of SetWindowsHookEx
                          • System policy modification
                          PID:4372
                          • C:\Windows\addins\backup.exe
                            C:\Windows\addins\backup.exe C:\Windows\addins\
                            5⤵
                            • Executes dropped EXE
                            • Checks BIOS information in registry
                            • Identifies Wine through registry keys
                            • Suspicious use of NtSetInformationThreadHideFromDebugger
                            PID:5908
                          • C:\Windows\appcompat\backup.exe
                            C:\Windows\appcompat\backup.exe C:\Windows\appcompat\
                            5⤵
                            • Executes dropped EXE
                            • Checks BIOS information in registry
                            • Identifies Wine through registry keys
                            PID:3164
                          • C:\Windows\AppPatch\backup.exe
                            C:\Windows\AppPatch\backup.exe C:\Windows\AppPatch\
                            5⤵
                            • Executes dropped EXE
                            • Identifies Wine through registry keys
                            PID:6580
                          • C:\Windows\AppReadiness\backup.exe
                            C:\Windows\AppReadiness\backup.exe C:\Windows\AppReadiness\
                            5⤵
                              PID:7604
                      • C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe
                        C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe C:\Users\Admin\AppData\Local\Temp\acrocef_low\
                        2⤵
                        • Executes dropped EXE
                        • Checks BIOS information in registry
                        • Identifies Wine through registry keys
                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                        • Suspicious behavior: EnumeratesProcesses
                        • Suspicious use of SetWindowsHookEx
                        PID:2020
                      • C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe
                        C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\
                        2⤵
                        • Executes dropped EXE
                        • Checks BIOS information in registry
                        • Identifies Wine through registry keys
                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                        • Suspicious behavior: EnumeratesProcesses
                        • Suspicious use of SetWindowsHookEx
                        • System policy modification
                        PID:3424
                      • C:\Users\Admin\AppData\Local\Temp\Low\backup.exe
                        C:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\
                        2⤵
                        • Executes dropped EXE
                        • Checks BIOS information in registry
                        • Identifies Wine through registry keys
                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                        • Suspicious behavior: EnumeratesProcesses
                        • Suspicious use of SetWindowsHookEx
                        PID:4328
                      • C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe
                        "C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\
                        2⤵
                        • Executes dropped EXE
                        • Checks BIOS information in registry
                        • Identifies Wine through registry keys
                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                        • Suspicious behavior: EnumeratesProcesses
                        • Suspicious use of SetWindowsHookEx
                        • System policy modification
                        PID:4684
                      • C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe
                        C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\
                        2⤵
                        • Executes dropped EXE
                        • Checks BIOS information in registry
                        • Identifies Wine through registry keys
                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                        • Suspicious behavior: EnumeratesProcesses
                        • Suspicious use of SetWindowsHookEx
                        • System policy modification
                        PID:4952

                    Network

                    MITRE ATT&CK Matrix ATT&CK v6

                    Initial Access

                    Execution

                    Persistence

                    Hidden Files and Directories

                    1
                    T1158

                    Privilege Escalation

                    Defense Evasion

                    Hidden Files and Directories

                    1
                    T1158

                    Modify Registry

                    2
                    T1112

                    Virtualization/Sandbox Evasion

                    2
                    T1497

                    Credential Access

                    Discovery

                    Query Registry

                    3
                    T1012

                    Virtualization/Sandbox Evasion

                    2
                    T1497

                    System Information Discovery

                    2
                    T1082

                    Lateral Movement

                    Collection

                    Exfiltration

                    Command and Control

                    Impact

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\PerfLogs\backup.exe
                      MD5

                      469173915a4f1c6c7bb93ae2ac2c06a3

                      SHA1

                      f0646b870c0b19e02d388dc0f066d9d0cd56c0dc

                      SHA256

                      62b77c579963e57324d8a363b7de17523104be48144e5a2c8bde1c9ad0da3218

                      SHA512

                      d2962632ad67e7a932202036ed7808117addc785603c9369d109135e57c7b8c73c747201c4f539e6168849e27c1ce8601e0f86a4cf1a35c684da471c9a5cc935

                      Download Submit
                    • C:\PerfLogs\backup.exe
                      MD5

                      469173915a4f1c6c7bb93ae2ac2c06a3

                      SHA1

                      f0646b870c0b19e02d388dc0f066d9d0cd56c0dc

                      SHA256

                      62b77c579963e57324d8a363b7de17523104be48144e5a2c8bde1c9ad0da3218

                      SHA512

                      d2962632ad67e7a932202036ed7808117addc785603c9369d109135e57c7b8c73c747201c4f539e6168849e27c1ce8601e0f86a4cf1a35c684da471c9a5cc935

                      Download Submit
                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\data.exe
                      MD5

                      955fb152e035a8ac2258d098ed642fb0

                      SHA1

                      bf524398f3c6365069cabec04ff80cdbad1acea5

                      SHA256

                      d14305e264c5966989bcc321458f89fc102e7248a5c9247b3c5f2836006c4afd

                      SHA512

                      a1c46743c9561cb654c7382e7316573dd88b1b65a2d89ef3fc27b37f9f65b62262c3edc61e73e8e0ea2623eb83aa6e43981840595e11cbf1446e0517b6d9f853

                      Download Submit
                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\data.exe
                      MD5

                      955fb152e035a8ac2258d098ed642fb0

                      SHA1

                      bf524398f3c6365069cabec04ff80cdbad1acea5

                      SHA256

                      d14305e264c5966989bcc321458f89fc102e7248a5c9247b3c5f2836006c4afd

                      SHA512

                      a1c46743c9561cb654c7382e7316573dd88b1b65a2d89ef3fc27b37f9f65b62262c3edc61e73e8e0ea2623eb83aa6e43981840595e11cbf1446e0517b6d9f853

                      Download Submit
                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe
                      MD5

                      e93156b88a69f55d91b16cd6350fc1e7

                      SHA1

                      7ec0a72f87f8db5d02859f97db0087cf49a96a2a

                      SHA256

                      8b368a10fe91aa8ec4e9f0a5164276ac4d8e06e3b17e433b29c8f2ef131e4434

                      SHA512

                      3429da6905937c2a3a2bae9a10974a9957344e79d90f2edb6416a93b804e39991529c2c3a8ef719100af8c6248174b04457da7cd8cb29b0cb52512742f152cdb

                      Download Submit
                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe
                      MD5

                      e93156b88a69f55d91b16cd6350fc1e7

                      SHA1

                      7ec0a72f87f8db5d02859f97db0087cf49a96a2a

                      SHA256

                      8b368a10fe91aa8ec4e9f0a5164276ac4d8e06e3b17e433b29c8f2ef131e4434

                      SHA512

                      3429da6905937c2a3a2bae9a10974a9957344e79d90f2edb6416a93b804e39991529c2c3a8ef719100af8c6248174b04457da7cd8cb29b0cb52512742f152cdb

                      Download Submit
                    • C:\Program Files (x86)\Adobe\backup.exe
                      MD5

                      87b06296140ec7f9340438985a2e412c

                      SHA1

                      65f5154a9406ab02ac8f0592a83f3e60cd970c43

                      SHA256

                      9215a4d763a32e04857cf24091b6774575cd9c273dd334bf23445a6d8728cf0e

                      SHA512

                      6b1ca70d373cfcb2b6dc76bad52d0e211959be82e3b3eed05985dcbbe12da6056e9c06616062bc5bade639e4baed4cedc6184a25793a3cafee50fa51a5f2a18c

                      Download Submit
                    • C:\Program Files (x86)\Adobe\backup.exe
                      MD5

                      87b06296140ec7f9340438985a2e412c

                      SHA1

                      65f5154a9406ab02ac8f0592a83f3e60cd970c43

                      SHA256

                      9215a4d763a32e04857cf24091b6774575cd9c273dd334bf23445a6d8728cf0e

                      SHA512

                      6b1ca70d373cfcb2b6dc76bad52d0e211959be82e3b3eed05985dcbbe12da6056e9c06616062bc5bade639e4baed4cedc6184a25793a3cafee50fa51a5f2a18c

                      Download Submit
                    • C:\Program Files (x86)\Common Files\Adobe\backup.exe
                      MD5

                      1ecb362c42fd475d42e9f3195bf6c948

                      SHA1

                      249086fa4241ed8c32a7f69b8389bb7bb26103b7

                      SHA256

                      7140f6a47e831a0d6a96c816bdd99f6281dc86cc2c5fd26ada7b222757a67a3c

                      SHA512

                      58ed47c4b7027f5403c69494193f741ff86cb34abce1846dd087d56a0b3d13a9a90879054ca10288fcedd7d1f7d891ffbbb2f081e92cf689c8fa3e3f774e4868

                      Download Submit
                    • C:\Program Files (x86)\Common Files\Adobe\backup.exe
                      MD5

                      1ecb362c42fd475d42e9f3195bf6c948

                      SHA1

                      249086fa4241ed8c32a7f69b8389bb7bb26103b7

                      SHA256

                      7140f6a47e831a0d6a96c816bdd99f6281dc86cc2c5fd26ada7b222757a67a3c

                      SHA512

                      58ed47c4b7027f5403c69494193f741ff86cb34abce1846dd087d56a0b3d13a9a90879054ca10288fcedd7d1f7d891ffbbb2f081e92cf689c8fa3e3f774e4868

                      Download Submit
                    • C:\Program Files (x86)\Common Files\backup.exe
                      MD5

                      25665ce12b58c8cdc2f148675c0bdaba

                      SHA1

                      37c1fe441469a571730702efb1eb3271ec895b0b

                      SHA256

                      6e57718db0a6aa1adcecccc5891ce4e62bd29b93cdf2f0cc59f71caa2ab51601

                      SHA512

                      d169b9c1d21d6e5f387731bd07db25b920665e1d13fe00fc1a5b8a56371b9bed8e473c0708253ab19774ca0fc794550a0001d82d331c92a8314e29adfc5bfd50

                      Download Submit
                    • C:\Program Files (x86)\Common Files\backup.exe
                      MD5

                      25665ce12b58c8cdc2f148675c0bdaba

                      SHA1

                      37c1fe441469a571730702efb1eb3271ec895b0b

                      SHA256

                      6e57718db0a6aa1adcecccc5891ce4e62bd29b93cdf2f0cc59f71caa2ab51601

                      SHA512

                      d169b9c1d21d6e5f387731bd07db25b920665e1d13fe00fc1a5b8a56371b9bed8e473c0708253ab19774ca0fc794550a0001d82d331c92a8314e29adfc5bfd50

                      Download Submit
                    • C:\Program Files (x86)\Google\backup.exe
                      MD5

                      999e4d6bd8c0867156635d64cce141b4

                      SHA1

                      61a3c970ae74be483b480bf373a44220414afe85

                      SHA256

                      64059db25061f79b2024ec8978cb21862fa9a6a8a0e0c8f0dc5eec6245d5d0d6

                      SHA512

                      89c50e043223f5bb1a4342dcbcbbdccbdc0d37421c214068a081bc6d1ff05ac3273dbc2555cdd041f86c3dff0189894b94aef1cf08d141270dc6e45518d58777

                      Download Submit
                    • C:\Program Files (x86)\Google\backup.exe
                      MD5

                      999e4d6bd8c0867156635d64cce141b4

                      SHA1

                      61a3c970ae74be483b480bf373a44220414afe85

                      SHA256

                      64059db25061f79b2024ec8978cb21862fa9a6a8a0e0c8f0dc5eec6245d5d0d6

                      SHA512

                      89c50e043223f5bb1a4342dcbcbbdccbdc0d37421c214068a081bc6d1ff05ac3273dbc2555cdd041f86c3dff0189894b94aef1cf08d141270dc6e45518d58777

                      Download Submit
                    • C:\Program Files (x86)\Internet Explorer\backup.exe
                      MD5

                      0b607c948bd6bf12475b8a98958a4857

                      SHA1

                      9794d405e0c53011a9dcfbe54d3c3327ccc208e7

                      SHA256

                      4e5d312d27a832077aa133807105be12c361214f1d97557268609579b0c187fd

                      SHA512

                      8dfd7d42f1dafcef4c244a0bd9e9f72310710ea2bc7489ec9beb29addfacef4704cc32a76785827edb35b2a080ebf4f8120b907f7806f97f4fac815b2a82ccca

                      Download Submit
                    • C:\Program Files (x86)\Internet Explorer\backup.exe
                      MD5

                      0b607c948bd6bf12475b8a98958a4857

                      SHA1

                      9794d405e0c53011a9dcfbe54d3c3327ccc208e7

                      SHA256

                      4e5d312d27a832077aa133807105be12c361214f1d97557268609579b0c187fd

                      SHA512

                      8dfd7d42f1dafcef4c244a0bd9e9f72310710ea2bc7489ec9beb29addfacef4704cc32a76785827edb35b2a080ebf4f8120b907f7806f97f4fac815b2a82ccca

                      Download Submit
                    • C:\Program Files (x86)\backup.exe
                      MD5

                      0e2a4fe21c0f82e1ecd933249a543166

                      SHA1

                      50ffbdc5280d6eb10a260a502e692a571bdba5bb

                      SHA256

                      2fbfbe5233371013649e5efbbaa5eb8fa7530e272354bde4e2dfbb0bc35da758

                      SHA512

                      3cc099e211b85434e61ea0d8258fe71206d8c8c05d27e55d696ebe98ac3468d761cd0e1e7b57e8e8164257cd20fc79ae083b134abb070ce281ee93e284636271

                      Download Submit
                    • C:\Program Files (x86)\backup.exe
                      MD5

                      0e2a4fe21c0f82e1ecd933249a543166

                      SHA1

                      50ffbdc5280d6eb10a260a502e692a571bdba5bb

                      SHA256

                      2fbfbe5233371013649e5efbbaa5eb8fa7530e272354bde4e2dfbb0bc35da758

                      SHA512

                      3cc099e211b85434e61ea0d8258fe71206d8c8c05d27e55d696ebe98ac3468d761cd0e1e7b57e8e8164257cd20fc79ae083b134abb070ce281ee93e284636271

                      Download Submit
                    • C:\Program Files\7-Zip\Lang\backup.exe
                      MD5

                      79c5186228979f366b3c62568fe5def9

                      SHA1

                      4d57331dd1bb326d5228629b43753d1240c4d635

                      SHA256

                      3cb85e00400558bcce7a60175c2fd8e6a48da7a8ea88ad1a83cf07acb86152e8

                      SHA512

                      50e3da81d773f4d248561c537d982031e40aa6d47b145eadbd073f8b388b3fce91b3550f42284d9483cbc44d018c6e0044fa88ddc84e35b68d8142fe7f228788

                      Download Submit
                    • C:\Program Files\7-Zip\Lang\backup.exe
                      MD5

                      79c5186228979f366b3c62568fe5def9

                      SHA1

                      4d57331dd1bb326d5228629b43753d1240c4d635

                      SHA256

                      3cb85e00400558bcce7a60175c2fd8e6a48da7a8ea88ad1a83cf07acb86152e8

                      SHA512

                      50e3da81d773f4d248561c537d982031e40aa6d47b145eadbd073f8b388b3fce91b3550f42284d9483cbc44d018c6e0044fa88ddc84e35b68d8142fe7f228788

                      Download Submit
                    • C:\Program Files\7-Zip\backup.exe
                      MD5

                      bf28ab07b971ee09d4ecaa38c2ccb0bb

                      SHA1

                      0afb16db8e3efa39152ce8530ade6d80306c29f8

                      SHA256

                      d27a26268151590ff96ef423c2f496a1dbc6bd9a97ce12291e5e28d4d30fa21d

                      SHA512

                      90819643a061575531e1392260f4cbb76e06a8e6118129cef58500803e714c3956c9245934d889c855e8616a1f74af1b973cfa6b63c1a8256047f5c8f161e968

                      Download Submit
                    • C:\Program Files\7-Zip\backup.exe
                      MD5

                      bf28ab07b971ee09d4ecaa38c2ccb0bb

                      SHA1

                      0afb16db8e3efa39152ce8530ade6d80306c29f8

                      SHA256

                      d27a26268151590ff96ef423c2f496a1dbc6bd9a97ce12291e5e28d4d30fa21d

                      SHA512

                      90819643a061575531e1392260f4cbb76e06a8e6118129cef58500803e714c3956c9245934d889c855e8616a1f74af1b973cfa6b63c1a8256047f5c8f161e968

                      Download Submit
                    • C:\Program Files\Common Files\DESIGNER\backup.exe
                      MD5

                      6140ed17a8b8b1ae20604b856b1ee30b

                      SHA1

                      4e472a852b0ae72d1a7a3a7e7cfdadfe787d85d1

                      SHA256

                      fcc61a134d1d6730f9b6755755f5cbcd8a12bca98f1ebfad0d3c69f6c465606a

                      SHA512

                      3e3f94fa3b9fe29fdee5c48e4d68836e3c880d97609f704be2a1eb695e1b2883a860670a30a364d8634e51c1a087aed84ce17583913d43e7699d832d002e7f1d

                      Download Submit
                    • C:\Program Files\Common Files\DESIGNER\backup.exe
                      MD5

                      6140ed17a8b8b1ae20604b856b1ee30b

                      SHA1

                      4e472a852b0ae72d1a7a3a7e7cfdadfe787d85d1

                      SHA256

                      fcc61a134d1d6730f9b6755755f5cbcd8a12bca98f1ebfad0d3c69f6c465606a

                      SHA512

                      3e3f94fa3b9fe29fdee5c48e4d68836e3c880d97609f704be2a1eb695e1b2883a860670a30a364d8634e51c1a087aed84ce17583913d43e7699d832d002e7f1d

                      Download Submit
                    • C:\Program Files\Common Files\Services\backup.exe
                      MD5

                      63617378e08e73255fd43379fbdd9c50

                      SHA1

                      7f420d4cdae53f3ec767a24bb1100df74c1fd489

                      SHA256

                      6240364eb146b52b2c120e5da8d06abd4ec05ef204aeb52b93cf8be068af4f8c

                      SHA512

                      1437732df20c4804701cc5610ae7e1a063b5a439ddf3f3060455a641aeba20f770f5bafc52810274e35163c665f5bd7589dda637ed35e194b9e45a20c262bc82

                      Download Submit
                    • C:\Program Files\Common Files\Services\backup.exe
                      MD5

                      63617378e08e73255fd43379fbdd9c50

                      SHA1

                      7f420d4cdae53f3ec767a24bb1100df74c1fd489

                      SHA256

                      6240364eb146b52b2c120e5da8d06abd4ec05ef204aeb52b93cf8be068af4f8c

                      SHA512

                      1437732df20c4804701cc5610ae7e1a063b5a439ddf3f3060455a641aeba20f770f5bafc52810274e35163c665f5bd7589dda637ed35e194b9e45a20c262bc82

                      Download Submit
                    • C:\Program Files\Common Files\backup.exe
                      MD5

                      39a5e7f92156c315bd45741ff43a989c

                      SHA1

                      c098c0c12dcae6fe2094e1e0a30c6bd9145d69ea

                      SHA256

                      5bbe6d2d0dec8015ce4dc9e990d4b4d83edf61e4e0ef343b14f42e1794785d8f

                      SHA512

                      f1d83400fb4ebb438e6650e02a4686eb34ef5cfcdae662ac4330d1076d0b5806268e8c7b348a01883c8feca9c594acf3ee341010de896b2bb3935bedaf0515a2

                      Download Submit
                    • C:\Program Files\Common Files\backup.exe
                      MD5

                      39a5e7f92156c315bd45741ff43a989c

                      SHA1

                      c098c0c12dcae6fe2094e1e0a30c6bd9145d69ea

                      SHA256

                      5bbe6d2d0dec8015ce4dc9e990d4b4d83edf61e4e0ef343b14f42e1794785d8f

                      SHA512

                      f1d83400fb4ebb438e6650e02a4686eb34ef5cfcdae662ac4330d1076d0b5806268e8c7b348a01883c8feca9c594acf3ee341010de896b2bb3935bedaf0515a2

                      Download Submit
                    • C:\Program Files\Common Files\microsoft shared\backup.exe
                      MD5

                      28c2b26e3f28eb63453a08a6c0c67310

                      SHA1

                      0be4da031bd73125254d1074831210cf71497ef2

                      SHA256

                      63986074f7b601d74f8d1f1e41fbb27c9b882443df340677468d2d4d776ed414

                      SHA512

                      ba68d2f814d71219e103df983092fccf313f23d688a1bf258dce6360bf1a2fc26165e9278d45936ef38a31948f2fd94c53c09c0c61bba4d81a167b62e1b5d329

                      Download Submit
                    • C:\Program Files\Common Files\microsoft shared\backup.exe
                      MD5

                      28c2b26e3f28eb63453a08a6c0c67310

                      SHA1

                      0be4da031bd73125254d1074831210cf71497ef2

                      SHA256

                      63986074f7b601d74f8d1f1e41fbb27c9b882443df340677468d2d4d776ed414

                      SHA512

                      ba68d2f814d71219e103df983092fccf313f23d688a1bf258dce6360bf1a2fc26165e9278d45936ef38a31948f2fd94c53c09c0c61bba4d81a167b62e1b5d329

                      Download Submit
                    • C:\Program Files\Google\Chrome\backup.exe
                      MD5

                      d711fb22f7d20caab3fcfe003a5c9e03

                      SHA1

                      603ec520c041ab4531362eb085269185b7813e6f

                      SHA256

                      d1f8dbf15890450292f5717b9d33de034dbb47921f9504bccb393d97013a99c9

                      SHA512

                      97aa8fb826991eec1a43a783e884503435a8c5f710c3c096b8ad4db9bb0ca371e9cead77b367b9e6451737d26660659209f9aad5cbc22987d06ebf86f5c77642

                      Download Submit
                    • C:\Program Files\Google\Chrome\backup.exe
                      MD5

                      d711fb22f7d20caab3fcfe003a5c9e03

                      SHA1

                      603ec520c041ab4531362eb085269185b7813e6f

                      SHA256

                      d1f8dbf15890450292f5717b9d33de034dbb47921f9504bccb393d97013a99c9

                      SHA512

                      97aa8fb826991eec1a43a783e884503435a8c5f710c3c096b8ad4db9bb0ca371e9cead77b367b9e6451737d26660659209f9aad5cbc22987d06ebf86f5c77642

                      Download Submit
                    • C:\Program Files\Google\backup.exe
                      MD5

                      c487901fff5dc92f021f68a589da625a

                      SHA1

                      89d7468686174e1266d4f69b4d8f7d245b80077b

                      SHA256

                      2901e7d67f29df1910dde8f87dec98159f9da18063c798a994f36104c534fe58

                      SHA512

                      142b166adeb58c17358dcb419ac432069d947c0a6a6030850abd945cd3db7ab28eb47869a184bc262b51b7a1300a2f12091a815bb29d1bac75bde73a9f10f9d3

                      Download Submit
                    • C:\Program Files\Google\backup.exe
                      MD5

                      c487901fff5dc92f021f68a589da625a

                      SHA1

                      89d7468686174e1266d4f69b4d8f7d245b80077b

                      SHA256

                      2901e7d67f29df1910dde8f87dec98159f9da18063c798a994f36104c534fe58

                      SHA512

                      142b166adeb58c17358dcb419ac432069d947c0a6a6030850abd945cd3db7ab28eb47869a184bc262b51b7a1300a2f12091a815bb29d1bac75bde73a9f10f9d3

                      Download Submit
                    • C:\Program Files\Internet Explorer\backup.exe
                      MD5

                      658b3d032206443ef8be4e119462ae72

                      SHA1

                      067ed951a7231d280adeb9a6ec65c54b17d1fadf

                      SHA256

                      b37467cfd4456b237f3c1a959ee79b4f92a53fe7df509917d927ebff622f5efd

                      SHA512

                      53a302960dbbc2e232e27247c06f99c573dfbcb674281407d002efdc1ade394ced6717958c224ebb02af876eea5945e2d72ebf1c406f2929ff26b9e2cb2569ab

                      Download Submit
                    • C:\Program Files\Internet Explorer\backup.exe
                      MD5

                      658b3d032206443ef8be4e119462ae72

                      SHA1

                      067ed951a7231d280adeb9a6ec65c54b17d1fadf

                      SHA256

                      b37467cfd4456b237f3c1a959ee79b4f92a53fe7df509917d927ebff622f5efd

                      SHA512

                      53a302960dbbc2e232e27247c06f99c573dfbcb674281407d002efdc1ade394ced6717958c224ebb02af876eea5945e2d72ebf1c406f2929ff26b9e2cb2569ab

                      Download Submit
                    • C:\Program Files\Java\backup.exe
                      MD5

                      6214475e11eddf52845dbfa5c0f7186a

                      SHA1

                      f566fcc7325c7118e060439d4dbfed764782ebff

                      SHA256

                      d77287aa3bd5314d6cb6a45dce5306bf95079c38a3c795108a07a7a49ef46456

                      SHA512

                      524cace3c3f9fcea84a925c092a4e8547864f2596d8a83d9d58a7774581bcdd84b551dea84933bca8bb36a31cb6a68268a231624958d9da5a1aaede67da034dc

                      Download Submit
                    • C:\Program Files\Java\backup.exe
                      MD5

                      6214475e11eddf52845dbfa5c0f7186a

                      SHA1

                      f566fcc7325c7118e060439d4dbfed764782ebff

                      SHA256

                      d77287aa3bd5314d6cb6a45dce5306bf95079c38a3c795108a07a7a49ef46456

                      SHA512

                      524cace3c3f9fcea84a925c092a4e8547864f2596d8a83d9d58a7774581bcdd84b551dea84933bca8bb36a31cb6a68268a231624958d9da5a1aaede67da034dc

                      Download Submit
                    • C:\Program Files\backup.exe
                      MD5

                      1e64362abcc7aa08b2449201975287a3

                      SHA1

                      177d8d2759cfe48dbff9c8a588eb1b5f8b400dde

                      SHA256

                      fcd0be54db2136c15c856011888fa647eebe80a47db4ef805f30bfa27c928fc0

                      SHA512

                      77f7edcece2ff02aa3b781a7a58b75d6d6a92e267abb6e5ad209e3e89942b7c8004f4e4248450ed0a4ddaf3a8a9d20e7b3a0b4fa17203b92e860fb5af705a515

                      Download Submit
                    • C:\Program Files\backup.exe
                      MD5

                      1e64362abcc7aa08b2449201975287a3

                      SHA1

                      177d8d2759cfe48dbff9c8a588eb1b5f8b400dde

                      SHA256

                      fcd0be54db2136c15c856011888fa647eebe80a47db4ef805f30bfa27c928fc0

                      SHA512

                      77f7edcece2ff02aa3b781a7a58b75d6d6a92e267abb6e5ad209e3e89942b7c8004f4e4248450ed0a4ddaf3a8a9d20e7b3a0b4fa17203b92e860fb5af705a515

                      Download Submit
                    • C:\Users\Admin\AppData\Local\Temp\275545031\backup.exe
                      MD5

                      9c96cf89e4098f05cac1e4747a4ef933

                      SHA1

                      e67ff44e03204fb6d4d76169a900bd7773a4dd57

                      SHA256

                      ddd85fa5330b7652c020391ddd31729d4dea9b608566b2d11eade4aca76504d3

                      SHA512

                      47a17ed7f8308efdacb127baf76a30d0abefaa814bcd505a7df46ff4fee02aa0930f123a38382b9e1fc90879ca74b8d59f38e7d14b274cbc019a186c493ea1f9

                      Download Submit
                    • C:\Users\Admin\AppData\Local\Temp\275545031\backup.exe
                      MD5

                      9c96cf89e4098f05cac1e4747a4ef933

                      SHA1

                      e67ff44e03204fb6d4d76169a900bd7773a4dd57

                      SHA256

                      ddd85fa5330b7652c020391ddd31729d4dea9b608566b2d11eade4aca76504d3

                      SHA512

                      47a17ed7f8308efdacb127baf76a30d0abefaa814bcd505a7df46ff4fee02aa0930f123a38382b9e1fc90879ca74b8d59f38e7d14b274cbc019a186c493ea1f9

                      Download Submit
                    • C:\Users\Admin\AppData\Local\Temp\Low\backup.exe
                      MD5

                      d623d12ae9d9cf2e281f40ca6182f553

                      SHA1

                      e4340bbca02b50e6f044ec09df35ef42093ee5ad

                      SHA256

                      1c328429375f9b8cf0053ac22455462c88d2d79a3c259b9ee3670136f5ee18f1

                      SHA512

                      e6fe35e7cc200a27ded381931b7d0160a62c4adc264a3569e09d2ced3a77417182fe0c45cebd83c4f3551d7ae92ff277efe0a8239973999013f76da2f78ab39a

                      Download Submit
                    • C:\Users\Admin\AppData\Local\Temp\Low\backup.exe
                      MD5

                      d623d12ae9d9cf2e281f40ca6182f553

                      SHA1

                      e4340bbca02b50e6f044ec09df35ef42093ee5ad

                      SHA256

                      1c328429375f9b8cf0053ac22455462c88d2d79a3c259b9ee3670136f5ee18f1

                      SHA512

                      e6fe35e7cc200a27ded381931b7d0160a62c4adc264a3569e09d2ced3a77417182fe0c45cebd83c4f3551d7ae92ff277efe0a8239973999013f76da2f78ab39a

                      Download Submit
                    • C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe
                      MD5

                      d01ad48ba683e82bb1dea2ac65862763

                      SHA1

                      d434b3f35bf806bb052e7afbb5d7e549bfcb91f6

                      SHA256

                      a4ef2197ac058567f8472af0900095b51a81076a6dddda4a8cec2434d2990005

                      SHA512

                      fcd17d7402dd1ac1d455fc13fa87413146ab9d6a91ba8ff3d2cfadbfee806e054e03045633f734dc98125a559bb91fc16de3497b6ecf749625ee5beb430567b5

                      Download Submit
                    • C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe
                      MD5

                      d01ad48ba683e82bb1dea2ac65862763

                      SHA1

                      d434b3f35bf806bb052e7afbb5d7e549bfcb91f6

                      SHA256

                      a4ef2197ac058567f8472af0900095b51a81076a6dddda4a8cec2434d2990005

                      SHA512

                      fcd17d7402dd1ac1d455fc13fa87413146ab9d6a91ba8ff3d2cfadbfee806e054e03045633f734dc98125a559bb91fc16de3497b6ecf749625ee5beb430567b5

                      Download Submit
                    • C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe
                      MD5

                      d070b76eb0f5a71d7faabf5b9f418ab2

                      SHA1

                      6c8e9f9689ea0dd15775ea33702fbfa6c3aca375

                      SHA256

                      4eb10bd90442650d6e982030d22d5452ff09e3bc475002a72b7d2d1a386eee31

                      SHA512

                      b49c17eff1ff66791004b20d83c2eae6b92ac3dcada8ed3d46ca2e0460e509a35a6ea86fc5af86a63e2a355d3a200af5d32f22e92abee4198f0379a87e1cc70b

                      Download Submit
                    • C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe
                      MD5

                      d070b76eb0f5a71d7faabf5b9f418ab2

                      SHA1

                      6c8e9f9689ea0dd15775ea33702fbfa6c3aca375

                      SHA256

                      4eb10bd90442650d6e982030d22d5452ff09e3bc475002a72b7d2d1a386eee31

                      SHA512

                      b49c17eff1ff66791004b20d83c2eae6b92ac3dcada8ed3d46ca2e0460e509a35a6ea86fc5af86a63e2a355d3a200af5d32f22e92abee4198f0379a87e1cc70b

                      Download Submit
                    • C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe
                      MD5

                      125bb981bf00d8cde5e836a27630c2d7

                      SHA1

                      c7af4326ed12025a4ab549cdadb7924540ec97cb

                      SHA256

                      c9f95b53292f8e1002e101b0309728ee52d9e6a823d45a92dbc9241f326a68b4

                      SHA512

                      eb90331f687b5cb99b1466d7602edb62eb98f6fd4cdfe0cd003cd560b83e119fe5a57c08a4f991ae51bbc029b71bd14495ee70fd8823fe437ead7c9a231ebd05

                      Download Submit
                    • C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe
                      MD5

                      125bb981bf00d8cde5e836a27630c2d7

                      SHA1

                      c7af4326ed12025a4ab549cdadb7924540ec97cb

                      SHA256

                      c9f95b53292f8e1002e101b0309728ee52d9e6a823d45a92dbc9241f326a68b4

                      SHA512

                      eb90331f687b5cb99b1466d7602edb62eb98f6fd4cdfe0cd003cd560b83e119fe5a57c08a4f991ae51bbc029b71bd14495ee70fd8823fe437ead7c9a231ebd05

                      Download Submit
                    • C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe
                      MD5

                      22f16e7a8b104cdcb2426238238ab437

                      SHA1

                      b815f6c08d34b72a1bc73b9d2dd3b6dcecc49a45

                      SHA256

                      7fad02fafba07440decc981c877103d122f2e90031f5e6080ac7dc8d5ba2c851

                      SHA512

                      e8fbf35fc75622b69a8232eb9f5b62a6d3cebf1c9fd4dc3e0673d0e392ef4113ec7bc58d6193411b8b834de0e8ae199f57e29f0b0637204ca7e09bff64086a42

                      Download Submit
                    • C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe
                      MD5

                      22f16e7a8b104cdcb2426238238ab437

                      SHA1

                      b815f6c08d34b72a1bc73b9d2dd3b6dcecc49a45

                      SHA256

                      7fad02fafba07440decc981c877103d122f2e90031f5e6080ac7dc8d5ba2c851

                      SHA512

                      e8fbf35fc75622b69a8232eb9f5b62a6d3cebf1c9fd4dc3e0673d0e392ef4113ec7bc58d6193411b8b834de0e8ae199f57e29f0b0637204ca7e09bff64086a42

                      Download Submit
                    • C:\Users\Admin\backup.exe
                      MD5

                      8e2a3c4c2dba145ffe8e9bb2c1a96ee1

                      SHA1

                      67f25cdff2cf720154256738e479feda8393e1bf

                      SHA256

                      65eb136e97e1aa32e38f920ba0cde87075fb927c3d584a9816037b7e48fecde4

                      SHA512

                      708d3769e6f158c8b66760e1076ed026ea127a19ba317c957432ef1f16f2dc9275e301c780691a3a024da86127511a3d70f520fe025b6dc420dadaab66407801

                      Download Submit
                    • C:\Users\Admin\backup.exe
                      MD5

                      8e2a3c4c2dba145ffe8e9bb2c1a96ee1

                      SHA1

                      67f25cdff2cf720154256738e479feda8393e1bf

                      SHA256

                      65eb136e97e1aa32e38f920ba0cde87075fb927c3d584a9816037b7e48fecde4

                      SHA512

                      708d3769e6f158c8b66760e1076ed026ea127a19ba317c957432ef1f16f2dc9275e301c780691a3a024da86127511a3d70f520fe025b6dc420dadaab66407801

                      Download Submit
                    • C:\Users\Public\backup.exe
                      MD5

                      adb9d46de01611538b38b0e633d15365

                      SHA1

                      56262e2c1359c76ac3381dd9973dda37d4d504ae

                      SHA256

                      fb50f78e6ac9a985dede98f04702bc6e86a22c0d69a121924b424dfc1e2315e3

                      SHA512

                      198f67879380d0eb0e17d33a5cc97106cd11c51112a29307996aa014c5c476c6d838c30ae0f26f642d15e64a39d1e3761fe1fca3c2c592eedd9709fe89c9eff0

                      Download Submit
                    • C:\Users\Public\backup.exe
                      MD5

                      adb9d46de01611538b38b0e633d15365

                      SHA1

                      56262e2c1359c76ac3381dd9973dda37d4d504ae

                      SHA256

                      fb50f78e6ac9a985dede98f04702bc6e86a22c0d69a121924b424dfc1e2315e3

                      SHA512

                      198f67879380d0eb0e17d33a5cc97106cd11c51112a29307996aa014c5c476c6d838c30ae0f26f642d15e64a39d1e3761fe1fca3c2c592eedd9709fe89c9eff0

                      Download Submit
                    • C:\Users\backup.exe
                      MD5

                      28344a5aaf66cbab3e31eef8252d6ee5

                      SHA1

                      c49c75e29e1ed4507bdf0e2c3ac598f2237110d3

                      SHA256

                      3dd551b9006863289d12a421df8b54ff95458cc74d80e603ef9f641cbe47cc9d

                      SHA512

                      b14b568cbac6e09d1a7679ace957b8d33d7d4b1a5c83426c7daef6c9479b35295fea4bebd784a11904858f8e547beef1aab21107b9eac164490a898e0c5e3aeb

                      Download Submit
                    • C:\Users\backup.exe
                      MD5

                      28344a5aaf66cbab3e31eef8252d6ee5

                      SHA1

                      c49c75e29e1ed4507bdf0e2c3ac598f2237110d3

                      SHA256

                      3dd551b9006863289d12a421df8b54ff95458cc74d80e603ef9f641cbe47cc9d

                      SHA512

                      b14b568cbac6e09d1a7679ace957b8d33d7d4b1a5c83426c7daef6c9479b35295fea4bebd784a11904858f8e547beef1aab21107b9eac164490a898e0c5e3aeb

                      Download Submit
                    • C:\Windows\backup.exe
                      MD5

                      45a1109ec092ce7e1707fbb589a5fd4c

                      SHA1

                      5da180552056af631c5724c6e48ed9a4c640ba4e

                      SHA256

                      34c05ce3fd12f2f450903651e474f0759aa81a755c90a3b99d1ea7c380563abf

                      SHA512

                      83916b0296eb4492a6361c77edf554c56842ea599a616e99c9d3d6016982c81a75f988881a02b7140b87e12017fc877c5e9aab9b27b56a943881725d42aa9dfa

                      Download Submit
                    • C:\Windows\backup.exe
                      MD5

                      45a1109ec092ce7e1707fbb589a5fd4c

                      SHA1

                      5da180552056af631c5724c6e48ed9a4c640ba4e

                      SHA256

                      34c05ce3fd12f2f450903651e474f0759aa81a755c90a3b99d1ea7c380563abf

                      SHA512

                      83916b0296eb4492a6361c77edf554c56842ea599a616e99c9d3d6016982c81a75f988881a02b7140b87e12017fc877c5e9aab9b27b56a943881725d42aa9dfa

                      Download Submit
                    • C:\backup.exe
                      MD5

                      6e148dc0a955f667bd563998548c8ce3

                      SHA1

                      2aa376963f305e445b8d52be26de53e6df281e3c

                      SHA256

                      49d11901c9ee52529e810d63707a18a3b1bf3e968569af6bc6857814d5de1d69

                      SHA512

                      963005fdead2dbd0716a566cfa1726660894a353f8cca05960db5ad4e5de5f8749cbf368aa799bb566bd2c3563e37ccc0e95518ba9c1cfbbb6d5682db9e97a34

                      Download Submit
                    • C:\backup.exe
                      MD5

                      6e148dc0a955f667bd563998548c8ce3

                      SHA1

                      2aa376963f305e445b8d52be26de53e6df281e3c

                      SHA256

                      49d11901c9ee52529e810d63707a18a3b1bf3e968569af6bc6857814d5de1d69

                      SHA512

                      963005fdead2dbd0716a566cfa1726660894a353f8cca05960db5ad4e5de5f8749cbf368aa799bb566bd2c3563e37ccc0e95518ba9c1cfbbb6d5682db9e97a34

                      Download Submit
                    • C:\odt\backup.exe
                      MD5

                      1197e9f0fc37c9407a0fc19e6907eedc

                      SHA1

                      bf476d34805a20852438203201c6016ade6e08fa

                      SHA256

                      60058da12782ab2f460e4601caaf885c996fdd8163ca2ad149928c8088833059

                      SHA512

                      3c8894101ec4425166d28a255da3713c33d21d50d7c26489ca375f844bf756f415fa18e1f15ec9436a3c13609597d7b9f1ddc94adea7ca7be63018d79f62a015

                      Download Submit
                    • C:\odt\backup.exe
                      MD5

                      1197e9f0fc37c9407a0fc19e6907eedc

                      SHA1

                      bf476d34805a20852438203201c6016ade6e08fa

                      SHA256

                      60058da12782ab2f460e4601caaf885c996fdd8163ca2ad149928c8088833059

                      SHA512

                      3c8894101ec4425166d28a255da3713c33d21d50d7c26489ca375f844bf756f415fa18e1f15ec9436a3c13609597d7b9f1ddc94adea7ca7be63018d79f62a015

                      Download Submit
                    • memory/1588-247-0x0000000000000000-mapping.dmp
                      Download
                    • memory/1596-256-0x0000000000000000-mapping.dmp
                      Download
                    • memory/2020-129-0x0000000000000000-mapping.dmp
                      Download
                    • memory/2020-147-0x0000000076E80000-0x000000007700E000-memory.dmp
                      Filesize

                      1.6MB

                      Download
                    • memory/2020-159-0x0000000004860000-0x0000000004861000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/2020-156-0x0000000000400000-0x00000000008B8000-memory.dmp
                      Filesize

                      4.7MB

                      Download
                    • memory/2020-160-0x0000000004870000-0x0000000004871000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/2284-152-0x0000000004D80000-0x0000000004D81000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/2284-163-0x0000000004D90000-0x0000000004D91000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/2284-164-0x0000000004E00000-0x0000000004E01000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/2284-162-0x0000000004DD0000-0x0000000004DD2000-memory.dmp
                      Filesize

                      8KB

                      Download
                    • memory/2284-161-0x0000000000400000-0x00000000008B8000-memory.dmp
                      Filesize

                      4.7MB

                      Download
                    • memory/2284-166-0x0000000004DE0000-0x0000000004DE1000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/2284-165-0x0000000004DB0000-0x0000000004DB1000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/2284-167-0x0000000004E10000-0x0000000004E11000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/2284-154-0x0000000004DF0000-0x0000000004DF1000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/2284-153-0x0000000004D60000-0x0000000004D61000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/2284-149-0x0000000076E80000-0x000000007700E000-memory.dmp
                      Filesize

                      1.6MB

                      Download
                    • memory/2284-140-0x0000000000000000-mapping.dmp
                      Download
                    • memory/2324-182-0x0000000004D90000-0x0000000004D91000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/2324-183-0x0000000004E10000-0x0000000004E11000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/2324-181-0x0000000004DE0000-0x0000000004DE2000-memory.dmp
                      Filesize

                      8KB

                      Download
                    • memory/2324-176-0x0000000000400000-0x00000000008B8000-memory.dmp
                      Filesize

                      4.7MB

                      Download
                    • memory/2324-185-0x0000000004DF0000-0x0000000004DF1000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/2324-169-0x0000000076E80000-0x000000007700E000-memory.dmp
                      Filesize

                      1.6MB

                      Download
                    • memory/2324-189-0x0000000004E00000-0x0000000004E01000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/2324-155-0x0000000000000000-mapping.dmp
                      Download
                    • memory/2324-184-0x0000000004DC0000-0x0000000004DC1000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/2324-178-0x0000000004D80000-0x0000000004D81000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/2324-180-0x0000000004D60000-0x0000000004D61000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/2548-244-0x0000000000000000-mapping.dmp
                      Download
                    • memory/2712-259-0x0000000000000000-mapping.dmp
                      Download
                    • memory/2772-211-0x0000000000000000-mapping.dmp
                      Download
                    • memory/3164-283-0x0000000000000000-mapping.dmp
                      Download
                    • memory/3392-146-0x0000000004890000-0x0000000004891000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/3392-135-0x00000000048C0000-0x00000000048C2000-memory.dmp
                      Filesize

                      8KB

                      Download
                    • memory/3392-132-0x0000000000400000-0x00000000008B8000-memory.dmp
                      Filesize

                      4.7MB

                      Download
                    • memory/3392-133-0x0000000004870000-0x0000000004871000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/3392-134-0x0000000004850000-0x0000000004851000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/3392-136-0x0000000004880000-0x0000000004881000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/3392-137-0x0000000004E00000-0x0000000004E01000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/3392-139-0x0000000004DE0000-0x0000000004DE1000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/3392-145-0x0000000004E10000-0x0000000004E11000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/3392-144-0x0000000004DF0000-0x0000000004DF1000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/3392-138-0x00000000048B0000-0x00000000048B1000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/3392-143-0x00000000048A0000-0x00000000048A1000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/3392-128-0x0000000076E80000-0x000000007700E000-memory.dmp
                      Filesize

                      1.6MB

                      Download
                    • memory/3392-117-0x0000000000000000-mapping.dmp
                      Download
                    • memory/3424-191-0x0000000004DB0000-0x0000000004DB1000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/3424-186-0x0000000004D60000-0x0000000004D61000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/3424-187-0x0000000004DD0000-0x0000000004DD2000-memory.dmp
                      Filesize

                      8KB

                      Download
                    • memory/3424-188-0x0000000004D80000-0x0000000004D81000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/3424-168-0x0000000076E80000-0x000000007700E000-memory.dmp
                      Filesize

                      1.6MB

                      Download
                    • memory/3424-190-0x0000000004E00000-0x0000000004E01000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/3424-192-0x0000000004DE0000-0x0000000004DE1000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/3424-177-0x0000000000400000-0x00000000008B8000-memory.dmp
                      Filesize

                      4.7MB

                      Download
                    • memory/3424-193-0x0000000004DF0000-0x0000000004DF1000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/3424-148-0x0000000000000000-mapping.dmp
                      Download
                    • memory/3424-179-0x0000000004D70000-0x0000000004D72000-memory.dmp
                      Filesize

                      8KB

                      Download
                    • memory/3860-285-0x0000000000000000-mapping.dmp
                      Download
                    • memory/3952-241-0x0000000000000000-mapping.dmp
                      Download
                    • memory/4024-123-0x0000000004A40000-0x0000000004A41000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/4024-120-0x0000000004980000-0x0000000004981000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/4024-124-0x0000000004A20000-0x0000000004A21000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/4024-126-0x0000000004A50000-0x0000000004A51000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/4024-125-0x0000000004A30000-0x0000000004A31000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/4024-127-0x00000000049C0000-0x00000000049C1000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/4024-121-0x0000000004A00000-0x0000000004A02000-memory.dmp
                      Filesize

                      8KB

                      Download
                    • memory/4024-116-0x00000000049A0000-0x00000000049A1000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/4024-122-0x00000000049B0000-0x00000000049B1000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/4024-115-0x0000000000400000-0x00000000008B8000-memory.dmp
                      Filesize

                      4.7MB

                      Download
                    • memory/4024-114-0x0000000076E80000-0x000000007700E000-memory.dmp
                      Filesize

                      1.6MB

                      Download
                    • memory/4164-217-0x0000000000000000-mapping.dmp
                      Download
                    • memory/4208-284-0x0000000000000000-mapping.dmp
                      Download
                    • memory/4232-214-0x0000000000000000-mapping.dmp
                      Download
                    • memory/4280-250-0x0000000000000000-mapping.dmp
                      Download
                    • memory/4328-199-0x0000000004870000-0x0000000004871000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/4328-170-0x0000000000000000-mapping.dmp
                      Download
                    • memory/4328-196-0x0000000000400000-0x00000000008B8000-memory.dmp
                      Filesize

                      4.7MB

                      Download
                    • memory/4328-197-0x0000000004860000-0x0000000004861000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/4328-195-0x0000000076E80000-0x000000007700E000-memory.dmp
                      Filesize

                      1.6MB

                      Download
                    • memory/4340-194-0x0000000076E80000-0x000000007700E000-memory.dmp
                      Filesize

                      1.6MB

                      Download
                    • memory/4340-171-0x0000000000000000-mapping.dmp
                      Download
                    • memory/4372-238-0x0000000000000000-mapping.dmp
                      Download
                    • memory/4404-220-0x0000000000000000-mapping.dmp
                      Download
                    • memory/4456-226-0x0000000000000000-mapping.dmp
                      Download
                    • memory/4460-279-0x0000000000000000-mapping.dmp
                      Download
                    • memory/4488-229-0x0000000000000000-mapping.dmp
                      Download
                    • memory/4552-253-0x0000000000000000-mapping.dmp
                      Download
                    • memory/4556-223-0x0000000000000000-mapping.dmp
                      Download
                    • memory/4616-280-0x0000000000000000-mapping.dmp
                      Download
                    • memory/4628-281-0x0000000000000000-mapping.dmp
                      Download
                    • memory/4684-198-0x0000000000000000-mapping.dmp
                      Download
                    • memory/4720-202-0x0000000000000000-mapping.dmp
                      Download
                    • memory/4796-282-0x0000000000000000-mapping.dmp
                      Download
                    • memory/4820-232-0x0000000000000000-mapping.dmp
                      Download
                    • memory/4832-233-0x0000000000000000-mapping.dmp
                      Download
                    • memory/4952-205-0x0000000000000000-mapping.dmp
                      Download
                    • memory/4972-208-0x0000000000000000-mapping.dmp
                      Download
                    • memory/5148-262-0x0000000000000000-mapping.dmp
                      Download
                    • memory/5176-265-0x0000000000000000-mapping.dmp
                      Download
                    • memory/5500-268-0x0000000000000000-mapping.dmp
                      Download
                    • memory/5620-271-0x0000000000000000-mapping.dmp
                      Download
                    • memory/5656-274-0x0000000000000000-mapping.dmp
                      Download
                    • memory/5668-275-0x0000000000000000-mapping.dmp
                      Download
                    • memory/5888-276-0x0000000000000000-mapping.dmp
                      Download
                    • memory/5908-277-0x0000000000000000-mapping.dmp
                      Download
                    • memory/6124-278-0x0000000000000000-mapping.dmp
                      Download
                    • memory/6156-286-0x0000000000000000-mapping.dmp
                      Download
                    • memory/6284-287-0x0000000000000000-mapping.dmp
                      Download
                    • memory/6500-288-0x0000000000000000-mapping.dmp
                      Download
                    • memory/6512-289-0x0000000000000000-mapping.dmp
                      Download
                    • memory/6528-290-0x0000000000000000-mapping.dmp
                      Download
                    • memory/6564-291-0x0000000000000000-mapping.dmp
                      Download
                    • memory/6580-292-0x0000000000000000-mapping.dmp
                      Download
                    • memory/7004-293-0x0000000000000000-mapping.dmp
                      Download
                    • memory/7032-294-0x0000000000000000-mapping.dmp
                      Download
                    • memory/7044-295-0x0000000000000000-mapping.dmp
                      Download
                    • memory/7076-296-0x0000000000000000-mapping.dmp
                      Download
                    • memory/7340-297-0x0000000000000000-mapping.dmp
                      Download
                    • memory/7352-298-0x0000000000000000-mapping.dmp
                      Download
                    • memory/7420-299-0x0000000000000000-mapping.dmp
                      Download
                    • memory/7592-300-0x0000000000000000-mapping.dmp
                      Download
                    • memory/7604-301-0x0000000000000000-mapping.dmp
                      Download
                    • memory/7668-302-0x0000000000000000-mapping.dmp
                      Download
                    • memory/7776-303-0x0000000000000000-mapping.dmp
                      Download
                    • memory/7956-304-0x0000000000000000-mapping.dmp
                      Download
                    • memory/8008-305-0x0000000000000000-mapping.dmp
                      Download