Analysis
-
max time kernel
140s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
23-11-2022 15:55
General
-
Target
78f2dc8dc698a04a5316f9f43de8ea854fb43438b423acd3066ee995a14f7379.exe
-
Size
72KB
-
MD5
4f47859e39538644657b324fd42a4d38
-
SHA1
d218fc279b0609760bedfaee28aff17f03a7c363
-
SHA256
78f2dc8dc698a04a5316f9f43de8ea854fb43438b423acd3066ee995a14f7379
-
SHA512
9b89a2720073c4cf8db588c8364e2072f628f274e44954775e7baced4ee3cea741403a65843c0c209e662de4fc8c1d5832d5da4b7960f51541b2125e8c52258c
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2v:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrj
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\78f2dc8dc698a04a5316f9f43de8ea854fb43438b423acd3066ee995a14f7379.exe"C:\Users\Admin\AppData\Local\Temp\78f2dc8dc698a04a5316f9f43de8ea854fb43438b423acd3066ee995a14f7379.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2213225376\backup.exeC:\Users\Admin\AppData\Local\Temp\2213225376\backup.exe C:\Users\Admin\AppData\Local\Temp\2213225376\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\backup.exe\backup.exe \3⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\PerfLogs\Admin\backup.exeC:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\backup.exe"C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\8⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\9⤵
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\9⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\9⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\9⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\8⤵
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\data.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\data.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\data.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\data.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\7⤵
-
C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VC\7⤵
-
C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VGX\7⤵
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\7⤵
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\SpeechEngines\backup.exe"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\6⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe"C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\System\ado\data.exe"C:\Program Files\Common Files\System\ado\data.exe" C:\Program Files\Common Files\System\ado\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Common Files\System\msadc\backup.exe"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\7⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\msadc\de-DE\backup.exe"C:\Program Files\Common Files\System\msadc\de-DE\backup.exe" C:\Program Files\Common Files\System\msadc\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\System\msadc\en-US\backup.exe"C:\Program Files\Common Files\System\msadc\en-US\backup.exe" C:\Program Files\Common Files\System\msadc\en-US\8⤵
-
C:\Program Files\Common Files\System\msadc\es-ES\backup.exe"C:\Program Files\Common Files\System\msadc\es-ES\backup.exe" C:\Program Files\Common Files\System\msadc\es-ES\8⤵
-
C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe"C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe" C:\Program Files\Common Files\System\msadc\fr-FR\8⤵
- System policy modification
-
C:\Program Files\Common Files\System\msadc\it-IT\backup.exe"C:\Program Files\Common Files\System\msadc\it-IT\backup.exe" C:\Program Files\Common Files\System\msadc\it-IT\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\System\msadc\ja-JP\update.exe"C:\Program Files\Common Files\System\msadc\ja-JP\update.exe" C:\Program Files\Common Files\System\msadc\ja-JP\8⤵
-
C:\Program Files\Common Files\System\Ole DB\backup.exe"C:\Program Files\Common Files\System\Ole DB\backup.exe" C:\Program Files\Common Files\System\Ole DB\7⤵
-
C:\Program Files\DVD Maker\backup.exe"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\DVD Maker\de-DE\backup.exe"C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\DVD Maker\en-US\backup.exe"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\DVD Maker\es-ES\update.exe"C:\Program Files\DVD Maker\es-ES\update.exe" C:\Program Files\DVD Maker\es-ES\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\DVD Maker\fr-FR\backup.exe"C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\DVD Maker\it-IT\backup.exe"C:\Program Files\DVD Maker\it-IT\backup.exe" C:\Program Files\DVD Maker\it-IT\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\DVD Maker\ja-JP\backup.exe"C:\Program Files\DVD Maker\ja-JP\backup.exe" C:\Program Files\DVD Maker\ja-JP\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\DVD Maker\Shared\backup.exe"C:\Program Files\DVD Maker\Shared\backup.exe" C:\Program Files\DVD Maker\Shared\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\7⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Full\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\System Restore.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\System Restore.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Push\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Push\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Push\8⤵
- System policy modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\8⤵
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\7⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\8⤵
-
C:\Program Files\Google\Chrome\Application\Dictionaries\backup.exe"C:\Program Files\Google\Chrome\Application\Dictionaries\backup.exe" C:\Program Files\Google\Chrome\Application\Dictionaries\8⤵
-
C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe"C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\8⤵
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
-
C:\Program Files\Java\data.exe"C:\Program Files\Java\data.exe" C:\Program Files\Java\5⤵
-
C:\Program Files\Microsoft Games\backup.exe"C:\Program Files\Microsoft Games\backup.exe" C:\Program Files\Microsoft Games\5⤵
-
C:\Program Files\Microsoft Office\backup.exe"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\5⤵
-
C:\Program Files\Mozilla Firefox\backup.exe"C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\5⤵
-
C:\Program Files\MSBuild\backup.exe"C:\Program Files\MSBuild\backup.exe" C:\Program Files\MSBuild\5⤵
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\data.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\data.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\8⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\9⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\9⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\9⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\9⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\9⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\9⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\7⤵
-
C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Updater6\7⤵
-
C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\6⤵
-
C:\Program Files (x86)\Common Files\DESIGNER\backup.exe"C:\Program Files (x86)\Common Files\DESIGNER\backup.exe" C:\Program Files (x86)\Common Files\DESIGNER\6⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\6⤵
-
C:\Program Files (x86)\Common Files\Services\backup.exe"C:\Program Files (x86)\Common Files\Services\backup.exe" C:\Program Files (x86)\Common Files\Services\6⤵
-
C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe"C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe" C:\Program Files (x86)\Common Files\SpeechEngines\6⤵
-
C:\Program Files (x86)\Common Files\System\backup.exe"C:\Program Files (x86)\Common Files\System\backup.exe" C:\Program Files (x86)\Common Files\System\6⤵
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
-
C:\Program Files (x86)\Microsoft Analysis Services\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\5⤵
-
C:\Program Files (x86)\Microsoft Office\backup.exe"C:\Program Files (x86)\Microsoft Office\backup.exe" C:\Program Files (x86)\Microsoft Office\5⤵
-
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe"C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe" C:\Program Files (x86)\Microsoft SQL Server Compact Edition\5⤵
-
C:\Program Files (x86)\Microsoft Sync Framework\backup.exe"C:\Program Files (x86)\Microsoft Sync Framework\backup.exe" C:\Program Files (x86)\Microsoft Sync Framework\5⤵
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
- Disables RegEdit via registry modification
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Admin\Desktop\update.exeC:\Users\Admin\Desktop\update.exe C:\Users\Admin\Desktop\6⤵
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\6⤵
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
-
C:\Users\Admin\Favorites\backup.exeC:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\6⤵
-
C:\Users\Admin\Links\backup.exeC:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\6⤵
-
C:\Users\Admin\Music\backup.exeC:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\6⤵
-
C:\Users\Public\data.exeC:\Users\Public\data.exe C:\Users\Public\5⤵
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\data.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\data.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeC:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\PerfLogs\Admin\backup.exeFilesize
72KB
MD51cf52d15b75101042837896787f2f006
SHA1df7927d902768c677d69ded8dffe10e9173bf257
SHA256ac1df53a7119d09cc9016e8f5726f98f94def1400271f9871f8fb6865b98d5bc
SHA51245e3fee4fcc187578a266778c8bf85c86c85e9b160c68480798ed8982fbe02845ef8376cf730974b551320c017c12be1d89805a205ef28341acbf50f6a406053
-
C:\PerfLogs\backup.exeFilesize
72KB
MD58bc50fb74114781a7c75c25635de17fa
SHA1e796e56fb1f18361cef532649e1bd3190f8b99f0
SHA2565c5ea83a7363a098f1c7b2f285e6afe7bc6b472cf0e14f1224546a6cbe657a69
SHA51218c81740999be5be5e670a31560b7bf014deda8134b78c59aea6058011e8c8a018640bc92df36475facd9121bed87b5041ff5796352254d1a57b1b550093f619
-
C:\PerfLogs\backup.exeFilesize
72KB
MD58bc50fb74114781a7c75c25635de17fa
SHA1e796e56fb1f18361cef532649e1bd3190f8b99f0
SHA2565c5ea83a7363a098f1c7b2f285e6afe7bc6b472cf0e14f1224546a6cbe657a69
SHA51218c81740999be5be5e670a31560b7bf014deda8134b78c59aea6058011e8c8a018640bc92df36475facd9121bed87b5041ff5796352254d1a57b1b550093f619
-
C:\Program Files\7-Zip\Lang\backup.exeFilesize
72KB
MD5a2d93aa27a0753bcff0c4faee7933630
SHA169b400cf4f8027ce3f0e60ce32001e1320b1448d
SHA2567b0e1c0ccac247061b45ae2eee9376d4229302e902c5e10ae89cfc40390d91ff
SHA512ce8af7fa6e43c72c38dd67bf7124e4ed1e38840f5d5f2fd43d883492dda1a454eea4e3484abcfbb8e876a07eff28b36d01a5e068ef7512c44a821c6ee9615b6b
-
C:\Program Files\7-Zip\backup.exeFilesize
72KB
MD51cf52d15b75101042837896787f2f006
SHA1df7927d902768c677d69ded8dffe10e9173bf257
SHA256ac1df53a7119d09cc9016e8f5726f98f94def1400271f9871f8fb6865b98d5bc
SHA51245e3fee4fcc187578a266778c8bf85c86c85e9b160c68480798ed8982fbe02845ef8376cf730974b551320c017c12be1d89805a205ef28341acbf50f6a406053
-
C:\Program Files\7-Zip\backup.exeFilesize
72KB
MD51cf52d15b75101042837896787f2f006
SHA1df7927d902768c677d69ded8dffe10e9173bf257
SHA256ac1df53a7119d09cc9016e8f5726f98f94def1400271f9871f8fb6865b98d5bc
SHA51245e3fee4fcc187578a266778c8bf85c86c85e9b160c68480798ed8982fbe02845ef8376cf730974b551320c017c12be1d89805a205ef28341acbf50f6a406053
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exeFilesize
72KB
MD52202d07b347263cfc7d006727e656c09
SHA1ebaf9121909be3b68e7c91614429f1590bf326b8
SHA2569bb87d643e5399d4089f0476b45e111ce352c3bd9324ebd3f3f578d15b8ec720
SHA5127b1c341e40f70f9afa27720a47fdb27285c389753cf02a28a3497ba40f0ce1f322f0847afde9780d4e22a4ae03edc279d57681a8796887b887e98a23a93f5a7b
-
C:\Program Files\Common Files\Microsoft Shared\backup.exeFilesize
72KB
MD5c5cfaee490ff1d5de68929f242c2492c
SHA1aff20b1c70a7edd4194c0a83ca74891bc94f387a
SHA256e5fa51d6bece972057af04637320bc118d1f01852feac22a314438625aae0ce3
SHA512c1d80f7ce389181bbea0204e8d5ec409fdeddd8be1091ee6012210340f764a33957e58a0b31e4af198747255d0b5a807fedf3c3d9e38a6267d50176e98a5479d
-
C:\Program Files\Common Files\Microsoft Shared\backup.exeFilesize
72KB
MD5c5cfaee490ff1d5de68929f242c2492c
SHA1aff20b1c70a7edd4194c0a83ca74891bc94f387a
SHA256e5fa51d6bece972057af04637320bc118d1f01852feac22a314438625aae0ce3
SHA512c1d80f7ce389181bbea0204e8d5ec409fdeddd8be1091ee6012210340f764a33957e58a0b31e4af198747255d0b5a807fedf3c3d9e38a6267d50176e98a5479d
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exeFilesize
72KB
MD5f334c1101bd52809d86fddc4127fbd2c
SHA18a9770ddcafaaf09b8824bbc4ae073bb98d2ad8c
SHA256f3f2ba48352783211d4ddb7093f2b211411c076750fcd74e43fd894826c327e7
SHA51285d306f73409608369807018f2df39508a9caf18223d1a0208689114f4670a4b52e5e5240e8dbb17c22708d7d6c5f512ff483f981d998382af5e8e30b9d9c66f
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exeFilesize
72KB
MD52202d07b347263cfc7d006727e656c09
SHA1ebaf9121909be3b68e7c91614429f1590bf326b8
SHA2569bb87d643e5399d4089f0476b45e111ce352c3bd9324ebd3f3f578d15b8ec720
SHA5127b1c341e40f70f9afa27720a47fdb27285c389753cf02a28a3497ba40f0ce1f322f0847afde9780d4e22a4ae03edc279d57681a8796887b887e98a23a93f5a7b
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exeFilesize
72KB
MD52202d07b347263cfc7d006727e656c09
SHA1ebaf9121909be3b68e7c91614429f1590bf326b8
SHA2569bb87d643e5399d4089f0476b45e111ce352c3bd9324ebd3f3f578d15b8ec720
SHA5127b1c341e40f70f9afa27720a47fdb27285c389753cf02a28a3497ba40f0ce1f322f0847afde9780d4e22a4ae03edc279d57681a8796887b887e98a23a93f5a7b
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exeFilesize
72KB
MD5f334c1101bd52809d86fddc4127fbd2c
SHA18a9770ddcafaaf09b8824bbc4ae073bb98d2ad8c
SHA256f3f2ba48352783211d4ddb7093f2b211411c076750fcd74e43fd894826c327e7
SHA51285d306f73409608369807018f2df39508a9caf18223d1a0208689114f4670a4b52e5e5240e8dbb17c22708d7d6c5f512ff483f981d998382af5e8e30b9d9c66f
-
C:\Program Files\Common Files\backup.exeFilesize
72KB
MD5a17b18e3dd2a25c51c5cb93cde8e274c
SHA1e0679becaf62c87bf49e53f1d42a542700314c86
SHA256b835b25bfeefe624236ed867d5fa20a0a617e34a710aeabfff6b627305af58b7
SHA512dd69b7ab5406f070d572e083aca8026b62e295350a7c58d7a602976abc22b67f76e9ccf993b4327a00a4c5d54a0f71572ab2c398075cd6c685f46bb9e8139f50
-
C:\Program Files\Common Files\backup.exeFilesize
72KB
MD5a17b18e3dd2a25c51c5cb93cde8e274c
SHA1e0679becaf62c87bf49e53f1d42a542700314c86
SHA256b835b25bfeefe624236ed867d5fa20a0a617e34a710aeabfff6b627305af58b7
SHA512dd69b7ab5406f070d572e083aca8026b62e295350a7c58d7a602976abc22b67f76e9ccf993b4327a00a4c5d54a0f71572ab2c398075cd6c685f46bb9e8139f50
-
C:\Program Files\backup.exeFilesize
72KB
MD58bc50fb74114781a7c75c25635de17fa
SHA1e796e56fb1f18361cef532649e1bd3190f8b99f0
SHA2565c5ea83a7363a098f1c7b2f285e6afe7bc6b472cf0e14f1224546a6cbe657a69
SHA51218c81740999be5be5e670a31560b7bf014deda8134b78c59aea6058011e8c8a018640bc92df36475facd9121bed87b5041ff5796352254d1a57b1b550093f619
-
C:\Program Files\backup.exeFilesize
72KB
MD58bc50fb74114781a7c75c25635de17fa
SHA1e796e56fb1f18361cef532649e1bd3190f8b99f0
SHA2565c5ea83a7363a098f1c7b2f285e6afe7bc6b472cf0e14f1224546a6cbe657a69
SHA51218c81740999be5be5e670a31560b7bf014deda8134b78c59aea6058011e8c8a018640bc92df36475facd9121bed87b5041ff5796352254d1a57b1b550093f619
-
C:\Users\Admin\AppData\Local\Temp\2213225376\backup.exeFilesize
72KB
MD545d6d862507cb06fead3634cdb036050
SHA1cfc609d018f910f08bfd9526b01d1c64e3fca8f9
SHA256f0f4934e4d4b52625b825dbf4699980acaf182245b14d730a021023855d437c5
SHA512a3e2a34f6451229df394f91989395805aed93f2d2db15d3d8f7abdc2119df9f4e7439863f6dc0e6f6e8ca9dbb80b70667e22c16b79e966185c29c9998c7059c5
-
C:\Users\Admin\AppData\Local\Temp\2213225376\backup.exeFilesize
72KB
MD545d6d862507cb06fead3634cdb036050
SHA1cfc609d018f910f08bfd9526b01d1c64e3fca8f9
SHA256f0f4934e4d4b52625b825dbf4699980acaf182245b14d730a021023855d437c5
SHA512a3e2a34f6451229df394f91989395805aed93f2d2db15d3d8f7abdc2119df9f4e7439863f6dc0e6f6e8ca9dbb80b70667e22c16b79e966185c29c9998c7059c5
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeFilesize
72KB
MD545d6d862507cb06fead3634cdb036050
SHA1cfc609d018f910f08bfd9526b01d1c64e3fca8f9
SHA256f0f4934e4d4b52625b825dbf4699980acaf182245b14d730a021023855d437c5
SHA512a3e2a34f6451229df394f91989395805aed93f2d2db15d3d8f7abdc2119df9f4e7439863f6dc0e6f6e8ca9dbb80b70667e22c16b79e966185c29c9998c7059c5
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exeFilesize
72KB
MD545d6d862507cb06fead3634cdb036050
SHA1cfc609d018f910f08bfd9526b01d1c64e3fca8f9
SHA256f0f4934e4d4b52625b825dbf4699980acaf182245b14d730a021023855d437c5
SHA512a3e2a34f6451229df394f91989395805aed93f2d2db15d3d8f7abdc2119df9f4e7439863f6dc0e6f6e8ca9dbb80b70667e22c16b79e966185c29c9998c7059c5
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exeFilesize
72KB
MD545d6d862507cb06fead3634cdb036050
SHA1cfc609d018f910f08bfd9526b01d1c64e3fca8f9
SHA256f0f4934e4d4b52625b825dbf4699980acaf182245b14d730a021023855d437c5
SHA512a3e2a34f6451229df394f91989395805aed93f2d2db15d3d8f7abdc2119df9f4e7439863f6dc0e6f6e8ca9dbb80b70667e22c16b79e966185c29c9998c7059c5
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeFilesize
72KB
MD5ba328c5f0aa976117f5365f1e52252bb
SHA182faa0dd6d8ffe3a1a53c28456cabccb2c8fb89b
SHA2568d00a6752d1f47e5abba7ee00ca83d486e4cba35b92fc61116e955174ee850d7
SHA5123a53acc872d2b60072c75c6fb29fae0c6f6b1ac346e6fdf52072f33bb2be80263903cc1b8f079a9f99cb7abe53d0ff2b14cc46679ad57ab742412ac69753c429
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeFilesize
72KB
MD545d6d862507cb06fead3634cdb036050
SHA1cfc609d018f910f08bfd9526b01d1c64e3fca8f9
SHA256f0f4934e4d4b52625b825dbf4699980acaf182245b14d730a021023855d437c5
SHA512a3e2a34f6451229df394f91989395805aed93f2d2db15d3d8f7abdc2119df9f4e7439863f6dc0e6f6e8ca9dbb80b70667e22c16b79e966185c29c9998c7059c5
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\data.exeFilesize
72KB
MD5ba328c5f0aa976117f5365f1e52252bb
SHA182faa0dd6d8ffe3a1a53c28456cabccb2c8fb89b
SHA2568d00a6752d1f47e5abba7ee00ca83d486e4cba35b92fc61116e955174ee850d7
SHA5123a53acc872d2b60072c75c6fb29fae0c6f6b1ac346e6fdf52072f33bb2be80263903cc1b8f079a9f99cb7abe53d0ff2b14cc46679ad57ab742412ac69753c429
-
C:\backup.exeFilesize
72KB
MD5777261fadff4f58320479ad325b27d86
SHA1054c20081798542363109d71ae6c11a5c3c546f3
SHA2565d843e49130b87393c069e3a1a92686b84b22027df3a71fe394ff581a73149d4
SHA51262dc0e12f469395eb3af6b0a458e9656ae373d56f9b4335c2be8ec7a485e328a06e36e3f8c1b117e9f6f614caa2a64ae8625b9880d21761876d49e6db1dd3241
-
C:\backup.exeFilesize
72KB
MD5777261fadff4f58320479ad325b27d86
SHA1054c20081798542363109d71ae6c11a5c3c546f3
SHA2565d843e49130b87393c069e3a1a92686b84b22027df3a71fe394ff581a73149d4
SHA51262dc0e12f469395eb3af6b0a458e9656ae373d56f9b4335c2be8ec7a485e328a06e36e3f8c1b117e9f6f614caa2a64ae8625b9880d21761876d49e6db1dd3241
-
\PerfLogs\Admin\backup.exeFilesize
72KB
MD51cf52d15b75101042837896787f2f006
SHA1df7927d902768c677d69ded8dffe10e9173bf257
SHA256ac1df53a7119d09cc9016e8f5726f98f94def1400271f9871f8fb6865b98d5bc
SHA51245e3fee4fcc187578a266778c8bf85c86c85e9b160c68480798ed8982fbe02845ef8376cf730974b551320c017c12be1d89805a205ef28341acbf50f6a406053
-
\PerfLogs\Admin\backup.exeFilesize
72KB
MD51cf52d15b75101042837896787f2f006
SHA1df7927d902768c677d69ded8dffe10e9173bf257
SHA256ac1df53a7119d09cc9016e8f5726f98f94def1400271f9871f8fb6865b98d5bc
SHA51245e3fee4fcc187578a266778c8bf85c86c85e9b160c68480798ed8982fbe02845ef8376cf730974b551320c017c12be1d89805a205ef28341acbf50f6a406053
-
\PerfLogs\backup.exeFilesize
72KB
MD58bc50fb74114781a7c75c25635de17fa
SHA1e796e56fb1f18361cef532649e1bd3190f8b99f0
SHA2565c5ea83a7363a098f1c7b2f285e6afe7bc6b472cf0e14f1224546a6cbe657a69
SHA51218c81740999be5be5e670a31560b7bf014deda8134b78c59aea6058011e8c8a018640bc92df36475facd9121bed87b5041ff5796352254d1a57b1b550093f619
-
\PerfLogs\backup.exeFilesize
72KB
MD58bc50fb74114781a7c75c25635de17fa
SHA1e796e56fb1f18361cef532649e1bd3190f8b99f0
SHA2565c5ea83a7363a098f1c7b2f285e6afe7bc6b472cf0e14f1224546a6cbe657a69
SHA51218c81740999be5be5e670a31560b7bf014deda8134b78c59aea6058011e8c8a018640bc92df36475facd9121bed87b5041ff5796352254d1a57b1b550093f619
-
\Program Files\7-Zip\Lang\backup.exeFilesize
72KB
MD5a2d93aa27a0753bcff0c4faee7933630
SHA169b400cf4f8027ce3f0e60ce32001e1320b1448d
SHA2567b0e1c0ccac247061b45ae2eee9376d4229302e902c5e10ae89cfc40390d91ff
SHA512ce8af7fa6e43c72c38dd67bf7124e4ed1e38840f5d5f2fd43d883492dda1a454eea4e3484abcfbb8e876a07eff28b36d01a5e068ef7512c44a821c6ee9615b6b
-
\Program Files\7-Zip\Lang\backup.exeFilesize
72KB
MD5a2d93aa27a0753bcff0c4faee7933630
SHA169b400cf4f8027ce3f0e60ce32001e1320b1448d
SHA2567b0e1c0ccac247061b45ae2eee9376d4229302e902c5e10ae89cfc40390d91ff
SHA512ce8af7fa6e43c72c38dd67bf7124e4ed1e38840f5d5f2fd43d883492dda1a454eea4e3484abcfbb8e876a07eff28b36d01a5e068ef7512c44a821c6ee9615b6b
-
\Program Files\7-Zip\backup.exeFilesize
72KB
MD51cf52d15b75101042837896787f2f006
SHA1df7927d902768c677d69ded8dffe10e9173bf257
SHA256ac1df53a7119d09cc9016e8f5726f98f94def1400271f9871f8fb6865b98d5bc
SHA51245e3fee4fcc187578a266778c8bf85c86c85e9b160c68480798ed8982fbe02845ef8376cf730974b551320c017c12be1d89805a205ef28341acbf50f6a406053
-
\Program Files\7-Zip\backup.exeFilesize
72KB
MD51cf52d15b75101042837896787f2f006
SHA1df7927d902768c677d69ded8dffe10e9173bf257
SHA256ac1df53a7119d09cc9016e8f5726f98f94def1400271f9871f8fb6865b98d5bc
SHA51245e3fee4fcc187578a266778c8bf85c86c85e9b160c68480798ed8982fbe02845ef8376cf730974b551320c017c12be1d89805a205ef28341acbf50f6a406053
-
\Program Files\Common Files\Microsoft Shared\Filters\backup.exeFilesize
72KB
MD52202d07b347263cfc7d006727e656c09
SHA1ebaf9121909be3b68e7c91614429f1590bf326b8
SHA2569bb87d643e5399d4089f0476b45e111ce352c3bd9324ebd3f3f578d15b8ec720
SHA5127b1c341e40f70f9afa27720a47fdb27285c389753cf02a28a3497ba40f0ce1f322f0847afde9780d4e22a4ae03edc279d57681a8796887b887e98a23a93f5a7b
-
\Program Files\Common Files\Microsoft Shared\Filters\backup.exeFilesize
72KB
MD52202d07b347263cfc7d006727e656c09
SHA1ebaf9121909be3b68e7c91614429f1590bf326b8
SHA2569bb87d643e5399d4089f0476b45e111ce352c3bd9324ebd3f3f578d15b8ec720
SHA5127b1c341e40f70f9afa27720a47fdb27285c389753cf02a28a3497ba40f0ce1f322f0847afde9780d4e22a4ae03edc279d57681a8796887b887e98a23a93f5a7b
-
\Program Files\Common Files\Microsoft Shared\backup.exeFilesize
72KB
MD5c5cfaee490ff1d5de68929f242c2492c
SHA1aff20b1c70a7edd4194c0a83ca74891bc94f387a
SHA256e5fa51d6bece972057af04637320bc118d1f01852feac22a314438625aae0ce3
SHA512c1d80f7ce389181bbea0204e8d5ec409fdeddd8be1091ee6012210340f764a33957e58a0b31e4af198747255d0b5a807fedf3c3d9e38a6267d50176e98a5479d
-
\Program Files\Common Files\Microsoft Shared\backup.exeFilesize
72KB
MD5c5cfaee490ff1d5de68929f242c2492c
SHA1aff20b1c70a7edd4194c0a83ca74891bc94f387a
SHA256e5fa51d6bece972057af04637320bc118d1f01852feac22a314438625aae0ce3
SHA512c1d80f7ce389181bbea0204e8d5ec409fdeddd8be1091ee6012210340f764a33957e58a0b31e4af198747255d0b5a807fedf3c3d9e38a6267d50176e98a5479d
-
\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exeFilesize
72KB
MD5f334c1101bd52809d86fddc4127fbd2c
SHA18a9770ddcafaaf09b8824bbc4ae073bb98d2ad8c
SHA256f3f2ba48352783211d4ddb7093f2b211411c076750fcd74e43fd894826c327e7
SHA51285d306f73409608369807018f2df39508a9caf18223d1a0208689114f4670a4b52e5e5240e8dbb17c22708d7d6c5f512ff483f981d998382af5e8e30b9d9c66f
-
\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exeFilesize
72KB
MD5f334c1101bd52809d86fddc4127fbd2c
SHA18a9770ddcafaaf09b8824bbc4ae073bb98d2ad8c
SHA256f3f2ba48352783211d4ddb7093f2b211411c076750fcd74e43fd894826c327e7
SHA51285d306f73409608369807018f2df39508a9caf18223d1a0208689114f4670a4b52e5e5240e8dbb17c22708d7d6c5f512ff483f981d998382af5e8e30b9d9c66f
-
\Program Files\Common Files\Microsoft Shared\ink\backup.exeFilesize
72KB
MD52202d07b347263cfc7d006727e656c09
SHA1ebaf9121909be3b68e7c91614429f1590bf326b8
SHA2569bb87d643e5399d4089f0476b45e111ce352c3bd9324ebd3f3f578d15b8ec720
SHA5127b1c341e40f70f9afa27720a47fdb27285c389753cf02a28a3497ba40f0ce1f322f0847afde9780d4e22a4ae03edc279d57681a8796887b887e98a23a93f5a7b
-
\Program Files\Common Files\Microsoft Shared\ink\backup.exeFilesize
72KB
MD52202d07b347263cfc7d006727e656c09
SHA1ebaf9121909be3b68e7c91614429f1590bf326b8
SHA2569bb87d643e5399d4089f0476b45e111ce352c3bd9324ebd3f3f578d15b8ec720
SHA5127b1c341e40f70f9afa27720a47fdb27285c389753cf02a28a3497ba40f0ce1f322f0847afde9780d4e22a4ae03edc279d57681a8796887b887e98a23a93f5a7b
-
\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exeFilesize
72KB
MD5f334c1101bd52809d86fddc4127fbd2c
SHA18a9770ddcafaaf09b8824bbc4ae073bb98d2ad8c
SHA256f3f2ba48352783211d4ddb7093f2b211411c076750fcd74e43fd894826c327e7
SHA51285d306f73409608369807018f2df39508a9caf18223d1a0208689114f4670a4b52e5e5240e8dbb17c22708d7d6c5f512ff483f981d998382af5e8e30b9d9c66f
-
\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exeFilesize
72KB
MD5f334c1101bd52809d86fddc4127fbd2c
SHA18a9770ddcafaaf09b8824bbc4ae073bb98d2ad8c
SHA256f3f2ba48352783211d4ddb7093f2b211411c076750fcd74e43fd894826c327e7
SHA51285d306f73409608369807018f2df39508a9caf18223d1a0208689114f4670a4b52e5e5240e8dbb17c22708d7d6c5f512ff483f981d998382af5e8e30b9d9c66f
-
\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exeFilesize
72KB
MD5f334c1101bd52809d86fddc4127fbd2c
SHA18a9770ddcafaaf09b8824bbc4ae073bb98d2ad8c
SHA256f3f2ba48352783211d4ddb7093f2b211411c076750fcd74e43fd894826c327e7
SHA51285d306f73409608369807018f2df39508a9caf18223d1a0208689114f4670a4b52e5e5240e8dbb17c22708d7d6c5f512ff483f981d998382af5e8e30b9d9c66f
-
\Program Files\Common Files\backup.exeFilesize
72KB
MD5a17b18e3dd2a25c51c5cb93cde8e274c
SHA1e0679becaf62c87bf49e53f1d42a542700314c86
SHA256b835b25bfeefe624236ed867d5fa20a0a617e34a710aeabfff6b627305af58b7
SHA512dd69b7ab5406f070d572e083aca8026b62e295350a7c58d7a602976abc22b67f76e9ccf993b4327a00a4c5d54a0f71572ab2c398075cd6c685f46bb9e8139f50
-
\Program Files\Common Files\backup.exeFilesize
72KB
MD5a17b18e3dd2a25c51c5cb93cde8e274c
SHA1e0679becaf62c87bf49e53f1d42a542700314c86
SHA256b835b25bfeefe624236ed867d5fa20a0a617e34a710aeabfff6b627305af58b7
SHA512dd69b7ab5406f070d572e083aca8026b62e295350a7c58d7a602976abc22b67f76e9ccf993b4327a00a4c5d54a0f71572ab2c398075cd6c685f46bb9e8139f50
-
\Program Files\backup.exeFilesize
72KB
MD58bc50fb74114781a7c75c25635de17fa
SHA1e796e56fb1f18361cef532649e1bd3190f8b99f0
SHA2565c5ea83a7363a098f1c7b2f285e6afe7bc6b472cf0e14f1224546a6cbe657a69
SHA51218c81740999be5be5e670a31560b7bf014deda8134b78c59aea6058011e8c8a018640bc92df36475facd9121bed87b5041ff5796352254d1a57b1b550093f619
-
\Program Files\backup.exeFilesize
72KB
MD58bc50fb74114781a7c75c25635de17fa
SHA1e796e56fb1f18361cef532649e1bd3190f8b99f0
SHA2565c5ea83a7363a098f1c7b2f285e6afe7bc6b472cf0e14f1224546a6cbe657a69
SHA51218c81740999be5be5e670a31560b7bf014deda8134b78c59aea6058011e8c8a018640bc92df36475facd9121bed87b5041ff5796352254d1a57b1b550093f619
-
\Users\Admin\AppData\Local\Temp\2213225376\backup.exeFilesize
72KB
MD545d6d862507cb06fead3634cdb036050
SHA1cfc609d018f910f08bfd9526b01d1c64e3fca8f9
SHA256f0f4934e4d4b52625b825dbf4699980acaf182245b14d730a021023855d437c5
SHA512a3e2a34f6451229df394f91989395805aed93f2d2db15d3d8f7abdc2119df9f4e7439863f6dc0e6f6e8ca9dbb80b70667e22c16b79e966185c29c9998c7059c5
-
\Users\Admin\AppData\Local\Temp\2213225376\backup.exeFilesize
72KB
MD545d6d862507cb06fead3634cdb036050
SHA1cfc609d018f910f08bfd9526b01d1c64e3fca8f9
SHA256f0f4934e4d4b52625b825dbf4699980acaf182245b14d730a021023855d437c5
SHA512a3e2a34f6451229df394f91989395805aed93f2d2db15d3d8f7abdc2119df9f4e7439863f6dc0e6f6e8ca9dbb80b70667e22c16b79e966185c29c9998c7059c5
-
\Users\Admin\AppData\Local\Temp\Low\backup.exeFilesize
72KB
MD545d6d862507cb06fead3634cdb036050
SHA1cfc609d018f910f08bfd9526b01d1c64e3fca8f9
SHA256f0f4934e4d4b52625b825dbf4699980acaf182245b14d730a021023855d437c5
SHA512a3e2a34f6451229df394f91989395805aed93f2d2db15d3d8f7abdc2119df9f4e7439863f6dc0e6f6e8ca9dbb80b70667e22c16b79e966185c29c9998c7059c5
-
\Users\Admin\AppData\Local\Temp\Low\backup.exeFilesize
72KB
MD545d6d862507cb06fead3634cdb036050
SHA1cfc609d018f910f08bfd9526b01d1c64e3fca8f9
SHA256f0f4934e4d4b52625b825dbf4699980acaf182245b14d730a021023855d437c5
SHA512a3e2a34f6451229df394f91989395805aed93f2d2db15d3d8f7abdc2119df9f4e7439863f6dc0e6f6e8ca9dbb80b70667e22c16b79e966185c29c9998c7059c5
-
\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exeFilesize
72KB
MD545d6d862507cb06fead3634cdb036050
SHA1cfc609d018f910f08bfd9526b01d1c64e3fca8f9
SHA256f0f4934e4d4b52625b825dbf4699980acaf182245b14d730a021023855d437c5
SHA512a3e2a34f6451229df394f91989395805aed93f2d2db15d3d8f7abdc2119df9f4e7439863f6dc0e6f6e8ca9dbb80b70667e22c16b79e966185c29c9998c7059c5
-
\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exeFilesize
72KB
MD545d6d862507cb06fead3634cdb036050
SHA1cfc609d018f910f08bfd9526b01d1c64e3fca8f9
SHA256f0f4934e4d4b52625b825dbf4699980acaf182245b14d730a021023855d437c5
SHA512a3e2a34f6451229df394f91989395805aed93f2d2db15d3d8f7abdc2119df9f4e7439863f6dc0e6f6e8ca9dbb80b70667e22c16b79e966185c29c9998c7059c5
-
\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exeFilesize
72KB
MD545d6d862507cb06fead3634cdb036050
SHA1cfc609d018f910f08bfd9526b01d1c64e3fca8f9
SHA256f0f4934e4d4b52625b825dbf4699980acaf182245b14d730a021023855d437c5
SHA512a3e2a34f6451229df394f91989395805aed93f2d2db15d3d8f7abdc2119df9f4e7439863f6dc0e6f6e8ca9dbb80b70667e22c16b79e966185c29c9998c7059c5
-
\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exeFilesize
72KB
MD545d6d862507cb06fead3634cdb036050
SHA1cfc609d018f910f08bfd9526b01d1c64e3fca8f9
SHA256f0f4934e4d4b52625b825dbf4699980acaf182245b14d730a021023855d437c5
SHA512a3e2a34f6451229df394f91989395805aed93f2d2db15d3d8f7abdc2119df9f4e7439863f6dc0e6f6e8ca9dbb80b70667e22c16b79e966185c29c9998c7059c5
-
\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeFilesize
72KB
MD5ba328c5f0aa976117f5365f1e52252bb
SHA182faa0dd6d8ffe3a1a53c28456cabccb2c8fb89b
SHA2568d00a6752d1f47e5abba7ee00ca83d486e4cba35b92fc61116e955174ee850d7
SHA5123a53acc872d2b60072c75c6fb29fae0c6f6b1ac346e6fdf52072f33bb2be80263903cc1b8f079a9f99cb7abe53d0ff2b14cc46679ad57ab742412ac69753c429
-
\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeFilesize
72KB
MD5ba328c5f0aa976117f5365f1e52252bb
SHA182faa0dd6d8ffe3a1a53c28456cabccb2c8fb89b
SHA2568d00a6752d1f47e5abba7ee00ca83d486e4cba35b92fc61116e955174ee850d7
SHA5123a53acc872d2b60072c75c6fb29fae0c6f6b1ac346e6fdf52072f33bb2be80263903cc1b8f079a9f99cb7abe53d0ff2b14cc46679ad57ab742412ac69753c429
-
\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeFilesize
72KB
MD545d6d862507cb06fead3634cdb036050
SHA1cfc609d018f910f08bfd9526b01d1c64e3fca8f9
SHA256f0f4934e4d4b52625b825dbf4699980acaf182245b14d730a021023855d437c5
SHA512a3e2a34f6451229df394f91989395805aed93f2d2db15d3d8f7abdc2119df9f4e7439863f6dc0e6f6e8ca9dbb80b70667e22c16b79e966185c29c9998c7059c5
-
\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeFilesize
72KB
MD545d6d862507cb06fead3634cdb036050
SHA1cfc609d018f910f08bfd9526b01d1c64e3fca8f9
SHA256f0f4934e4d4b52625b825dbf4699980acaf182245b14d730a021023855d437c5
SHA512a3e2a34f6451229df394f91989395805aed93f2d2db15d3d8f7abdc2119df9f4e7439863f6dc0e6f6e8ca9dbb80b70667e22c16b79e966185c29c9998c7059c5
-
\Users\Admin\AppData\Local\Temp\mozilla-temp-files\data.exeFilesize
72KB
MD5ba328c5f0aa976117f5365f1e52252bb
SHA182faa0dd6d8ffe3a1a53c28456cabccb2c8fb89b
SHA2568d00a6752d1f47e5abba7ee00ca83d486e4cba35b92fc61116e955174ee850d7
SHA5123a53acc872d2b60072c75c6fb29fae0c6f6b1ac346e6fdf52072f33bb2be80263903cc1b8f079a9f99cb7abe53d0ff2b14cc46679ad57ab742412ac69753c429
-
\Users\Admin\AppData\Local\Temp\mozilla-temp-files\data.exeFilesize
72KB
MD5ba328c5f0aa976117f5365f1e52252bb
SHA182faa0dd6d8ffe3a1a53c28456cabccb2c8fb89b
SHA2568d00a6752d1f47e5abba7ee00ca83d486e4cba35b92fc61116e955174ee850d7
SHA5123a53acc872d2b60072c75c6fb29fae0c6f6b1ac346e6fdf52072f33bb2be80263903cc1b8f079a9f99cb7abe53d0ff2b14cc46679ad57ab742412ac69753c429
-
memory/268-207-0x0000000000000000-mapping.dmp
-
memory/268-107-0x0000000000000000-mapping.dmp
-
memory/276-198-0x0000000000000000-mapping.dmp
-
memory/316-291-0x0000000000000000-mapping.dmp
-
memory/396-284-0x0000000000000000-mapping.dmp
-
memory/456-269-0x0000000000000000-mapping.dmp
-
memory/472-114-0x0000000000000000-mapping.dmp
-
memory/524-204-0x0000000000000000-mapping.dmp
-
memory/548-134-0x0000000000000000-mapping.dmp
-
memory/548-297-0x0000000000000000-mapping.dmp
-
memory/588-251-0x0000000000000000-mapping.dmp
-
memory/588-173-0x0000000000000000-mapping.dmp
-
memory/624-304-0x0000000000000000-mapping.dmp
-
memory/684-271-0x0000000000000000-mapping.dmp
-
memory/692-231-0x0000000000000000-mapping.dmp
-
memory/776-218-0x0000000000000000-mapping.dmp
-
memory/780-222-0x0000000000000000-mapping.dmp
-
memory/816-203-0x0000000000000000-mapping.dmp
-
memory/840-188-0x0000000000000000-mapping.dmp
-
memory/848-58-0x0000000000000000-mapping.dmp
-
memory/864-233-0x0000000000000000-mapping.dmp
-
memory/884-215-0x0000000000000000-mapping.dmp
-
memory/884-298-0x0000000000000000-mapping.dmp
-
memory/920-268-0x0000000000000000-mapping.dmp
-
memory/920-88-0x0000000000000000-mapping.dmp
-
memory/920-191-0x0000000000000000-mapping.dmp
-
memory/964-305-0x0000000000000000-mapping.dmp
-
memory/1056-70-0x0000000000000000-mapping.dmp
-
memory/1076-154-0x0000000000000000-mapping.dmp
-
memory/1080-147-0x0000000000000000-mapping.dmp
-
memory/1208-94-0x0000000000000000-mapping.dmp
-
memory/1220-197-0x0000000000000000-mapping.dmp
-
memory/1220-283-0x0000000000000000-mapping.dmp
-
memory/1292-248-0x0000000000000000-mapping.dmp
-
memory/1348-160-0x0000000000000000-mapping.dmp
-
memory/1364-167-0x0000000000000000-mapping.dmp
-
memory/1364-64-0x0000000000000000-mapping.dmp
-
memory/1368-140-0x0000000000000000-mapping.dmp
-
memory/1400-178-0x0000000000000000-mapping.dmp
-
memory/1432-282-0x0000000000000000-mapping.dmp
-
memory/1472-221-0x0000000000000000-mapping.dmp
-
memory/1500-227-0x0000000000000000-mapping.dmp
-
memory/1520-82-0x0000000000000000-mapping.dmp
-
memory/1520-181-0x0000000000000000-mapping.dmp
-
memory/1584-99-0x0000000000000000-mapping.dmp
-
memory/1588-127-0x0000000000000000-mapping.dmp
-
memory/1600-255-0x0000000000000000-mapping.dmp
-
memory/1604-254-0x0000000000000000-mapping.dmp
-
memory/1624-194-0x0000000000000000-mapping.dmp
-
memory/1660-296-0x0000000000000000-mapping.dmp
-
memory/1676-264-0x0000000000000000-mapping.dmp
-
memory/1700-238-0x0000000000000000-mapping.dmp
-
memory/1712-256-0x0000000000000000-mapping.dmp
-
memory/1716-230-0x0000000000000000-mapping.dmp
-
memory/1724-101-0x0000000075811000-0x0000000075813000-memory.dmpFilesize
8KB
-
memory/1724-184-0x00000000742D1000-0x00000000742D3000-memory.dmpFilesize
8KB
-
memory/1736-205-0x0000000000000000-mapping.dmp
-
memory/1740-278-0x0000000000000000-mapping.dmp
-
memory/1760-232-0x0000000000000000-mapping.dmp
-
memory/1764-76-0x0000000000000000-mapping.dmp
-
memory/1880-252-0x0000000000000000-mapping.dmp
-
memory/1900-288-0x0000000000000000-mapping.dmp
-
memory/1928-120-0x0000000000000000-mapping.dmp
-
memory/1940-244-0x0000000000000000-mapping.dmp
-
memory/1948-185-0x0000000000000000-mapping.dmp
-
memory/2020-309-0x0000000000000000-mapping.dmp