Overview

overview

10

Static

static

95a170dac0...a9.exe

windows7-x64

10

95a170dac0...a9.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    89s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 17:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    95a170dac0793857335f152daf75e0528cc293099984ea92e14a0b2fe9f88ba9.exe

  • Size

    72KB

  • MD5

    054be4f1bbdd73f075fe05eb69f0c154

  • SHA1

    24b0ccffe156d881f402332cb538264529402ec2

  • SHA256

    95a170dac0793857335f152daf75e0528cc293099984ea92e14a0b2fe9f88ba9

  • SHA512

    d2decfb3e25a5ad4caff48e8592252e71501bad50b5fd69b5d38cc4236637335007cf8f883784b45aaf3c203cbddacd8d368d5573e7137a0175114dd7aafb8cd

  • SSDEEP

    384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2X:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrb

Score
10/10
evasion

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
    evasion
  • Disables RegEdit via registry modification 64 IoCs
    evasion
  • Executes dropped EXE 64 IoCs
  • Loads dropped DLL 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 64 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\95a170dac0793857335f152daf75e0528cc293099984ea92e14a0b2fe9f88ba9.exe
    "C:\Users\Admin\AppData\Local\Temp\95a170dac0793857335f152daf75e0528cc293099984ea92e14a0b2fe9f88ba9.exe"
    1⤵
    • Modifies visibility of file extensions in Explorer
    • Loads dropped DLL
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:696
    • C:\Users\Admin\AppData\Local\Temp\3212388578\backup.exe
      C:\Users\Admin\AppData\Local\Temp\3212388578\backup.exe C:\Users\Admin\AppData\Local\Temp\3212388578\
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1888
      • C:\backup.exe
        \backup.exe \
        3⤵
        • Disables RegEdit via registry modification
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:924
        • C:\PerfLogs\backup.exe
          C:\PerfLogs\backup.exe C:\PerfLogs\
          4⤵
          • Modifies visibility of file extensions in Explorer
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1736
          • C:\PerfLogs\Admin\backup.exe
            C:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\
            5⤵
            • Disables RegEdit via registry modification
            • Executes dropped EXE
            • Suspicious use of SetWindowsHookEx
            PID:1376
        • C:\Program Files\backup.exe
          "C:\Program Files\backup.exe" C:\Program Files\
          4⤵
          • Modifies visibility of file extensions in Explorer
          • Disables RegEdit via registry modification
          • Executes dropped EXE
          • Loads dropped DLL
          • Drops file in Program Files directory
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          • System policy modification
          PID:1904
          • C:\Program Files\7-Zip\backup.exe
            "C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\
            5⤵
            • Modifies visibility of file extensions in Explorer
            • Executes dropped EXE
            • Loads dropped DLL
            • Drops file in Program Files directory
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:676
            • C:\Program Files\7-Zip\Lang\backup.exe
              "C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\
              6⤵
              • Modifies visibility of file extensions in Explorer
              • Executes dropped EXE
              • Suspicious use of SetWindowsHookEx
              PID:1932
          • C:\Program Files\Common Files\backup.exe
            "C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\
            5⤵
            • Disables RegEdit via registry modification
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            • System policy modification
            PID:1116
            • C:\Program Files\Common Files\Microsoft Shared\update.exe
              "C:\Program Files\Common Files\Microsoft Shared\update.exe" C:\Program Files\Common Files\Microsoft Shared\
              6⤵
              • Modifies visibility of file extensions in Explorer
              • Executes dropped EXE
              • Loads dropped DLL
              • Drops file in Program Files directory
              • Suspicious use of SetWindowsHookEx
              • System policy modification
              PID:940
              • C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe
                "C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\
                7⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Suspicious use of SetWindowsHookEx
                PID:1968
              • C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe
                "C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\
                7⤵
                • Modifies visibility of file extensions in Explorer
                • Disables RegEdit via registry modification
                • Executes dropped EXE
                • Loads dropped DLL
                • Drops file in Program Files directory
                • Suspicious use of SetWindowsHookEx
                • System policy modification
                PID:1396
                • C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\
                  8⤵
                  • Disables RegEdit via registry modification
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Suspicious use of SetWindowsHookEx
                  PID:1748
                • C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Suspicious use of SetWindowsHookEx
                  PID:972
                • C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:700
                • C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\
                  8⤵
                  • Disables RegEdit via registry modification
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:1616
                • C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\System Restore.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:896
                • C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\
                  8⤵
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:1364
                • C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\
                  8⤵
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  PID:1620
                • C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\
                  8⤵
                  • Disables RegEdit via registry modification
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  PID:1720
                • C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\
                  8⤵
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  PID:272
                • C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\
                  8⤵
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  PID:1132
                • C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:1716
                • C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\data.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\
                  8⤵
                  • Executes dropped EXE
                  • Drops file in Program Files directory
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:1996
                  • C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe
                    "C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\
                    9⤵
                    • Executes dropped EXE
                    • Suspicious use of SetWindowsHookEx
                    PID:1752
                  • C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe
                    "C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\
                    9⤵
                    • Disables RegEdit via registry modification
                    • Executes dropped EXE
                    • Suspicious use of SetWindowsHookEx
                    • System policy modification
                    PID:1792
                  • C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe
                    "C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\
                    9⤵
                    • Disables RegEdit via registry modification
                    • Executes dropped EXE
                    • Suspicious use of SetWindowsHookEx
                    • System policy modification
                    PID:1820
                  • C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe
                    "C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\
                    9⤵
                    • Modifies visibility of file extensions in Explorer
                    • Disables RegEdit via registry modification
                    • Executes dropped EXE
                    • Suspicious use of SetWindowsHookEx
                    • System policy modification
                    PID:268
                  • C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe
                    "C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\
                    9⤵
                    • Modifies visibility of file extensions in Explorer
                    • Disables RegEdit via registry modification
                    • Executes dropped EXE
                    • Suspicious use of SetWindowsHookEx
                    PID:1176
                  • C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe
                    "C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\
                    9⤵
                    • Modifies visibility of file extensions in Explorer
                    • Executes dropped EXE
                    • Suspicious use of SetWindowsHookEx
                    PID:1288
                  • C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe
                    "C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\
                    9⤵
                    • Disables RegEdit via registry modification
                    • Executes dropped EXE
                    • Suspicious use of SetWindowsHookEx
                    PID:1980
                  • C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe
                    "C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\
                    9⤵
                    • Modifies visibility of file extensions in Explorer
                    • Disables RegEdit via registry modification
                    • Executes dropped EXE
                    • Suspicious use of SetWindowsHookEx
                    • System policy modification
                    PID:1756
                  • C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe
                    "C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\
                    9⤵
                    • Modifies visibility of file extensions in Explorer
                    • Executes dropped EXE
                    • Suspicious use of SetWindowsHookEx
                    PID:1384
                • C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\update.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  • Disables RegEdit via registry modification
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  PID:908
                • C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\
                  8⤵
                  • Disables RegEdit via registry modification
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:1740
                • C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\
                  8⤵
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:1724
                • C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\
                  8⤵
                  • Disables RegEdit via registry modification
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:1172
                • C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\
                  8⤵
                  • Disables RegEdit via registry modification
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:1496
                • C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  • Disables RegEdit via registry modification
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  PID:948
                • C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  • Disables RegEdit via registry modification
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  PID:1900
                • C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  • Disables RegEdit via registry modification
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:1632
                • C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\
                  8⤵
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:1688
                • C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\
                  8⤵
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:1660
                • C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\
                  8⤵
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  PID:1216
                • C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\
                  8⤵
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:1376
                • C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\
                  8⤵
                  • Disables RegEdit via registry modification
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:640
                • C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\
                  8⤵
                  • Disables RegEdit via registry modification
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  PID:1340
                • C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\
                  8⤵
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:576
                • C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\
                  8⤵
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  PID:752
                • C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  PID:676
                • C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\
                  8⤵
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:484
                • C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\
                  8⤵
                  • Executes dropped EXE
                  PID:992
                • C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\
                  8⤵
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  PID:1016
                • C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\data.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:1552
                • C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  PID:632
                • C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\
                  8⤵
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:1384
                • C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\
                  8⤵
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:1424
                • C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  PID:968
              • C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe
                "C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\
                7⤵
                • Modifies visibility of file extensions in Explorer
                • Executes dropped EXE
                • Drops file in Program Files directory
                • Suspicious use of SetWindowsHookEx
                PID:1652
                • C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\
                  8⤵
                  • Disables RegEdit via registry modification
                  • System policy modification
                  PID:1772
                • C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\
                  8⤵
                  • Disables RegEdit via registry modification
                  • System policy modification
                  PID:1496
                • C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  PID:600
                • C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  • Disables RegEdit via registry modification
                  PID:980
                • C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  PID:1624
                • C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\
                  8⤵
                  • Disables RegEdit via registry modification
                  PID:1632
              • C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe
                "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\
                7⤵
                • System policy modification
                PID:304
                • C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\
                  8⤵
                  • Disables RegEdit via registry modification
                  • System policy modification
                  PID:572
              • C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe
                "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\
                7⤵
                • Disables RegEdit via registry modification
                PID:1292
              • C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe
                "C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\
                7⤵
                • Modifies visibility of file extensions in Explorer
                PID:1736
              • C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe
                "C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\
                7⤵
                • Disables RegEdit via registry modification
                • Drops file in Program Files directory
                PID:688
                • C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  • System policy modification
                  PID:1572
                • C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\
                  8⤵
                  • Disables RegEdit via registry modification
                  • System policy modification
                  PID:836
                • C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\
                  8⤵
                  • System policy modification
                  PID:1204
                • C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  PID:1552
                • C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  PID:1492
                • C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\
                  8⤵
                    PID:1616
                • C:\Program Files\Common Files\Microsoft Shared\Triedit\System Restore.exe
                  "C:\Program Files\Common Files\Microsoft Shared\Triedit\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\
                  7⤵
                  • Drops file in Program Files directory
                  PID:1592
                  • C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\backup.exe
                    "C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\
                    8⤵
                      PID:1132
                    • C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\backup.exe
                      "C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\
                      8⤵
                        PID:1340
                      • C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\backup.exe
                        "C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\
                        8⤵
                        • System policy modification
                        PID:676
                      • C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\data.exe
                        "C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\data.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\
                        8⤵
                        • Disables RegEdit via registry modification
                        PID:556
                      • C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\System Restore.exe
                        "C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\
                        8⤵
                        • Disables RegEdit via registry modification
                        • System policy modification
                        PID:960
                      • C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\backup.exe
                        "C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\
                        8⤵
                          PID:896
                      • C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe
                        "C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VC\
                        7⤵
                        • Modifies visibility of file extensions in Explorer
                        • System policy modification
                        PID:1288
                      • C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe
                        "C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VGX\
                        7⤵
                        • Modifies visibility of file extensions in Explorer
                        PID:1712
                      • C:\Program Files\Common Files\Microsoft Shared\VSTO\update.exe
                        "C:\Program Files\Common Files\Microsoft Shared\VSTO\update.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\
                        7⤵
                        • Modifies visibility of file extensions in Explorer
                        • Drops file in Program Files directory
                        • System policy modification
                        PID:904
                        • C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\backup.exe
                          "C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\
                          8⤵
                          • Modifies visibility of file extensions in Explorer
                          • Drops file in Program Files directory
                          PID:1884
                          • C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\backup.exe
                            "C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\
                            9⤵
                              PID:1440
                      • C:\Program Files\Common Files\Services\backup.exe
                        "C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\
                        6⤵
                        • Modifies visibility of file extensions in Explorer
                        • Disables RegEdit via registry modification
                        PID:1360
                      • C:\Program Files\Common Files\SpeechEngines\backup.exe
                        "C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\
                        6⤵
                        • Modifies visibility of file extensions in Explorer
                        • Drops file in Program Files directory
                        PID:1336
                        • C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe
                          "C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\
                          7⤵
                          • Modifies visibility of file extensions in Explorer
                          • Disables RegEdit via registry modification
                          PID:1708
                      • C:\Program Files\Common Files\System\backup.exe
                        "C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\
                        6⤵
                          PID:600
                      • C:\Program Files\DVD Maker\backup.exe
                        "C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\
                        5⤵
                        • Modifies visibility of file extensions in Explorer
                        • Disables RegEdit via registry modification
                        PID:992
                        • C:\Program Files\DVD Maker\de-DE\backup.exe
                          "C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\
                          6⤵
                          • Modifies visibility of file extensions in Explorer
                          PID:1692
                        • C:\Program Files\DVD Maker\en-US\backup.exe
                          "C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\
                          6⤵
                          • Modifies visibility of file extensions in Explorer
                          • Disables RegEdit via registry modification
                          PID:1748
                        • C:\Program Files\DVD Maker\es-ES\backup.exe
                          "C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\
                          6⤵
                          • Modifies visibility of file extensions in Explorer
                          • Disables RegEdit via registry modification
                          PID:1880
                        • C:\Program Files\DVD Maker\fr-FR\backup.exe
                          "C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\
                          6⤵
                            PID:848
                          • C:\Program Files\DVD Maker\it-IT\backup.exe
                            "C:\Program Files\DVD Maker\it-IT\backup.exe" C:\Program Files\DVD Maker\it-IT\
                            6⤵
                            • Modifies visibility of file extensions in Explorer
                            PID:1632
                          • C:\Program Files\DVD Maker\ja-JP\backup.exe
                            "C:\Program Files\DVD Maker\ja-JP\backup.exe" C:\Program Files\DVD Maker\ja-JP\
                            6⤵
                            • Modifies visibility of file extensions in Explorer
                            PID:1660
                          • C:\Program Files\DVD Maker\Shared\backup.exe
                            "C:\Program Files\DVD Maker\Shared\backup.exe" C:\Program Files\DVD Maker\Shared\
                            6⤵
                              PID:1292
                              • C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe
                                "C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\
                                7⤵
                                • Modifies visibility of file extensions in Explorer
                                • Disables RegEdit via registry modification
                                • Drops file in Program Files directory
                                • System policy modification
                                PID:1564
                                • C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe
                                  "C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\
                                  8⤵
                                    PID:756
                                  • C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe
                                    "C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\
                                    8⤵
                                      PID:1168
                                    • C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe
                                      "C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\
                                      8⤵
                                      • System policy modification
                                      PID:1964
                                    • C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe
                                      "C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Full\
                                      8⤵
                                      • System policy modification
                                      PID:556
                                    • C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe
                                      "C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\
                                      8⤵
                                      • Modifies visibility of file extensions in Explorer
                                      PID:992
                                    • C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\update.exe
                                      "C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\update.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\
                                      8⤵
                                        PID:768
                                      • C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe
                                        "C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\
                                        8⤵
                                          PID:1044
                                        • C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe
                                          "C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\
                                          8⤵
                                            PID:1792
                                          • C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe
                                            "C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\
                                            8⤵
                                            • System policy modification
                                            PID:1660
                                          • C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe
                                            "C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\
                                            8⤵
                                              PID:1588
                                      • C:\Program Files\Google\backup.exe
                                        "C:\Program Files\Google\backup.exe" C:\Program Files\Google\
                                        5⤵
                                        • Modifies visibility of file extensions in Explorer
                                        • Disables RegEdit via registry modification
                                        • System policy modification
                                        PID:1988
                                        • C:\Program Files\Google\Chrome\backup.exe
                                          "C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\
                                          6⤵
                                          • System policy modification
                                          PID:1492
                                          • C:\Program Files\Google\Chrome\Application\backup.exe
                                            "C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\
                                            7⤵
                                            • Modifies visibility of file extensions in Explorer
                                            • Disables RegEdit via registry modification
                                            PID:864
                                            • C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe
                                              "C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\
                                              8⤵
                                              • Modifies visibility of file extensions in Explorer
                                              • Disables RegEdit via registry modification
                                              • Drops file in Program Files directory
                                              PID:1648
                                              • C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe
                                                "C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\
                                                9⤵
                                                • Disables RegEdit via registry modification
                                                PID:1292
                                              • C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe
                                                "C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\
                                                9⤵
                                                  PID:2020
                                                • C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe
                                                  "C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\
                                                  9⤵
                                                    PID:960
                                                  • C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe
                                                    "C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\
                                                    9⤵
                                                      PID:676
                                                    • C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe
                                                      "C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\
                                                      9⤵
                                                        PID:1224
                                                      • C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe
                                                        "C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\
                                                        9⤵
                                                          PID:2012
                                                        • C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\update.exe
                                                          "C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\update.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\
                                                          9⤵
                                                            PID:1344
                                                          • C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe
                                                            "C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\
                                                            9⤵
                                                              PID:1312
                                                          • C:\Program Files\Google\Chrome\Application\Dictionaries\backup.exe
                                                            "C:\Program Files\Google\Chrome\Application\Dictionaries\backup.exe" C:\Program Files\Google\Chrome\Application\Dictionaries\
                                                            8⤵
                                                              PID:1640
                                                            • C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe
                                                              "C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\
                                                              8⤵
                                                                PID:1652
                                                        • C:\Program Files\Internet Explorer\backup.exe
                                                          "C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\
                                                          5⤵
                                                            PID:1768
                                                            • C:\Program Files\Internet Explorer\de-DE\backup.exe
                                                              "C:\Program Files\Internet Explorer\de-DE\backup.exe" C:\Program Files\Internet Explorer\de-DE\
                                                              6⤵
                                                                PID:780
                                                              • C:\Program Files\Internet Explorer\en-US\backup.exe
                                                                "C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\
                                                                6⤵
                                                                  PID:1180
                                                                • C:\Program Files\Internet Explorer\es-ES\backup.exe
                                                                  "C:\Program Files\Internet Explorer\es-ES\backup.exe" C:\Program Files\Internet Explorer\es-ES\
                                                                  6⤵
                                                                    PID:1448
                                                                • C:\Program Files\Java\backup.exe
                                                                  "C:\Program Files\Java\backup.exe" C:\Program Files\Java\
                                                                  5⤵
                                                                    PID:1660
                                                                    • C:\Program Files\Java\jdk1.7.0_80\backup.exe
                                                                      "C:\Program Files\Java\jdk1.7.0_80\backup.exe" C:\Program Files\Java\jdk1.7.0_80\
                                                                      6⤵
                                                                        PID:700
                                                                      • C:\Program Files\Java\jre7\backup.exe
                                                                        "C:\Program Files\Java\jre7\backup.exe" C:\Program Files\Java\jre7\
                                                                        6⤵
                                                                          PID:1988
                                                                      • C:\Program Files\Microsoft Games\backup.exe
                                                                        "C:\Program Files\Microsoft Games\backup.exe" C:\Program Files\Microsoft Games\
                                                                        5⤵
                                                                          PID:908
                                                                          • C:\Program Files\Microsoft Games\Chess\data.exe
                                                                            "C:\Program Files\Microsoft Games\Chess\data.exe" C:\Program Files\Microsoft Games\Chess\
                                                                            6⤵
                                                                              PID:1964
                                                                            • C:\Program Files\Microsoft Games\FreeCell\backup.exe
                                                                              "C:\Program Files\Microsoft Games\FreeCell\backup.exe" C:\Program Files\Microsoft Games\FreeCell\
                                                                              6⤵
                                                                                PID:364
                                                                              • C:\Program Files\Microsoft Games\Hearts\backup.exe
                                                                                "C:\Program Files\Microsoft Games\Hearts\backup.exe" C:\Program Files\Microsoft Games\Hearts\
                                                                                6⤵
                                                                                  PID:1320
                                                                              • C:\Program Files\Microsoft Office\backup.exe
                                                                                "C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\
                                                                                5⤵
                                                                                  PID:844
                                                                                  • C:\Program Files\Microsoft Office\Office14\backup.exe
                                                                                    "C:\Program Files\Microsoft Office\Office14\backup.exe" C:\Program Files\Microsoft Office\Office14\
                                                                                    6⤵
                                                                                      PID:1568
                                                                                  • C:\Program Files\Mozilla Firefox\update.exe
                                                                                    "C:\Program Files\Mozilla Firefox\update.exe" C:\Program Files\Mozilla Firefox\
                                                                                    5⤵
                                                                                      PID:756
                                                                                      • C:\Program Files\Mozilla Firefox\browser\backup.exe
                                                                                        "C:\Program Files\Mozilla Firefox\browser\backup.exe" C:\Program Files\Mozilla Firefox\browser\
                                                                                        6⤵
                                                                                          PID:240
                                                                                      • C:\Program Files\MSBuild\update.exe
                                                                                        "C:\Program Files\MSBuild\update.exe" C:\Program Files\MSBuild\
                                                                                        5⤵
                                                                                          PID:1132
                                                                                        • C:\Program Files\Reference Assemblies\update.exe
                                                                                          "C:\Program Files\Reference Assemblies\update.exe" C:\Program Files\Reference Assemblies\
                                                                                          5⤵
                                                                                            PID:904
                                                                                        • C:\Program Files (x86)\backup.exe
                                                                                          "C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\
                                                                                          4⤵
                                                                                          • Drops file in Program Files directory
                                                                                          PID:640
                                                                                          • C:\Program Files (x86)\Adobe\backup.exe
                                                                                            "C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\
                                                                                            5⤵
                                                                                            • Drops file in Program Files directory
                                                                                            PID:1792
                                                                                            • C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe
                                                                                              "C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\
                                                                                              6⤵
                                                                                              • Drops file in Program Files directory
                                                                                              • System policy modification
                                                                                              PID:1820
                                                                                              • C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe
                                                                                                "C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\
                                                                                                7⤵
                                                                                                • System policy modification
                                                                                                PID:240
                                                                                              • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe
                                                                                                "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\
                                                                                                7⤵
                                                                                                • Modifies visibility of file extensions in Explorer
                                                                                                • Drops file in Program Files directory
                                                                                                PID:1404
                                                                                                • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe
                                                                                                  "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\
                                                                                                  8⤵
                                                                                                  • Modifies visibility of file extensions in Explorer
                                                                                                  PID:1980
                                                                                                • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe
                                                                                                  "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\
                                                                                                  8⤵
                                                                                                  • Modifies visibility of file extensions in Explorer
                                                                                                  PID:2024
                                                                                                • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe
                                                                                                  "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\
                                                                                                  8⤵
                                                                                                  • Modifies visibility of file extensions in Explorer
                                                                                                  PID:1144
                                                                                                • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe
                                                                                                  "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\
                                                                                                  8⤵
                                                                                                    PID:896
                                                                                                    • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe
                                                                                                      "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\
                                                                                                      9⤵
                                                                                                      • Disables RegEdit via registry modification
                                                                                                      PID:1620
                                                                                                  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe
                                                                                                    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\
                                                                                                    8⤵
                                                                                                      PID:1528
                                                                                                    • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe
                                                                                                      "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\
                                                                                                      8⤵
                                                                                                      • Disables RegEdit via registry modification
                                                                                                      • Drops file in Program Files directory
                                                                                                      • System policy modification
                                                                                                      PID:1532
                                                                                                      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe
                                                                                                        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\
                                                                                                        9⤵
                                                                                                        • Disables RegEdit via registry modification
                                                                                                        PID:1388
                                                                                                    • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\System Restore.exe
                                                                                                      "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\
                                                                                                      8⤵
                                                                                                      • Modifies visibility of file extensions in Explorer
                                                                                                      • Disables RegEdit via registry modification
                                                                                                      PID:1640
                                                                                                    • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe
                                                                                                      "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\
                                                                                                      8⤵
                                                                                                      • Disables RegEdit via registry modification
                                                                                                      • Drops file in Program Files directory
                                                                                                      PID:1644
                                                                                                      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe
                                                                                                        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\
                                                                                                        9⤵
                                                                                                        • Modifies visibility of file extensions in Explorer
                                                                                                        • Drops file in Program Files directory
                                                                                                        PID:1764
                                                                                                        • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe
                                                                                                          "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\
                                                                                                          10⤵
                                                                                                          • Disables RegEdit via registry modification
                                                                                                          PID:1588
                                                                                                      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe
                                                                                                        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\
                                                                                                        9⤵
                                                                                                          PID:1880
                                                                                                        • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe
                                                                                                          "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\
                                                                                                          9⤵
                                                                                                            PID:544
                                                                                                            • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\backup.exe
                                                                                                              "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\
                                                                                                              10⤵
                                                                                                                PID:1492
                                                                                                            • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe
                                                                                                              "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\
                                                                                                              9⤵
                                                                                                                PID:1980
                                                                                                            • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\update.exe
                                                                                                              "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\
                                                                                                              8⤵
                                                                                                              • Modifies visibility of file extensions in Explorer
                                                                                                              • System policy modification
                                                                                                              PID:972
                                                                                                              • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\update.exe
                                                                                                                "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\
                                                                                                                9⤵
                                                                                                                  PID:1884
                                                                                                              • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\data.exe
                                                                                                                "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\data.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\
                                                                                                                8⤵
                                                                                                                  PID:1912
                                                                                                                • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe
                                                                                                                  "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\
                                                                                                                  8⤵
                                                                                                                    PID:940
                                                                                                                • C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe
                                                                                                                  "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\
                                                                                                                  7⤵
                                                                                                                  • Modifies visibility of file extensions in Explorer
                                                                                                                  • Drops file in Program Files directory
                                                                                                                  • System policy modification
                                                                                                                  PID:1312
                                                                                                                  • C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe
                                                                                                                    "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\
                                                                                                                    8⤵
                                                                                                                    • Modifies visibility of file extensions in Explorer
                                                                                                                    PID:1536
                                                                                                                    • C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe
                                                                                                                      "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\
                                                                                                                      9⤵
                                                                                                                        PID:1448
                                                                                                                    • C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe
                                                                                                                      "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\
                                                                                                                      8⤵
                                                                                                                        PID:1384
                                                                                                                      • C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe
                                                                                                                        "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\
                                                                                                                        8⤵
                                                                                                                          PID:1920
                                                                                                                          • C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\backup.exe
                                                                                                                            "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\
                                                                                                                            9⤵
                                                                                                                              PID:1548
                                                                                                                            • C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\backup.exe
                                                                                                                              "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\
                                                                                                                              9⤵
                                                                                                                                PID:1348
                                                                                                                                • C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\backup.exe
                                                                                                                                  "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\
                                                                                                                                  10⤵
                                                                                                                                    PID:1916
                                                                                                                              • C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\System Restore.exe
                                                                                                                                "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\
                                                                                                                                8⤵
                                                                                                                                  PID:1984
                                                                                                                                • C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe
                                                                                                                                  "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\
                                                                                                                                  8⤵
                                                                                                                                    PID:1360
                                                                                                                                • C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\update.exe
                                                                                                                                  "C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\
                                                                                                                                  7⤵
                                                                                                                                    PID:2024
                                                                                                                              • C:\Program Files (x86)\Common Files\backup.exe
                                                                                                                                "C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\
                                                                                                                                5⤵
                                                                                                                                • Disables RegEdit via registry modification
                                                                                                                                • Drops file in Program Files directory
                                                                                                                                • System policy modification
                                                                                                                                PID:632
                                                                                                                                • C:\Program Files (x86)\Common Files\Adobe\backup.exe
                                                                                                                                  "C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\
                                                                                                                                  6⤵
                                                                                                                                  • Drops file in Program Files directory
                                                                                                                                  PID:968
                                                                                                                                  • C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe
                                                                                                                                    "C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\
                                                                                                                                    7⤵
                                                                                                                                    • Modifies visibility of file extensions in Explorer
                                                                                                                                    PID:1632
                                                                                                                                  • C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe
                                                                                                                                    "C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\
                                                                                                                                    7⤵
                                                                                                                                      PID:316
                                                                                                                                    • C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe
                                                                                                                                      "C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Updater6\
                                                                                                                                      7⤵
                                                                                                                                        PID:1512
                                                                                                                                    • C:\Program Files (x86)\Common Files\Adobe AIR\update.exe
                                                                                                                                      "C:\Program Files (x86)\Common Files\Adobe AIR\update.exe" C:\Program Files (x86)\Common Files\Adobe AIR\
                                                                                                                                      6⤵
                                                                                                                                        PID:1340
                                                                                                                                      • C:\Program Files (x86)\Common Files\DESIGNER\backup.exe
                                                                                                                                        "C:\Program Files (x86)\Common Files\DESIGNER\backup.exe" C:\Program Files (x86)\Common Files\DESIGNER\
                                                                                                                                        6⤵
                                                                                                                                          PID:1132
                                                                                                                                        • C:\Program Files (x86)\Common Files\microsoft shared\backup.exe
                                                                                                                                          "C:\Program Files (x86)\Common Files\microsoft shared\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\
                                                                                                                                          6⤵
                                                                                                                                            PID:2044
                                                                                                                                          • C:\Program Files (x86)\Common Files\Services\update.exe
                                                                                                                                            "C:\Program Files (x86)\Common Files\Services\update.exe" C:\Program Files (x86)\Common Files\Services\
                                                                                                                                            6⤵
                                                                                                                                              PID:752
                                                                                                                                            • C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe
                                                                                                                                              "C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe" C:\Program Files (x86)\Common Files\SpeechEngines\
                                                                                                                                              6⤵
                                                                                                                                                PID:304
                                                                                                                                                • C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\backup.exe
                                                                                                                                                  "C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\
                                                                                                                                                  7⤵
                                                                                                                                                    PID:1500
                                                                                                                                                • C:\Program Files (x86)\Common Files\System\update.exe
                                                                                                                                                  "C:\Program Files (x86)\Common Files\System\update.exe" C:\Program Files (x86)\Common Files\System\
                                                                                                                                                  6⤵
                                                                                                                                                    PID:1572
                                                                                                                                                • C:\Program Files (x86)\Google\update.exe
                                                                                                                                                  "C:\Program Files (x86)\Google\update.exe" C:\Program Files (x86)\Google\
                                                                                                                                                  5⤵
                                                                                                                                                    PID:1748
                                                                                                                                                    • C:\Program Files (x86)\Google\CrashReports\backup.exe
                                                                                                                                                      "C:\Program Files (x86)\Google\CrashReports\backup.exe" C:\Program Files (x86)\Google\CrashReports\
                                                                                                                                                      6⤵
                                                                                                                                                        PID:572
                                                                                                                                                      • C:\Program Files (x86)\Google\Policies\backup.exe
                                                                                                                                                        "C:\Program Files (x86)\Google\Policies\backup.exe" C:\Program Files (x86)\Google\Policies\
                                                                                                                                                        6⤵
                                                                                                                                                          PID:1632
                                                                                                                                                        • C:\Program Files (x86)\Google\Temp\backup.exe
                                                                                                                                                          "C:\Program Files (x86)\Google\Temp\backup.exe" C:\Program Files (x86)\Google\Temp\
                                                                                                                                                          6⤵
                                                                                                                                                            PID:868
                                                                                                                                                          • C:\Program Files (x86)\Google\Update\backup.exe
                                                                                                                                                            "C:\Program Files (x86)\Google\Update\backup.exe" C:\Program Files (x86)\Google\Update\
                                                                                                                                                            6⤵
                                                                                                                                                              PID:1620
                                                                                                                                                          • C:\Program Files (x86)\Internet Explorer\backup.exe
                                                                                                                                                            "C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\
                                                                                                                                                            5⤵
                                                                                                                                                              PID:1716
                                                                                                                                                            • C:\Program Files (x86)\Microsoft Analysis Services\System Restore.exe
                                                                                                                                                              "C:\Program Files (x86)\Microsoft Analysis Services\System Restore.exe" C:\Program Files (x86)\Microsoft Analysis Services\
                                                                                                                                                              5⤵
                                                                                                                                                                PID:1208
                                                                                                                                                                • C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\backup.exe
                                                                                                                                                                  "C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\
                                                                                                                                                                  6⤵
                                                                                                                                                                    PID:1536
                                                                                                                                                                    • C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\backup.exe
                                                                                                                                                                      "C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\
                                                                                                                                                                      7⤵
                                                                                                                                                                        PID:1552
                                                                                                                                                                  • C:\Program Files (x86)\Microsoft Office\System Restore.exe
                                                                                                                                                                    "C:\Program Files (x86)\Microsoft Office\System Restore.exe" C:\Program Files (x86)\Microsoft Office\
                                                                                                                                                                    5⤵
                                                                                                                                                                      PID:288
                                                                                                                                                                    • C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe
                                                                                                                                                                      "C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe" C:\Program Files (x86)\Microsoft SQL Server Compact Edition\
                                                                                                                                                                      5⤵
                                                                                                                                                                        PID:2000
                                                                                                                                                                      • C:\Program Files (x86)\Microsoft Sync Framework\backup.exe
                                                                                                                                                                        "C:\Program Files (x86)\Microsoft Sync Framework\backup.exe" C:\Program Files (x86)\Microsoft Sync Framework\
                                                                                                                                                                        5⤵
                                                                                                                                                                          PID:1720
                                                                                                                                                                        • C:\Program Files (x86)\Microsoft Synchronization Services\backup.exe
                                                                                                                                                                          "C:\Program Files (x86)\Microsoft Synchronization Services\backup.exe" C:\Program Files (x86)\Microsoft Synchronization Services\
                                                                                                                                                                          5⤵
                                                                                                                                                                            PID:272
                                                                                                                                                                        • C:\Users\backup.exe
                                                                                                                                                                          C:\Users\backup.exe C:\Users\
                                                                                                                                                                          4⤵
                                                                                                                                                                            PID:1548
                                                                                                                                                                            • C:\Users\Admin\backup.exe
                                                                                                                                                                              C:\Users\Admin\backup.exe C:\Users\Admin\
                                                                                                                                                                              5⤵
                                                                                                                                                                              • Disables RegEdit via registry modification
                                                                                                                                                                              PID:1772
                                                                                                                                                                              • C:\Users\Admin\Contacts\backup.exe
                                                                                                                                                                                C:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\
                                                                                                                                                                                6⤵
                                                                                                                                                                                • Modifies visibility of file extensions in Explorer
                                                                                                                                                                                PID:1732
                                                                                                                                                                              • C:\Users\Admin\Desktop\backup.exe
                                                                                                                                                                                C:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\
                                                                                                                                                                                6⤵
                                                                                                                                                                                • Disables RegEdit via registry modification
                                                                                                                                                                                • System policy modification
                                                                                                                                                                                PID:1388
                                                                                                                                                                              • C:\Users\Admin\Documents\backup.exe
                                                                                                                                                                                C:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\
                                                                                                                                                                                6⤵
                                                                                                                                                                                  PID:364
                                                                                                                                                                                • C:\Users\Admin\Downloads\backup.exe
                                                                                                                                                                                  C:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\
                                                                                                                                                                                  6⤵
                                                                                                                                                                                    PID:868
                                                                                                                                                                                  • C:\Users\Admin\Favorites\backup.exe
                                                                                                                                                                                    C:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\
                                                                                                                                                                                    6⤵
                                                                                                                                                                                      PID:1076
                                                                                                                                                                                    • C:\Users\Admin\Links\System Restore.exe
                                                                                                                                                                                      "C:\Users\Admin\Links\System Restore.exe" C:\Users\Admin\Links\
                                                                                                                                                                                      6⤵
                                                                                                                                                                                        PID:1440
                                                                                                                                                                                      • C:\Users\Admin\Music\backup.exe
                                                                                                                                                                                        C:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\
                                                                                                                                                                                        6⤵
                                                                                                                                                                                          PID:1220
                                                                                                                                                                                        • C:\Users\Admin\Pictures\backup.exe
                                                                                                                                                                                          C:\Users\Admin\Pictures\backup.exe C:\Users\Admin\Pictures\
                                                                                                                                                                                          6⤵
                                                                                                                                                                                            PID:972
                                                                                                                                                                                          • C:\Users\Admin\Saved Games\System Restore.exe
                                                                                                                                                                                            "C:\Users\Admin\Saved Games\System Restore.exe" C:\Users\Admin\Saved Games\
                                                                                                                                                                                            6⤵
                                                                                                                                                                                              PID:1220
                                                                                                                                                                                          • C:\Users\Public\backup.exe
                                                                                                                                                                                            C:\Users\Public\backup.exe C:\Users\Public\
                                                                                                                                                                                            5⤵
                                                                                                                                                                                              PID:1020
                                                                                                                                                                                          • C:\Windows\data.exe
                                                                                                                                                                                            C:\Windows\data.exe C:\Windows\
                                                                                                                                                                                            4⤵
                                                                                                                                                                                              PID:484
                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\update.exe
                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\update.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\
                                                                                                                                                                                          2⤵
                                                                                                                                                                                          • Modifies visibility of file extensions in Explorer
                                                                                                                                                                                          • Disables RegEdit via registry modification
                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                          • Loads dropped DLL
                                                                                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                          PID:1544
                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\Low\data.exe
                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\Low\data.exe C:\Users\Admin\AppData\Local\Temp\Low\
                                                                                                                                                                                          2⤵
                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                          PID:1516
                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe
                                                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\
                                                                                                                                                                                          2⤵
                                                                                                                                                                                          • Disables RegEdit via registry modification
                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                          • System policy modification
                                                                                                                                                                                          PID:1336
                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe
                                                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\
                                                                                                                                                                                          2⤵
                                                                                                                                                                                          • Modifies visibility of file extensions in Explorer
                                                                                                                                                                                          • Disables RegEdit via registry modification
                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                          PID:904
                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe
                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\
                                                                                                                                                                                          2⤵
                                                                                                                                                                                          • Disables RegEdit via registry modification
                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                          • System policy modification
                                                                                                                                                                                          PID:1180
                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe
                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\
                                                                                                                                                                                          2⤵
                                                                                                                                                                                          • Modifies visibility of file extensions in Explorer
                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                          PID:1716

                                                                                                                                                                                      Network

                                                                                                                                                                                      MITRE ATT&CK Matrix ATT&CK v6

                                                                                                                                                                                      Initial Access

                                                                                                                                                                                      Execution

                                                                                                                                                                                      Persistence

                                                                                                                                                                                      Hidden Files and Directories

                                                                                                                                                                                      1
                                                                                                                                                                                      T1158

                                                                                                                                                                                      Privilege Escalation

                                                                                                                                                                                      Defense Evasion

                                                                                                                                                                                      Hidden Files and Directories

                                                                                                                                                                                      1
                                                                                                                                                                                      T1158

                                                                                                                                                                                      Modify Registry

                                                                                                                                                                                      2
                                                                                                                                                                                      T1112

                                                                                                                                                                                      Credential Access

                                                                                                                                                                                      Discovery

                                                                                                                                                                                      System Information Discovery

                                                                                                                                                                                      1
                                                                                                                                                                                      T1082

                                                                                                                                                                                      Lateral Movement

                                                                                                                                                                                      Collection

                                                                                                                                                                                      Exfiltration

                                                                                                                                                                                      Command and Control

                                                                                                                                                                                      Impact

                                                                                                                                                                                      Replay Monitor

                                                                                                                                                                                      Loading Replay Monitor...

                                                                                                                                                                                      Downloads

                                                                                                                                                                                      • C:\PerfLogs\Admin\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        df4cd08c43d1e27c678b9b7ae60b778d

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        f140fcc985f6bbfe71e7837f443a6584bae319f6

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        cd176cdc697a7ac8f01343410a5ea6b6e7d5a7379270672806c3a177149481c7

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        202014188d53bc65b08e2ad5a0a7b4b0407ef2e7d0897e43a1874f11e3b9a1093d7e13fa2dda382d63e3a2ed96e5f0c8cc6bb7fefc82b7c6fdd409a4621591b2

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • C:\PerfLogs\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        e2090c9651b625e865c74cdc85680e1a

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        6cdf0dd185f51f4dacde09ec6b065fadd65ccf4e

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        203d261ecd36bed01ee88578b9f89b531458e11937185d77d205b6fdeca5e830

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        96f0106b6116dfc24673d9d0099218a8abe98093b247bafdb0c52eb8ba73002fb5e693e0d640d85973fd08944ec8ffc35faf13a16066a1927e603719c8f3bc9a

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • C:\PerfLogs\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        e2090c9651b625e865c74cdc85680e1a

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        6cdf0dd185f51f4dacde09ec6b065fadd65ccf4e

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        203d261ecd36bed01ee88578b9f89b531458e11937185d77d205b6fdeca5e830

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        96f0106b6116dfc24673d9d0099218a8abe98093b247bafdb0c52eb8ba73002fb5e693e0d640d85973fd08944ec8ffc35faf13a16066a1927e603719c8f3bc9a

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • C:\Program Files\7-Zip\Lang\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        8398b5417a87e594993c43c3bb553c67

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        259e8a8c5d865d049177a6fd4f80fa3ae6ff3896

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        72c987ed3378287b170617c63f6b09dabfbdfbe7bce61945afe51a481f519dc8

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        49c3e8eef3f03d1859f34b368ed5e7d8fbf114ee8fcf2566ec97f7ff81ee16932bbb4a97a2c131a1fc4d7a17fdb2ce6b0929731db93587c13ba378ccebda5f69

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • C:\Program Files\7-Zip\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        df4cd08c43d1e27c678b9b7ae60b778d

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        f140fcc985f6bbfe71e7837f443a6584bae319f6

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        cd176cdc697a7ac8f01343410a5ea6b6e7d5a7379270672806c3a177149481c7

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        202014188d53bc65b08e2ad5a0a7b4b0407ef2e7d0897e43a1874f11e3b9a1093d7e13fa2dda382d63e3a2ed96e5f0c8cc6bb7fefc82b7c6fdd409a4621591b2

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • C:\Program Files\7-Zip\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        df4cd08c43d1e27c678b9b7ae60b778d

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        f140fcc985f6bbfe71e7837f443a6584bae319f6

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        cd176cdc697a7ac8f01343410a5ea6b6e7d5a7379270672806c3a177149481c7

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        202014188d53bc65b08e2ad5a0a7b4b0407ef2e7d0897e43a1874f11e3b9a1093d7e13fa2dda382d63e3a2ed96e5f0c8cc6bb7fefc82b7c6fdd409a4621591b2

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        07331e141dc68f7480904e75cada49bf

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        c71fcb71fb8db6336de1ed57705f9684aec9f007

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        ea457d39184d77273c26376859bd046b5684835bb60afc1d3e53a10dec3c5781

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        a225c1ea8d310dbda0e0132bd98da7007a7ab372668ddcc6f98a9fb91ff299bf6e699f01196c2694a43ff18daba803d1850e0f703156b10f74b1012f8b33085b

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        07331e141dc68f7480904e75cada49bf

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        c71fcb71fb8db6336de1ed57705f9684aec9f007

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        ea457d39184d77273c26376859bd046b5684835bb60afc1d3e53a10dec3c5781

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        a225c1ea8d310dbda0e0132bd98da7007a7ab372668ddcc6f98a9fb91ff299bf6e699f01196c2694a43ff18daba803d1850e0f703156b10f74b1012f8b33085b

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • C:\Program Files\Common Files\Microsoft Shared\update.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        11b6a5d7bfcbe55a58be25140f1fc22d

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        2cb0f46669c76964bbf43b7121f01e9d7678f203

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        30afb97d13838891ac89ec410651d0ba92b9f76809b308a8fb5a4bb23acdeb51

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        da651e1d2b6f691a456c2fe2c560f92ab10bf1cb93aca5d703156ed504993bc148848fbcc81e1438383c6bba2b88e82344aeecacc72bcdfb49805ee62dc1cfb7

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • C:\Program Files\Common Files\Microsoft Shared\update.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        11b6a5d7bfcbe55a58be25140f1fc22d

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        2cb0f46669c76964bbf43b7121f01e9d7678f203

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        30afb97d13838891ac89ec410651d0ba92b9f76809b308a8fb5a4bb23acdeb51

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        da651e1d2b6f691a456c2fe2c560f92ab10bf1cb93aca5d703156ed504993bc148848fbcc81e1438383c6bba2b88e82344aeecacc72bcdfb49805ee62dc1cfb7

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • C:\Program Files\Common Files\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        097a282e51a021c3b082e933525cf0af

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        c24b99c82fd6e168c5783fe50e57da097ce1417c

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        ba366d9524a38f3824ee5666f9543386f110d36eab572c221e7593267808aa76

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        4b9c036236982ef9e96485e5763d9137a22c39203a8ce720d66871a3362bf342026bc9de981875bba2db5bfe85e153d5e03f445692d19d5a24664f5680c188d7

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • C:\Program Files\Common Files\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        097a282e51a021c3b082e933525cf0af

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        c24b99c82fd6e168c5783fe50e57da097ce1417c

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        ba366d9524a38f3824ee5666f9543386f110d36eab572c221e7593267808aa76

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        4b9c036236982ef9e96485e5763d9137a22c39203a8ce720d66871a3362bf342026bc9de981875bba2db5bfe85e153d5e03f445692d19d5a24664f5680c188d7

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • C:\Program Files\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        e2090c9651b625e865c74cdc85680e1a

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        6cdf0dd185f51f4dacde09ec6b065fadd65ccf4e

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        203d261ecd36bed01ee88578b9f89b531458e11937185d77d205b6fdeca5e830

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        96f0106b6116dfc24673d9d0099218a8abe98093b247bafdb0c52eb8ba73002fb5e693e0d640d85973fd08944ec8ffc35faf13a16066a1927e603719c8f3bc9a

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • C:\Program Files\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        e2090c9651b625e865c74cdc85680e1a

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        6cdf0dd185f51f4dacde09ec6b065fadd65ccf4e

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        203d261ecd36bed01ee88578b9f89b531458e11937185d77d205b6fdeca5e830

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        96f0106b6116dfc24673d9d0099218a8abe98093b247bafdb0c52eb8ba73002fb5e693e0d640d85973fd08944ec8ffc35faf13a16066a1927e603719c8f3bc9a

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\3212388578\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        a1f69d886eb3ddc62dc4d138dfb024d3

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        b4871fa86692480b7dfe4a3fbcca098de701de91

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        3901939f8ded545b5c0ccb60881e8246e13c16ea59972f2b9f214db4c1e7eae8

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        040efa7954e03c6f4c86c12b7051efe9c022b3dd8570f310f781700186bf11325073d91b2c457ca98ca6c2e390915a8bb4824c0f33a0e2847bc68bae51f4e26d

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\3212388578\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        a1f69d886eb3ddc62dc4d138dfb024d3

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        b4871fa86692480b7dfe4a3fbcca098de701de91

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        3901939f8ded545b5c0ccb60881e8246e13c16ea59972f2b9f214db4c1e7eae8

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        040efa7954e03c6f4c86c12b7051efe9c022b3dd8570f310f781700186bf11325073d91b2c457ca98ca6c2e390915a8bb4824c0f33a0e2847bc68bae51f4e26d

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Low\data.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        a1f69d886eb3ddc62dc4d138dfb024d3

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        b4871fa86692480b7dfe4a3fbcca098de701de91

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        3901939f8ded545b5c0ccb60881e8246e13c16ea59972f2b9f214db4c1e7eae8

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        040efa7954e03c6f4c86c12b7051efe9c022b3dd8570f310f781700186bf11325073d91b2c457ca98ca6c2e390915a8bb4824c0f33a0e2847bc68bae51f4e26d

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        bf2b75f741c189a07f4263b430ae4cb3

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        a818680737fb33b9b2eb9e715dfbabfd9e72e6a1

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        08ba9f852d639bad4341e31cb0eb0600c0eca97471b254c6eef78cf93cf829ed

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        23f6f228bcdb09c9ecdb51ed8a9e4a1bbb4543102b67e700daa8ae27a1751f16aa63b4857e795f4ceb126f7f37350bb5507580f830ac4526f96251b68f0ddc2c

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        bf2b75f741c189a07f4263b430ae4cb3

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        a818680737fb33b9b2eb9e715dfbabfd9e72e6a1

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        08ba9f852d639bad4341e31cb0eb0600c0eca97471b254c6eef78cf93cf829ed

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        23f6f228bcdb09c9ecdb51ed8a9e4a1bbb4543102b67e700daa8ae27a1751f16aa63b4857e795f4ceb126f7f37350bb5507580f830ac4526f96251b68f0ddc2c

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        bf2b75f741c189a07f4263b430ae4cb3

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        a818680737fb33b9b2eb9e715dfbabfd9e72e6a1

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        08ba9f852d639bad4341e31cb0eb0600c0eca97471b254c6eef78cf93cf829ed

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        23f6f228bcdb09c9ecdb51ed8a9e4a1bbb4543102b67e700daa8ae27a1751f16aa63b4857e795f4ceb126f7f37350bb5507580f830ac4526f96251b68f0ddc2c

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\update.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        a1f69d886eb3ddc62dc4d138dfb024d3

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        b4871fa86692480b7dfe4a3fbcca098de701de91

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        3901939f8ded545b5c0ccb60881e8246e13c16ea59972f2b9f214db4c1e7eae8

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        040efa7954e03c6f4c86c12b7051efe9c022b3dd8570f310f781700186bf11325073d91b2c457ca98ca6c2e390915a8bb4824c0f33a0e2847bc68bae51f4e26d

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\update.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        a1f69d886eb3ddc62dc4d138dfb024d3

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        b4871fa86692480b7dfe4a3fbcca098de701de91

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        3901939f8ded545b5c0ccb60881e8246e13c16ea59972f2b9f214db4c1e7eae8

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        040efa7954e03c6f4c86c12b7051efe9c022b3dd8570f310f781700186bf11325073d91b2c457ca98ca6c2e390915a8bb4824c0f33a0e2847bc68bae51f4e26d

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        bf2b75f741c189a07f4263b430ae4cb3

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        a818680737fb33b9b2eb9e715dfbabfd9e72e6a1

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        08ba9f852d639bad4341e31cb0eb0600c0eca97471b254c6eef78cf93cf829ed

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        23f6f228bcdb09c9ecdb51ed8a9e4a1bbb4543102b67e700daa8ae27a1751f16aa63b4857e795f4ceb126f7f37350bb5507580f830ac4526f96251b68f0ddc2c

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • C:\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        2c9f9974c87453e8a6a90dae0c6491fe

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        ecab2b304f81037e2f59df259920020adc32a2e4

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        944083cee25fa1fec0e90d4a779309f77044aa85e44ecca210b0781f27ffbe6a

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        dc98b89803da9899c04f549bfb9df604c89e5e92681cbeed49beb9955116f61ee626aae16eff309cc39b1fd136ff35a6fa9401755bda30d1afbe0ad065181a01

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • C:\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        2c9f9974c87453e8a6a90dae0c6491fe

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        ecab2b304f81037e2f59df259920020adc32a2e4

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        944083cee25fa1fec0e90d4a779309f77044aa85e44ecca210b0781f27ffbe6a

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        dc98b89803da9899c04f549bfb9df604c89e5e92681cbeed49beb9955116f61ee626aae16eff309cc39b1fd136ff35a6fa9401755bda30d1afbe0ad065181a01

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • \PerfLogs\Admin\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        df4cd08c43d1e27c678b9b7ae60b778d

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        f140fcc985f6bbfe71e7837f443a6584bae319f6

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        cd176cdc697a7ac8f01343410a5ea6b6e7d5a7379270672806c3a177149481c7

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        202014188d53bc65b08e2ad5a0a7b4b0407ef2e7d0897e43a1874f11e3b9a1093d7e13fa2dda382d63e3a2ed96e5f0c8cc6bb7fefc82b7c6fdd409a4621591b2

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • \PerfLogs\Admin\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        df4cd08c43d1e27c678b9b7ae60b778d

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        f140fcc985f6bbfe71e7837f443a6584bae319f6

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        cd176cdc697a7ac8f01343410a5ea6b6e7d5a7379270672806c3a177149481c7

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        202014188d53bc65b08e2ad5a0a7b4b0407ef2e7d0897e43a1874f11e3b9a1093d7e13fa2dda382d63e3a2ed96e5f0c8cc6bb7fefc82b7c6fdd409a4621591b2

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • \PerfLogs\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        e2090c9651b625e865c74cdc85680e1a

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        6cdf0dd185f51f4dacde09ec6b065fadd65ccf4e

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        203d261ecd36bed01ee88578b9f89b531458e11937185d77d205b6fdeca5e830

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        96f0106b6116dfc24673d9d0099218a8abe98093b247bafdb0c52eb8ba73002fb5e693e0d640d85973fd08944ec8ffc35faf13a16066a1927e603719c8f3bc9a

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • \PerfLogs\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        e2090c9651b625e865c74cdc85680e1a

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        6cdf0dd185f51f4dacde09ec6b065fadd65ccf4e

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        203d261ecd36bed01ee88578b9f89b531458e11937185d77d205b6fdeca5e830

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        96f0106b6116dfc24673d9d0099218a8abe98093b247bafdb0c52eb8ba73002fb5e693e0d640d85973fd08944ec8ffc35faf13a16066a1927e603719c8f3bc9a

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • \Program Files\7-Zip\Lang\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        8398b5417a87e594993c43c3bb553c67

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        259e8a8c5d865d049177a6fd4f80fa3ae6ff3896

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        72c987ed3378287b170617c63f6b09dabfbdfbe7bce61945afe51a481f519dc8

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        49c3e8eef3f03d1859f34b368ed5e7d8fbf114ee8fcf2566ec97f7ff81ee16932bbb4a97a2c131a1fc4d7a17fdb2ce6b0929731db93587c13ba378ccebda5f69

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • \Program Files\7-Zip\Lang\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        8398b5417a87e594993c43c3bb553c67

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        259e8a8c5d865d049177a6fd4f80fa3ae6ff3896

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        72c987ed3378287b170617c63f6b09dabfbdfbe7bce61945afe51a481f519dc8

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        49c3e8eef3f03d1859f34b368ed5e7d8fbf114ee8fcf2566ec97f7ff81ee16932bbb4a97a2c131a1fc4d7a17fdb2ce6b0929731db93587c13ba378ccebda5f69

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • \Program Files\7-Zip\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        df4cd08c43d1e27c678b9b7ae60b778d

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        f140fcc985f6bbfe71e7837f443a6584bae319f6

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        cd176cdc697a7ac8f01343410a5ea6b6e7d5a7379270672806c3a177149481c7

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        202014188d53bc65b08e2ad5a0a7b4b0407ef2e7d0897e43a1874f11e3b9a1093d7e13fa2dda382d63e3a2ed96e5f0c8cc6bb7fefc82b7c6fdd409a4621591b2

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • \Program Files\7-Zip\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        df4cd08c43d1e27c678b9b7ae60b778d

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        f140fcc985f6bbfe71e7837f443a6584bae319f6

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        cd176cdc697a7ac8f01343410a5ea6b6e7d5a7379270672806c3a177149481c7

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        202014188d53bc65b08e2ad5a0a7b4b0407ef2e7d0897e43a1874f11e3b9a1093d7e13fa2dda382d63e3a2ed96e5f0c8cc6bb7fefc82b7c6fdd409a4621591b2

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • \Program Files\Common Files\Microsoft Shared\Filters\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        07331e141dc68f7480904e75cada49bf

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        c71fcb71fb8db6336de1ed57705f9684aec9f007

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        ea457d39184d77273c26376859bd046b5684835bb60afc1d3e53a10dec3c5781

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        a225c1ea8d310dbda0e0132bd98da7007a7ab372668ddcc6f98a9fb91ff299bf6e699f01196c2694a43ff18daba803d1850e0f703156b10f74b1012f8b33085b

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • \Program Files\Common Files\Microsoft Shared\Filters\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        07331e141dc68f7480904e75cada49bf

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        c71fcb71fb8db6336de1ed57705f9684aec9f007

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        ea457d39184d77273c26376859bd046b5684835bb60afc1d3e53a10dec3c5781

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        a225c1ea8d310dbda0e0132bd98da7007a7ab372668ddcc6f98a9fb91ff299bf6e699f01196c2694a43ff18daba803d1850e0f703156b10f74b1012f8b33085b

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • \Program Files\Common Files\Microsoft Shared\Filters\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        07331e141dc68f7480904e75cada49bf

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        c71fcb71fb8db6336de1ed57705f9684aec9f007

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        ea457d39184d77273c26376859bd046b5684835bb60afc1d3e53a10dec3c5781

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        a225c1ea8d310dbda0e0132bd98da7007a7ab372668ddcc6f98a9fb91ff299bf6e699f01196c2694a43ff18daba803d1850e0f703156b10f74b1012f8b33085b

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • \Program Files\Common Files\Microsoft Shared\Filters\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        07331e141dc68f7480904e75cada49bf

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        c71fcb71fb8db6336de1ed57705f9684aec9f007

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        ea457d39184d77273c26376859bd046b5684835bb60afc1d3e53a10dec3c5781

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        a225c1ea8d310dbda0e0132bd98da7007a7ab372668ddcc6f98a9fb91ff299bf6e699f01196c2694a43ff18daba803d1850e0f703156b10f74b1012f8b33085b

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • \Program Files\Common Files\Microsoft Shared\Filters\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        07331e141dc68f7480904e75cada49bf

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        c71fcb71fb8db6336de1ed57705f9684aec9f007

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        ea457d39184d77273c26376859bd046b5684835bb60afc1d3e53a10dec3c5781

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        a225c1ea8d310dbda0e0132bd98da7007a7ab372668ddcc6f98a9fb91ff299bf6e699f01196c2694a43ff18daba803d1850e0f703156b10f74b1012f8b33085b

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • \Program Files\Common Files\Microsoft Shared\ink\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        07331e141dc68f7480904e75cada49bf

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        c71fcb71fb8db6336de1ed57705f9684aec9f007

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        ea457d39184d77273c26376859bd046b5684835bb60afc1d3e53a10dec3c5781

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        a225c1ea8d310dbda0e0132bd98da7007a7ab372668ddcc6f98a9fb91ff299bf6e699f01196c2694a43ff18daba803d1850e0f703156b10f74b1012f8b33085b

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • \Program Files\Common Files\Microsoft Shared\ink\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        07331e141dc68f7480904e75cada49bf

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        c71fcb71fb8db6336de1ed57705f9684aec9f007

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        ea457d39184d77273c26376859bd046b5684835bb60afc1d3e53a10dec3c5781

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        a225c1ea8d310dbda0e0132bd98da7007a7ab372668ddcc6f98a9fb91ff299bf6e699f01196c2694a43ff18daba803d1850e0f703156b10f74b1012f8b33085b

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • \Program Files\Common Files\Microsoft Shared\update.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        11b6a5d7bfcbe55a58be25140f1fc22d

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        2cb0f46669c76964bbf43b7121f01e9d7678f203

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        30afb97d13838891ac89ec410651d0ba92b9f76809b308a8fb5a4bb23acdeb51

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        da651e1d2b6f691a456c2fe2c560f92ab10bf1cb93aca5d703156ed504993bc148848fbcc81e1438383c6bba2b88e82344aeecacc72bcdfb49805ee62dc1cfb7

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • \Program Files\Common Files\Microsoft Shared\update.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        11b6a5d7bfcbe55a58be25140f1fc22d

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        2cb0f46669c76964bbf43b7121f01e9d7678f203

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        30afb97d13838891ac89ec410651d0ba92b9f76809b308a8fb5a4bb23acdeb51

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        da651e1d2b6f691a456c2fe2c560f92ab10bf1cb93aca5d703156ed504993bc148848fbcc81e1438383c6bba2b88e82344aeecacc72bcdfb49805ee62dc1cfb7

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • \Program Files\Common Files\Microsoft Shared\update.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        11b6a5d7bfcbe55a58be25140f1fc22d

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        2cb0f46669c76964bbf43b7121f01e9d7678f203

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        30afb97d13838891ac89ec410651d0ba92b9f76809b308a8fb5a4bb23acdeb51

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        da651e1d2b6f691a456c2fe2c560f92ab10bf1cb93aca5d703156ed504993bc148848fbcc81e1438383c6bba2b88e82344aeecacc72bcdfb49805ee62dc1cfb7

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • \Program Files\Common Files\Microsoft Shared\update.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        11b6a5d7bfcbe55a58be25140f1fc22d

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        2cb0f46669c76964bbf43b7121f01e9d7678f203

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        30afb97d13838891ac89ec410651d0ba92b9f76809b308a8fb5a4bb23acdeb51

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        da651e1d2b6f691a456c2fe2c560f92ab10bf1cb93aca5d703156ed504993bc148848fbcc81e1438383c6bba2b88e82344aeecacc72bcdfb49805ee62dc1cfb7

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • \Program Files\Common Files\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        097a282e51a021c3b082e933525cf0af

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        c24b99c82fd6e168c5783fe50e57da097ce1417c

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        ba366d9524a38f3824ee5666f9543386f110d36eab572c221e7593267808aa76

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        4b9c036236982ef9e96485e5763d9137a22c39203a8ce720d66871a3362bf342026bc9de981875bba2db5bfe85e153d5e03f445692d19d5a24664f5680c188d7

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • \Program Files\Common Files\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        097a282e51a021c3b082e933525cf0af

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        c24b99c82fd6e168c5783fe50e57da097ce1417c

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        ba366d9524a38f3824ee5666f9543386f110d36eab572c221e7593267808aa76

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        4b9c036236982ef9e96485e5763d9137a22c39203a8ce720d66871a3362bf342026bc9de981875bba2db5bfe85e153d5e03f445692d19d5a24664f5680c188d7

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • \Program Files\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        e2090c9651b625e865c74cdc85680e1a

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        6cdf0dd185f51f4dacde09ec6b065fadd65ccf4e

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        203d261ecd36bed01ee88578b9f89b531458e11937185d77d205b6fdeca5e830

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        96f0106b6116dfc24673d9d0099218a8abe98093b247bafdb0c52eb8ba73002fb5e693e0d640d85973fd08944ec8ffc35faf13a16066a1927e603719c8f3bc9a

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • \Program Files\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        e2090c9651b625e865c74cdc85680e1a

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        6cdf0dd185f51f4dacde09ec6b065fadd65ccf4e

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        203d261ecd36bed01ee88578b9f89b531458e11937185d77d205b6fdeca5e830

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        96f0106b6116dfc24673d9d0099218a8abe98093b247bafdb0c52eb8ba73002fb5e693e0d640d85973fd08944ec8ffc35faf13a16066a1927e603719c8f3bc9a

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • \Users\Admin\AppData\Local\Temp\3212388578\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        a1f69d886eb3ddc62dc4d138dfb024d3

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        b4871fa86692480b7dfe4a3fbcca098de701de91

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        3901939f8ded545b5c0ccb60881e8246e13c16ea59972f2b9f214db4c1e7eae8

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        040efa7954e03c6f4c86c12b7051efe9c022b3dd8570f310f781700186bf11325073d91b2c457ca98ca6c2e390915a8bb4824c0f33a0e2847bc68bae51f4e26d

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • \Users\Admin\AppData\Local\Temp\3212388578\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        a1f69d886eb3ddc62dc4d138dfb024d3

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        b4871fa86692480b7dfe4a3fbcca098de701de91

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        3901939f8ded545b5c0ccb60881e8246e13c16ea59972f2b9f214db4c1e7eae8

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        040efa7954e03c6f4c86c12b7051efe9c022b3dd8570f310f781700186bf11325073d91b2c457ca98ca6c2e390915a8bb4824c0f33a0e2847bc68bae51f4e26d

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • \Users\Admin\AppData\Local\Temp\Low\data.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        a1f69d886eb3ddc62dc4d138dfb024d3

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        b4871fa86692480b7dfe4a3fbcca098de701de91

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        3901939f8ded545b5c0ccb60881e8246e13c16ea59972f2b9f214db4c1e7eae8

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        040efa7954e03c6f4c86c12b7051efe9c022b3dd8570f310f781700186bf11325073d91b2c457ca98ca6c2e390915a8bb4824c0f33a0e2847bc68bae51f4e26d

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • \Users\Admin\AppData\Local\Temp\Low\data.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        a1f69d886eb3ddc62dc4d138dfb024d3

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        b4871fa86692480b7dfe4a3fbcca098de701de91

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        3901939f8ded545b5c0ccb60881e8246e13c16ea59972f2b9f214db4c1e7eae8

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        040efa7954e03c6f4c86c12b7051efe9c022b3dd8570f310f781700186bf11325073d91b2c457ca98ca6c2e390915a8bb4824c0f33a0e2847bc68bae51f4e26d

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • \Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        bf2b75f741c189a07f4263b430ae4cb3

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        a818680737fb33b9b2eb9e715dfbabfd9e72e6a1

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        08ba9f852d639bad4341e31cb0eb0600c0eca97471b254c6eef78cf93cf829ed

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        23f6f228bcdb09c9ecdb51ed8a9e4a1bbb4543102b67e700daa8ae27a1751f16aa63b4857e795f4ceb126f7f37350bb5507580f830ac4526f96251b68f0ddc2c

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • \Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        bf2b75f741c189a07f4263b430ae4cb3

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        a818680737fb33b9b2eb9e715dfbabfd9e72e6a1

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        08ba9f852d639bad4341e31cb0eb0600c0eca97471b254c6eef78cf93cf829ed

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        23f6f228bcdb09c9ecdb51ed8a9e4a1bbb4543102b67e700daa8ae27a1751f16aa63b4857e795f4ceb126f7f37350bb5507580f830ac4526f96251b68f0ddc2c

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • \Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        bf2b75f741c189a07f4263b430ae4cb3

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        a818680737fb33b9b2eb9e715dfbabfd9e72e6a1

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        08ba9f852d639bad4341e31cb0eb0600c0eca97471b254c6eef78cf93cf829ed

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        23f6f228bcdb09c9ecdb51ed8a9e4a1bbb4543102b67e700daa8ae27a1751f16aa63b4857e795f4ceb126f7f37350bb5507580f830ac4526f96251b68f0ddc2c

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • \Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        bf2b75f741c189a07f4263b430ae4cb3

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        a818680737fb33b9b2eb9e715dfbabfd9e72e6a1

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        08ba9f852d639bad4341e31cb0eb0600c0eca97471b254c6eef78cf93cf829ed

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        23f6f228bcdb09c9ecdb51ed8a9e4a1bbb4543102b67e700daa8ae27a1751f16aa63b4857e795f4ceb126f7f37350bb5507580f830ac4526f96251b68f0ddc2c

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • \Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        bf2b75f741c189a07f4263b430ae4cb3

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        a818680737fb33b9b2eb9e715dfbabfd9e72e6a1

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        08ba9f852d639bad4341e31cb0eb0600c0eca97471b254c6eef78cf93cf829ed

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        23f6f228bcdb09c9ecdb51ed8a9e4a1bbb4543102b67e700daa8ae27a1751f16aa63b4857e795f4ceb126f7f37350bb5507580f830ac4526f96251b68f0ddc2c

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • \Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        bf2b75f741c189a07f4263b430ae4cb3

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        a818680737fb33b9b2eb9e715dfbabfd9e72e6a1

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        08ba9f852d639bad4341e31cb0eb0600c0eca97471b254c6eef78cf93cf829ed

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        23f6f228bcdb09c9ecdb51ed8a9e4a1bbb4543102b67e700daa8ae27a1751f16aa63b4857e795f4ceb126f7f37350bb5507580f830ac4526f96251b68f0ddc2c

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • \Users\Admin\AppData\Local\Temp\hsperfdata_Admin\update.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        a1f69d886eb3ddc62dc4d138dfb024d3

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        b4871fa86692480b7dfe4a3fbcca098de701de91

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        3901939f8ded545b5c0ccb60881e8246e13c16ea59972f2b9f214db4c1e7eae8

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        040efa7954e03c6f4c86c12b7051efe9c022b3dd8570f310f781700186bf11325073d91b2c457ca98ca6c2e390915a8bb4824c0f33a0e2847bc68bae51f4e26d

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • \Users\Admin\AppData\Local\Temp\hsperfdata_Admin\update.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        a1f69d886eb3ddc62dc4d138dfb024d3

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        b4871fa86692480b7dfe4a3fbcca098de701de91

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        3901939f8ded545b5c0ccb60881e8246e13c16ea59972f2b9f214db4c1e7eae8

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        040efa7954e03c6f4c86c12b7051efe9c022b3dd8570f310f781700186bf11325073d91b2c457ca98ca6c2e390915a8bb4824c0f33a0e2847bc68bae51f4e26d

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • \Users\Admin\AppData\Local\Temp\hsperfdata_Admin\update.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        a1f69d886eb3ddc62dc4d138dfb024d3

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        b4871fa86692480b7dfe4a3fbcca098de701de91

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        3901939f8ded545b5c0ccb60881e8246e13c16ea59972f2b9f214db4c1e7eae8

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        040efa7954e03c6f4c86c12b7051efe9c022b3dd8570f310f781700186bf11325073d91b2c457ca98ca6c2e390915a8bb4824c0f33a0e2847bc68bae51f4e26d

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • \Users\Admin\AppData\Local\Temp\hsperfdata_Admin\update.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        a1f69d886eb3ddc62dc4d138dfb024d3

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        b4871fa86692480b7dfe4a3fbcca098de701de91

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        3901939f8ded545b5c0ccb60881e8246e13c16ea59972f2b9f214db4c1e7eae8

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        040efa7954e03c6f4c86c12b7051efe9c022b3dd8570f310f781700186bf11325073d91b2c457ca98ca6c2e390915a8bb4824c0f33a0e2847bc68bae51f4e26d

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • \Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        bf2b75f741c189a07f4263b430ae4cb3

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        a818680737fb33b9b2eb9e715dfbabfd9e72e6a1

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        08ba9f852d639bad4341e31cb0eb0600c0eca97471b254c6eef78cf93cf829ed

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        23f6f228bcdb09c9ecdb51ed8a9e4a1bbb4543102b67e700daa8ae27a1751f16aa63b4857e795f4ceb126f7f37350bb5507580f830ac4526f96251b68f0ddc2c

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • \Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        bf2b75f741c189a07f4263b430ae4cb3

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        a818680737fb33b9b2eb9e715dfbabfd9e72e6a1

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        08ba9f852d639bad4341e31cb0eb0600c0eca97471b254c6eef78cf93cf829ed

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        23f6f228bcdb09c9ecdb51ed8a9e4a1bbb4543102b67e700daa8ae27a1751f16aa63b4857e795f4ceb126f7f37350bb5507580f830ac4526f96251b68f0ddc2c

                                                                                                                                                                                        Download Submit
                                                                                                                                                                                      • memory/268-237-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/272-209-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/484-329-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/576-317-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/632-342-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/640-309-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/676-131-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/676-325-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/696-136-0x0000000074631000-0x0000000074633000-memory.dmp
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        8KB

                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/700-185-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/752-321-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/896-193-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/904-88-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/908-261-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/924-86-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/940-151-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/948-281-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/968-354-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/972-181-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/992-333-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1016-334-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1116-145-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1132-213-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1172-273-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1176-241-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1180-101-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1216-301-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1288-245-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1336-80-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1340-313-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1364-197-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1376-305-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1376-114-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1384-346-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1384-257-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1396-173-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1424-350-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1496-277-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1516-74-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1544-66-0x00000000764D1000-0x00000000764D3000-memory.dmp
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        8KB

                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1544-63-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1552-338-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1616-189-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1620-201-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1632-289-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1652-358-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1660-297-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1688-293-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1716-217-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1716-112-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1720-205-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1724-269-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1736-98-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1740-265-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1748-177-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1752-225-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1756-253-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1792-229-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1820-233-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1888-58-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1900-285-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1904-124-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1932-139-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1968-162-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1980-249-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download
                                                                                                                                                                                      • memory/1996-221-0x0000000000000000-mapping.dmp
                                                                                                                                                                                        Download