Analysis
-
max time kernel
34s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
23-11-2022 17:17
General
-
Target
1e4eaaf66040a28759780cd4390d685affc5e667b57629c7f5b0586b373ba9d9.exe
-
Size
72KB
-
MD5
051a5f15f69aa428389cfb2f2c60ba65
-
SHA1
27ba3430ebfc28bd8701ded32c4bd0f6cf203088
-
SHA256
1e4eaaf66040a28759780cd4390d685affc5e667b57629c7f5b0586b373ba9d9
-
SHA512
25283b56374e32cd512929f386d79bc0c621aadad8cb53dee64c26ccca1c2e8402dbea5c922f7bc5b4cc0f2a3860c186939f35a527f43ac68b629ec0c68a2123
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2a:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrG
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1e4eaaf66040a28759780cd4390d685affc5e667b57629c7f5b0586b373ba9d9.exe"C:\Users\Admin\AppData\Local\Temp\1e4eaaf66040a28759780cd4390d685affc5e667b57629c7f5b0586b373ba9d9.exe"1⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\393482149\backup.exeC:\Users\Admin\AppData\Local\Temp\393482149\backup.exe C:\Users\Admin\AppData\Local\Temp\393482149\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\backup.exe\backup.exe \3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\System Restore.exe"C:\PerfLogs\System Restore.exe" C:\PerfLogs\4⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\PerfLogs\Admin\backup.exeC:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\backup.exe"C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\8⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\8⤵
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\7⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\8⤵
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VC\7⤵
-
C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VGX\7⤵
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\7⤵
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Executes dropped EXE
-
C:\Program Files\Common Files\SpeechEngines\backup.exe"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe"C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\7⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\System Restore.exe"C:\Program Files\Common Files\System\System Restore.exe" C:\Program Files\Common Files\System\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
- System policy modification
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\7⤵
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
-
C:\Program Files\Common Files\System\msadc\backup.exe"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\7⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\System\msadc\de-DE\data.exe"C:\Program Files\Common Files\System\msadc\de-DE\data.exe" C:\Program Files\Common Files\System\msadc\de-DE\8⤵
-
C:\Program Files\Common Files\System\msadc\en-US\backup.exe"C:\Program Files\Common Files\System\msadc\en-US\backup.exe" C:\Program Files\Common Files\System\msadc\en-US\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\System\msadc\es-ES\backup.exe"C:\Program Files\Common Files\System\msadc\es-ES\backup.exe" C:\Program Files\Common Files\System\msadc\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\System\msadc\fr-FR\data.exe"C:\Program Files\Common Files\System\msadc\fr-FR\data.exe" C:\Program Files\Common Files\System\msadc\fr-FR\8⤵
-
C:\Program Files\Common Files\System\msadc\it-IT\backup.exe"C:\Program Files\Common Files\System\msadc\it-IT\backup.exe" C:\Program Files\Common Files\System\msadc\it-IT\8⤵
-
C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe"C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe" C:\Program Files\Common Files\System\msadc\ja-JP\8⤵
-
C:\Program Files\Common Files\System\Ole DB\backup.exe"C:\Program Files\Common Files\System\Ole DB\backup.exe" C:\Program Files\Common Files\System\Ole DB\7⤵
-
C:\Program Files\DVD Maker\backup.exe"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\5⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\DVD Maker\de-DE\backup.exe"C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\6⤵
-
C:\Program Files\DVD Maker\en-US\System Restore.exe"C:\Program Files\DVD Maker\en-US\System Restore.exe" C:\Program Files\DVD Maker\en-US\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\DVD Maker\es-ES\backup.exe"C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\DVD Maker\fr-FR\backup.exe"C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\DVD Maker\it-IT\backup.exe"C:\Program Files\DVD Maker\it-IT\backup.exe" C:\Program Files\DVD Maker\it-IT\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\DVD Maker\ja-JP\backup.exe"C:\Program Files\DVD Maker\ja-JP\backup.exe" C:\Program Files\DVD Maker\ja-JP\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\DVD Maker\Shared\backup.exe"C:\Program Files\DVD Maker\Shared\backup.exe" C:\Program Files\DVD Maker\Shared\6⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\7⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Full\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\data.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\data.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Push\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Push\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Push\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\8⤵
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\7⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\8⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\9⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\9⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\9⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\9⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\9⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\9⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\9⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\9⤵
-
C:\Program Files\Google\Chrome\Application\Dictionaries\backup.exe"C:\Program Files\Google\Chrome\Application\Dictionaries\backup.exe" C:\Program Files\Google\Chrome\Application\Dictionaries\8⤵
-
C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe"C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\8⤵
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
-
C:\Program Files\Java\jdk1.7.0_80\backup.exe"C:\Program Files\Java\jdk1.7.0_80\backup.exe" C:\Program Files\Java\jdk1.7.0_80\6⤵
-
C:\Program Files\Microsoft Games\backup.exe"C:\Program Files\Microsoft Games\backup.exe" C:\Program Files\Microsoft Games\5⤵
-
C:\Program Files\Microsoft Office\backup.exe"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\5⤵
-
C:\Program Files\Microsoft Office\Office14\backup.exe"C:\Program Files\Microsoft Office\Office14\backup.exe" C:\Program Files\Microsoft Office\Office14\6⤵
-
C:\Program Files\Mozilla Firefox\backup.exe"C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\5⤵
-
C:\Program Files\MSBuild\backup.exe"C:\Program Files\MSBuild\backup.exe" C:\Program Files\MSBuild\5⤵
-
C:\Program Files\Reference Assemblies\backup.exe"C:\Program Files\Reference Assemblies\backup.exe" C:\Program Files\Reference Assemblies\5⤵
-
C:\Program Files\VideoLAN\backup.exe"C:\Program Files\VideoLAN\backup.exe" C:\Program Files\VideoLAN\5⤵
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\8⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\data.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\data.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\9⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\8⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\9⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\10⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\9⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\10⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\11⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\9⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\10⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\9⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\10⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\8⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\9⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\9⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\9⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\data.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\data.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\8⤵
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
-
C:\Program Files (x86)\Common Files\Adobe\System Restore.exe"C:\Program Files (x86)\Common Files\Adobe\System Restore.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
-
C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\7⤵
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\8⤵
-
C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Updater6\7⤵
-
C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\6⤵
-
C:\Program Files (x86)\Common Files\DESIGNER\update.exe"C:\Program Files (x86)\Common Files\DESIGNER\update.exe" C:\Program Files (x86)\Common Files\DESIGNER\6⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\6⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\DAO\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\DAO\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\DAO\7⤵
-
C:\Program Files (x86)\Common Files\Services\data.exe"C:\Program Files (x86)\Common Files\Services\data.exe" C:\Program Files (x86)\Common Files\Services\6⤵
-
C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe"C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe" C:\Program Files (x86)\Common Files\SpeechEngines\6⤵
-
C:\Program Files (x86)\Common Files\System\data.exe"C:\Program Files (x86)\Common Files\System\data.exe" C:\Program Files (x86)\Common Files\System\6⤵
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
-
C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe"C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe" C:\Program Files (x86)\Internet Explorer\de-DE\6⤵
-
C:\Program Files (x86)\Internet Explorer\en-US\backup.exe"C:\Program Files (x86)\Internet Explorer\en-US\backup.exe" C:\Program Files (x86)\Internet Explorer\en-US\6⤵
-
C:\Program Files (x86)\Microsoft Analysis Services\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\5⤵
-
C:\Program Files (x86)\Microsoft Office\backup.exe"C:\Program Files (x86)\Microsoft Office\backup.exe" C:\Program Files (x86)\Microsoft Office\5⤵
-
C:\Program Files (x86)\Microsoft Office\CLIPART\backup.exe"C:\Program Files (x86)\Microsoft Office\CLIPART\backup.exe" C:\Program Files (x86)\Microsoft Office\CLIPART\6⤵
-
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe"C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe" C:\Program Files (x86)\Microsoft SQL Server Compact Edition\5⤵
-
C:\Program Files (x86)\Microsoft Sync Framework\backup.exe"C:\Program Files (x86)\Microsoft Sync Framework\backup.exe" C:\Program Files (x86)\Microsoft Sync Framework\5⤵
-
C:\Program Files (x86)\Microsoft Synchronization Services\backup.exe"C:\Program Files (x86)\Microsoft Synchronization Services\backup.exe" C:\Program Files (x86)\Microsoft Synchronization Services\5⤵
-
C:\Users\data.exeC:\Users\data.exe C:\Users\4⤵
- Disables RegEdit via registry modification
-
C:\Users\Admin\data.exeC:\Users\Admin\data.exe C:\Users\Admin\5⤵
- Drops file in Program Files directory
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\6⤵
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
-
C:\Users\Admin\Documents\update.exeC:\Users\Admin\Documents\update.exe C:\Users\Admin\Documents\6⤵
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
-
C:\Users\Admin\Favorites\backup.exeC:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\6⤵
-
C:\Users\Admin\Links\update.exeC:\Users\Admin\Links\update.exe C:\Users\Admin\Links\6⤵
-
C:\Users\Admin\Music\backup.exeC:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\6⤵
-
C:\Users\Admin\Pictures\backup.exeC:\Users\Admin\Pictures\backup.exe C:\Users\Admin\Pictures\6⤵
-
C:\Users\Admin\Saved Games\System Restore.exe"C:\Users\Admin\Saved Games\System Restore.exe" C:\Users\Admin\Saved Games\6⤵
-
C:\Users\Admin\Searches\backup.exeC:\Users\Admin\Searches\backup.exe C:\Users\Admin\Searches\6⤵
-
C:\Users\Admin\Videos\backup.exeC:\Users\Admin\Videos\backup.exe C:\Users\Admin\Videos\6⤵
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeC:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\PerfLogs\Admin\backup.exeFilesize
72KB
MD5ce6683d78b3017e2fd5b04d6ec60e126
SHA117e49c7902f576d18d26c305dabdbb49a2cc8df6
SHA2564829232594c2cba7277a157395b97103747f66b17c82ca973013b0294ade2cc6
SHA512b2caa1714debe6738dcaf513ea4b4cf6a134feaf19da70610f01fdc2af61037cd56258768db837b95b12ce60a8884cbea0aece4647e707c150c3de2c851982e3
-
C:\PerfLogs\System Restore.exeFilesize
72KB
MD5eb9da3dd85d6440e26591a9db47858e7
SHA163c48af454b3822268a66a0fa8dd79709b9f4f56
SHA25659155bd3e12d6b6a74fcbfa29afcaa56a526550041a377aa549e35282d25c7dd
SHA5128eee222bb01928c828616bbb9db6ac8af7faf5583eba86b7b24b8f4e7ab148588a3b888df3d051500a513282dfca9ff5aa15c1486053cf098dc31cc9e5dbd513
-
C:\PerfLogs\System Restore.exeFilesize
72KB
MD5eb9da3dd85d6440e26591a9db47858e7
SHA163c48af454b3822268a66a0fa8dd79709b9f4f56
SHA25659155bd3e12d6b6a74fcbfa29afcaa56a526550041a377aa549e35282d25c7dd
SHA5128eee222bb01928c828616bbb9db6ac8af7faf5583eba86b7b24b8f4e7ab148588a3b888df3d051500a513282dfca9ff5aa15c1486053cf098dc31cc9e5dbd513
-
C:\Program Files\7-Zip\Lang\backup.exeFilesize
72KB
MD5b84edd63f292960c6db92bcbb84f8ca3
SHA1d8596aa9fb00f39081e1e11aa1e43bd8c236a43a
SHA2562458ada4e7c7f52583646e59969a5c2b8278fca7260b51e42646780b9692192f
SHA5128c67f3839c3f00636c7612acb31b0d17f76827e550cde325834184dad079fd1a06036aa183f6c228ad6af167a375a74d29dec6eb808f93db19368951f4490047
-
C:\Program Files\7-Zip\backup.exeFilesize
72KB
MD5bb67aaca8a6e5d63f858eabcc2aa6d83
SHA1647460e00f3a32a5f5c317cbe8c43294e75a73e7
SHA25649b8c6e31270a221db0336240cc1e0f69f2f1caf5d9b3517a0eec73536735873
SHA512fce8c5e6512a8573824fa8ec108a1cab460028883589d6a7961359212f355866a7311d14880e233912d25b82ce51ccce5bb4f1f4df1031db950d3e2d63b09464
-
C:\Program Files\7-Zip\backup.exeFilesize
72KB
MD5bb67aaca8a6e5d63f858eabcc2aa6d83
SHA1647460e00f3a32a5f5c317cbe8c43294e75a73e7
SHA25649b8c6e31270a221db0336240cc1e0f69f2f1caf5d9b3517a0eec73536735873
SHA512fce8c5e6512a8573824fa8ec108a1cab460028883589d6a7961359212f355866a7311d14880e233912d25b82ce51ccce5bb4f1f4df1031db950d3e2d63b09464
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exeFilesize
72KB
MD58e90d9ec7304f9c3bc36249dc5ce1f61
SHA1232f0068c63e08abb3bfa99275b79c9db7e8756e
SHA256e0f208b2a1cfd6dd3e78c81873acc9571399e9628d8dc07eac1b6b8aa3c0851a
SHA512817247ab39e180478c1bdb58b454ed0d728bd2e31bf975060a1ab5fb6eaa656f522c5ac1164572ae3e50594f50af26c6842d515d1e91b30123b0f30045cd5983
-
C:\Program Files\Common Files\Microsoft Shared\backup.exeFilesize
72KB
MD5b84edd63f292960c6db92bcbb84f8ca3
SHA1d8596aa9fb00f39081e1e11aa1e43bd8c236a43a
SHA2562458ada4e7c7f52583646e59969a5c2b8278fca7260b51e42646780b9692192f
SHA5128c67f3839c3f00636c7612acb31b0d17f76827e550cde325834184dad079fd1a06036aa183f6c228ad6af167a375a74d29dec6eb808f93db19368951f4490047
-
C:\Program Files\Common Files\Microsoft Shared\backup.exeFilesize
72KB
MD5b84edd63f292960c6db92bcbb84f8ca3
SHA1d8596aa9fb00f39081e1e11aa1e43bd8c236a43a
SHA2562458ada4e7c7f52583646e59969a5c2b8278fca7260b51e42646780b9692192f
SHA5128c67f3839c3f00636c7612acb31b0d17f76827e550cde325834184dad079fd1a06036aa183f6c228ad6af167a375a74d29dec6eb808f93db19368951f4490047
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exeFilesize
72KB
MD525ab22aa98dcc0c4c997fa61788a9a77
SHA16cfb5d381b3d6d5c51e610682eec027e1eb55638
SHA2563009aeca6f58e69de2eb3595f696b91081a90be9ff77de6c8ffec0e1c911327c
SHA512cc2ca8b1ae82566e48b079233e89731315ceac1f89b2db96be253a6beb0d170d44f98aa40ff2f36af513ea0b80079cc4d7d8a195bf81e9b148aa9d26be4c51b9
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exeFilesize
72KB
MD58e90d9ec7304f9c3bc36249dc5ce1f61
SHA1232f0068c63e08abb3bfa99275b79c9db7e8756e
SHA256e0f208b2a1cfd6dd3e78c81873acc9571399e9628d8dc07eac1b6b8aa3c0851a
SHA512817247ab39e180478c1bdb58b454ed0d728bd2e31bf975060a1ab5fb6eaa656f522c5ac1164572ae3e50594f50af26c6842d515d1e91b30123b0f30045cd5983
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exeFilesize
72KB
MD58e90d9ec7304f9c3bc36249dc5ce1f61
SHA1232f0068c63e08abb3bfa99275b79c9db7e8756e
SHA256e0f208b2a1cfd6dd3e78c81873acc9571399e9628d8dc07eac1b6b8aa3c0851a
SHA512817247ab39e180478c1bdb58b454ed0d728bd2e31bf975060a1ab5fb6eaa656f522c5ac1164572ae3e50594f50af26c6842d515d1e91b30123b0f30045cd5983
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exeFilesize
72KB
MD525ab22aa98dcc0c4c997fa61788a9a77
SHA16cfb5d381b3d6d5c51e610682eec027e1eb55638
SHA2563009aeca6f58e69de2eb3595f696b91081a90be9ff77de6c8ffec0e1c911327c
SHA512cc2ca8b1ae82566e48b079233e89731315ceac1f89b2db96be253a6beb0d170d44f98aa40ff2f36af513ea0b80079cc4d7d8a195bf81e9b148aa9d26be4c51b9
-
C:\Program Files\Common Files\backup.exeFilesize
72KB
MD5bb67aaca8a6e5d63f858eabcc2aa6d83
SHA1647460e00f3a32a5f5c317cbe8c43294e75a73e7
SHA25649b8c6e31270a221db0336240cc1e0f69f2f1caf5d9b3517a0eec73536735873
SHA512fce8c5e6512a8573824fa8ec108a1cab460028883589d6a7961359212f355866a7311d14880e233912d25b82ce51ccce5bb4f1f4df1031db950d3e2d63b09464
-
C:\Program Files\Common Files\backup.exeFilesize
72KB
MD5bb67aaca8a6e5d63f858eabcc2aa6d83
SHA1647460e00f3a32a5f5c317cbe8c43294e75a73e7
SHA25649b8c6e31270a221db0336240cc1e0f69f2f1caf5d9b3517a0eec73536735873
SHA512fce8c5e6512a8573824fa8ec108a1cab460028883589d6a7961359212f355866a7311d14880e233912d25b82ce51ccce5bb4f1f4df1031db950d3e2d63b09464
-
C:\Program Files\backup.exeFilesize
72KB
MD5d1c51f18f87d07d4a7bbc44a4bbaf0d9
SHA1bc7b3433f0a7b9607d40c0f3fc61ca105b9280cd
SHA256e1f8c41d2f91205839ce33a0e35e5255df3f578bb4090601ee38f9da238d1e8e
SHA51253ec3ece0c1ea0c87e1b9618d3e41ff111e2747eef949ba13aeb1f552332cd30766f77bd38e56086927999507ce2a740b1721bdb817e32a234a948c03731c594
-
C:\Program Files\backup.exeFilesize
72KB
MD5d1c51f18f87d07d4a7bbc44a4bbaf0d9
SHA1bc7b3433f0a7b9607d40c0f3fc61ca105b9280cd
SHA256e1f8c41d2f91205839ce33a0e35e5255df3f578bb4090601ee38f9da238d1e8e
SHA51253ec3ece0c1ea0c87e1b9618d3e41ff111e2747eef949ba13aeb1f552332cd30766f77bd38e56086927999507ce2a740b1721bdb817e32a234a948c03731c594
-
C:\Users\Admin\AppData\Local\Temp\393482149\backup.exeFilesize
72KB
MD5b6be0108a7b45669487250532cc84a3f
SHA182a48b8fa4d04b58fb6741b22108762bff551613
SHA2568eab4d55506bb78776cc88ca96bf2f5d5dccc14dc230411b68727688489224d8
SHA512c392abbc0f55d194aa05dadc93161866271d8502d4fe1734cb1b1eff350946ec92d25a95adb98ccfea38e514ae9bef7a2b0e8ea5aa2f1823575488eabe8ce884
-
C:\Users\Admin\AppData\Local\Temp\393482149\backup.exeFilesize
72KB
MD5b6be0108a7b45669487250532cc84a3f
SHA182a48b8fa4d04b58fb6741b22108762bff551613
SHA2568eab4d55506bb78776cc88ca96bf2f5d5dccc14dc230411b68727688489224d8
SHA512c392abbc0f55d194aa05dadc93161866271d8502d4fe1734cb1b1eff350946ec92d25a95adb98ccfea38e514ae9bef7a2b0e8ea5aa2f1823575488eabe8ce884
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeFilesize
72KB
MD5efc2225d2e2ca560fa7921b1ea1d87fe
SHA1874595a04fa9fcf30ab06656097dfe8640d3a6d7
SHA2567c0e9bc51b7b000f96f54f66b4787e654f4807dc5251abd119438b44d57c4480
SHA512cdce2746ddf52d7bbdfc9e199b1084a70dd37cb8fd9d774fa61593d2a0deaa5c5dbe03ee480df94d64a5c9e8444460788d5aa8ae69acec2151ba18db1c74e616
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exeFilesize
72KB
MD5efc2225d2e2ca560fa7921b1ea1d87fe
SHA1874595a04fa9fcf30ab06656097dfe8640d3a6d7
SHA2567c0e9bc51b7b000f96f54f66b4787e654f4807dc5251abd119438b44d57c4480
SHA512cdce2746ddf52d7bbdfc9e199b1084a70dd37cb8fd9d774fa61593d2a0deaa5c5dbe03ee480df94d64a5c9e8444460788d5aa8ae69acec2151ba18db1c74e616
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exeFilesize
72KB
MD5efc2225d2e2ca560fa7921b1ea1d87fe
SHA1874595a04fa9fcf30ab06656097dfe8640d3a6d7
SHA2567c0e9bc51b7b000f96f54f66b4787e654f4807dc5251abd119438b44d57c4480
SHA512cdce2746ddf52d7bbdfc9e199b1084a70dd37cb8fd9d774fa61593d2a0deaa5c5dbe03ee480df94d64a5c9e8444460788d5aa8ae69acec2151ba18db1c74e616
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeFilesize
72KB
MD5efc2225d2e2ca560fa7921b1ea1d87fe
SHA1874595a04fa9fcf30ab06656097dfe8640d3a6d7
SHA2567c0e9bc51b7b000f96f54f66b4787e654f4807dc5251abd119438b44d57c4480
SHA512cdce2746ddf52d7bbdfc9e199b1084a70dd37cb8fd9d774fa61593d2a0deaa5c5dbe03ee480df94d64a5c9e8444460788d5aa8ae69acec2151ba18db1c74e616
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeFilesize
72KB
MD5b6be0108a7b45669487250532cc84a3f
SHA182a48b8fa4d04b58fb6741b22108762bff551613
SHA2568eab4d55506bb78776cc88ca96bf2f5d5dccc14dc230411b68727688489224d8
SHA512c392abbc0f55d194aa05dadc93161866271d8502d4fe1734cb1b1eff350946ec92d25a95adb98ccfea38e514ae9bef7a2b0e8ea5aa2f1823575488eabe8ce884
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeFilesize
72KB
MD5efc2225d2e2ca560fa7921b1ea1d87fe
SHA1874595a04fa9fcf30ab06656097dfe8640d3a6d7
SHA2567c0e9bc51b7b000f96f54f66b4787e654f4807dc5251abd119438b44d57c4480
SHA512cdce2746ddf52d7bbdfc9e199b1084a70dd37cb8fd9d774fa61593d2a0deaa5c5dbe03ee480df94d64a5c9e8444460788d5aa8ae69acec2151ba18db1c74e616
-
C:\backup.exeFilesize
72KB
MD59802e3ce93297f375ae9bb21a988ae58
SHA1bf593f7adcdc6eaec3697bb19e2f07916067f019
SHA256e772fcac87f5ffa7af4057762bfc5b66c0757ac0b74337030109b85d15ed0973
SHA512b661b4b61b813a71f270f0b10bcbfedfad4336b610488b2637db3fd72fcf6bf23d9d53f57b29ba5e5647c0d9a99e5c4b04ed9b928db860a0fc4a2163fd67380f
-
C:\backup.exeFilesize
72KB
MD59802e3ce93297f375ae9bb21a988ae58
SHA1bf593f7adcdc6eaec3697bb19e2f07916067f019
SHA256e772fcac87f5ffa7af4057762bfc5b66c0757ac0b74337030109b85d15ed0973
SHA512b661b4b61b813a71f270f0b10bcbfedfad4336b610488b2637db3fd72fcf6bf23d9d53f57b29ba5e5647c0d9a99e5c4b04ed9b928db860a0fc4a2163fd67380f
-
\PerfLogs\Admin\backup.exeFilesize
72KB
MD5ce6683d78b3017e2fd5b04d6ec60e126
SHA117e49c7902f576d18d26c305dabdbb49a2cc8df6
SHA2564829232594c2cba7277a157395b97103747f66b17c82ca973013b0294ade2cc6
SHA512b2caa1714debe6738dcaf513ea4b4cf6a134feaf19da70610f01fdc2af61037cd56258768db837b95b12ce60a8884cbea0aece4647e707c150c3de2c851982e3
-
\PerfLogs\Admin\backup.exeFilesize
72KB
MD5ce6683d78b3017e2fd5b04d6ec60e126
SHA117e49c7902f576d18d26c305dabdbb49a2cc8df6
SHA2564829232594c2cba7277a157395b97103747f66b17c82ca973013b0294ade2cc6
SHA512b2caa1714debe6738dcaf513ea4b4cf6a134feaf19da70610f01fdc2af61037cd56258768db837b95b12ce60a8884cbea0aece4647e707c150c3de2c851982e3
-
\PerfLogs\System Restore.exeFilesize
72KB
MD5eb9da3dd85d6440e26591a9db47858e7
SHA163c48af454b3822268a66a0fa8dd79709b9f4f56
SHA25659155bd3e12d6b6a74fcbfa29afcaa56a526550041a377aa549e35282d25c7dd
SHA5128eee222bb01928c828616bbb9db6ac8af7faf5583eba86b7b24b8f4e7ab148588a3b888df3d051500a513282dfca9ff5aa15c1486053cf098dc31cc9e5dbd513
-
\PerfLogs\System Restore.exeFilesize
72KB
MD5eb9da3dd85d6440e26591a9db47858e7
SHA163c48af454b3822268a66a0fa8dd79709b9f4f56
SHA25659155bd3e12d6b6a74fcbfa29afcaa56a526550041a377aa549e35282d25c7dd
SHA5128eee222bb01928c828616bbb9db6ac8af7faf5583eba86b7b24b8f4e7ab148588a3b888df3d051500a513282dfca9ff5aa15c1486053cf098dc31cc9e5dbd513
-
\Program Files\7-Zip\Lang\backup.exeFilesize
72KB
MD5b84edd63f292960c6db92bcbb84f8ca3
SHA1d8596aa9fb00f39081e1e11aa1e43bd8c236a43a
SHA2562458ada4e7c7f52583646e59969a5c2b8278fca7260b51e42646780b9692192f
SHA5128c67f3839c3f00636c7612acb31b0d17f76827e550cde325834184dad079fd1a06036aa183f6c228ad6af167a375a74d29dec6eb808f93db19368951f4490047
-
\Program Files\7-Zip\Lang\backup.exeFilesize
72KB
MD5b84edd63f292960c6db92bcbb84f8ca3
SHA1d8596aa9fb00f39081e1e11aa1e43bd8c236a43a
SHA2562458ada4e7c7f52583646e59969a5c2b8278fca7260b51e42646780b9692192f
SHA5128c67f3839c3f00636c7612acb31b0d17f76827e550cde325834184dad079fd1a06036aa183f6c228ad6af167a375a74d29dec6eb808f93db19368951f4490047
-
\Program Files\7-Zip\backup.exeFilesize
72KB
MD5bb67aaca8a6e5d63f858eabcc2aa6d83
SHA1647460e00f3a32a5f5c317cbe8c43294e75a73e7
SHA25649b8c6e31270a221db0336240cc1e0f69f2f1caf5d9b3517a0eec73536735873
SHA512fce8c5e6512a8573824fa8ec108a1cab460028883589d6a7961359212f355866a7311d14880e233912d25b82ce51ccce5bb4f1f4df1031db950d3e2d63b09464
-
\Program Files\7-Zip\backup.exeFilesize
72KB
MD5bb67aaca8a6e5d63f858eabcc2aa6d83
SHA1647460e00f3a32a5f5c317cbe8c43294e75a73e7
SHA25649b8c6e31270a221db0336240cc1e0f69f2f1caf5d9b3517a0eec73536735873
SHA512fce8c5e6512a8573824fa8ec108a1cab460028883589d6a7961359212f355866a7311d14880e233912d25b82ce51ccce5bb4f1f4df1031db950d3e2d63b09464
-
\Program Files\Common Files\Microsoft Shared\Filters\backup.exeFilesize
72KB
MD58e90d9ec7304f9c3bc36249dc5ce1f61
SHA1232f0068c63e08abb3bfa99275b79c9db7e8756e
SHA256e0f208b2a1cfd6dd3e78c81873acc9571399e9628d8dc07eac1b6b8aa3c0851a
SHA512817247ab39e180478c1bdb58b454ed0d728bd2e31bf975060a1ab5fb6eaa656f522c5ac1164572ae3e50594f50af26c6842d515d1e91b30123b0f30045cd5983
-
\Program Files\Common Files\Microsoft Shared\Filters\backup.exeFilesize
72KB
MD58e90d9ec7304f9c3bc36249dc5ce1f61
SHA1232f0068c63e08abb3bfa99275b79c9db7e8756e
SHA256e0f208b2a1cfd6dd3e78c81873acc9571399e9628d8dc07eac1b6b8aa3c0851a
SHA512817247ab39e180478c1bdb58b454ed0d728bd2e31bf975060a1ab5fb6eaa656f522c5ac1164572ae3e50594f50af26c6842d515d1e91b30123b0f30045cd5983
-
\Program Files\Common Files\Microsoft Shared\backup.exeFilesize
72KB
MD5b84edd63f292960c6db92bcbb84f8ca3
SHA1d8596aa9fb00f39081e1e11aa1e43bd8c236a43a
SHA2562458ada4e7c7f52583646e59969a5c2b8278fca7260b51e42646780b9692192f
SHA5128c67f3839c3f00636c7612acb31b0d17f76827e550cde325834184dad079fd1a06036aa183f6c228ad6af167a375a74d29dec6eb808f93db19368951f4490047
-
\Program Files\Common Files\Microsoft Shared\backup.exeFilesize
72KB
MD5b84edd63f292960c6db92bcbb84f8ca3
SHA1d8596aa9fb00f39081e1e11aa1e43bd8c236a43a
SHA2562458ada4e7c7f52583646e59969a5c2b8278fca7260b51e42646780b9692192f
SHA5128c67f3839c3f00636c7612acb31b0d17f76827e550cde325834184dad079fd1a06036aa183f6c228ad6af167a375a74d29dec6eb808f93db19368951f4490047
-
\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exeFilesize
72KB
MD525ab22aa98dcc0c4c997fa61788a9a77
SHA16cfb5d381b3d6d5c51e610682eec027e1eb55638
SHA2563009aeca6f58e69de2eb3595f696b91081a90be9ff77de6c8ffec0e1c911327c
SHA512cc2ca8b1ae82566e48b079233e89731315ceac1f89b2db96be253a6beb0d170d44f98aa40ff2f36af513ea0b80079cc4d7d8a195bf81e9b148aa9d26be4c51b9
-
\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exeFilesize
72KB
MD525ab22aa98dcc0c4c997fa61788a9a77
SHA16cfb5d381b3d6d5c51e610682eec027e1eb55638
SHA2563009aeca6f58e69de2eb3595f696b91081a90be9ff77de6c8ffec0e1c911327c
SHA512cc2ca8b1ae82566e48b079233e89731315ceac1f89b2db96be253a6beb0d170d44f98aa40ff2f36af513ea0b80079cc4d7d8a195bf81e9b148aa9d26be4c51b9
-
\Program Files\Common Files\Microsoft Shared\ink\backup.exeFilesize
72KB
MD58e90d9ec7304f9c3bc36249dc5ce1f61
SHA1232f0068c63e08abb3bfa99275b79c9db7e8756e
SHA256e0f208b2a1cfd6dd3e78c81873acc9571399e9628d8dc07eac1b6b8aa3c0851a
SHA512817247ab39e180478c1bdb58b454ed0d728bd2e31bf975060a1ab5fb6eaa656f522c5ac1164572ae3e50594f50af26c6842d515d1e91b30123b0f30045cd5983
-
\Program Files\Common Files\Microsoft Shared\ink\backup.exeFilesize
72KB
MD58e90d9ec7304f9c3bc36249dc5ce1f61
SHA1232f0068c63e08abb3bfa99275b79c9db7e8756e
SHA256e0f208b2a1cfd6dd3e78c81873acc9571399e9628d8dc07eac1b6b8aa3c0851a
SHA512817247ab39e180478c1bdb58b454ed0d728bd2e31bf975060a1ab5fb6eaa656f522c5ac1164572ae3e50594f50af26c6842d515d1e91b30123b0f30045cd5983
-
\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exeFilesize
72KB
MD525ab22aa98dcc0c4c997fa61788a9a77
SHA16cfb5d381b3d6d5c51e610682eec027e1eb55638
SHA2563009aeca6f58e69de2eb3595f696b91081a90be9ff77de6c8ffec0e1c911327c
SHA512cc2ca8b1ae82566e48b079233e89731315ceac1f89b2db96be253a6beb0d170d44f98aa40ff2f36af513ea0b80079cc4d7d8a195bf81e9b148aa9d26be4c51b9
-
\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exeFilesize
72KB
MD525ab22aa98dcc0c4c997fa61788a9a77
SHA16cfb5d381b3d6d5c51e610682eec027e1eb55638
SHA2563009aeca6f58e69de2eb3595f696b91081a90be9ff77de6c8ffec0e1c911327c
SHA512cc2ca8b1ae82566e48b079233e89731315ceac1f89b2db96be253a6beb0d170d44f98aa40ff2f36af513ea0b80079cc4d7d8a195bf81e9b148aa9d26be4c51b9
-
\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exeFilesize
72KB
MD525ab22aa98dcc0c4c997fa61788a9a77
SHA16cfb5d381b3d6d5c51e610682eec027e1eb55638
SHA2563009aeca6f58e69de2eb3595f696b91081a90be9ff77de6c8ffec0e1c911327c
SHA512cc2ca8b1ae82566e48b079233e89731315ceac1f89b2db96be253a6beb0d170d44f98aa40ff2f36af513ea0b80079cc4d7d8a195bf81e9b148aa9d26be4c51b9
-
\Program Files\Common Files\backup.exeFilesize
72KB
MD5bb67aaca8a6e5d63f858eabcc2aa6d83
SHA1647460e00f3a32a5f5c317cbe8c43294e75a73e7
SHA25649b8c6e31270a221db0336240cc1e0f69f2f1caf5d9b3517a0eec73536735873
SHA512fce8c5e6512a8573824fa8ec108a1cab460028883589d6a7961359212f355866a7311d14880e233912d25b82ce51ccce5bb4f1f4df1031db950d3e2d63b09464
-
\Program Files\Common Files\backup.exeFilesize
72KB
MD5bb67aaca8a6e5d63f858eabcc2aa6d83
SHA1647460e00f3a32a5f5c317cbe8c43294e75a73e7
SHA25649b8c6e31270a221db0336240cc1e0f69f2f1caf5d9b3517a0eec73536735873
SHA512fce8c5e6512a8573824fa8ec108a1cab460028883589d6a7961359212f355866a7311d14880e233912d25b82ce51ccce5bb4f1f4df1031db950d3e2d63b09464
-
\Program Files\backup.exeFilesize
72KB
MD5d1c51f18f87d07d4a7bbc44a4bbaf0d9
SHA1bc7b3433f0a7b9607d40c0f3fc61ca105b9280cd
SHA256e1f8c41d2f91205839ce33a0e35e5255df3f578bb4090601ee38f9da238d1e8e
SHA51253ec3ece0c1ea0c87e1b9618d3e41ff111e2747eef949ba13aeb1f552332cd30766f77bd38e56086927999507ce2a740b1721bdb817e32a234a948c03731c594
-
\Program Files\backup.exeFilesize
72KB
MD5d1c51f18f87d07d4a7bbc44a4bbaf0d9
SHA1bc7b3433f0a7b9607d40c0f3fc61ca105b9280cd
SHA256e1f8c41d2f91205839ce33a0e35e5255df3f578bb4090601ee38f9da238d1e8e
SHA51253ec3ece0c1ea0c87e1b9618d3e41ff111e2747eef949ba13aeb1f552332cd30766f77bd38e56086927999507ce2a740b1721bdb817e32a234a948c03731c594
-
\Users\Admin\AppData\Local\Temp\393482149\backup.exeFilesize
72KB
MD5b6be0108a7b45669487250532cc84a3f
SHA182a48b8fa4d04b58fb6741b22108762bff551613
SHA2568eab4d55506bb78776cc88ca96bf2f5d5dccc14dc230411b68727688489224d8
SHA512c392abbc0f55d194aa05dadc93161866271d8502d4fe1734cb1b1eff350946ec92d25a95adb98ccfea38e514ae9bef7a2b0e8ea5aa2f1823575488eabe8ce884
-
\Users\Admin\AppData\Local\Temp\393482149\backup.exeFilesize
72KB
MD5b6be0108a7b45669487250532cc84a3f
SHA182a48b8fa4d04b58fb6741b22108762bff551613
SHA2568eab4d55506bb78776cc88ca96bf2f5d5dccc14dc230411b68727688489224d8
SHA512c392abbc0f55d194aa05dadc93161866271d8502d4fe1734cb1b1eff350946ec92d25a95adb98ccfea38e514ae9bef7a2b0e8ea5aa2f1823575488eabe8ce884
-
\Users\Admin\AppData\Local\Temp\Low\backup.exeFilesize
72KB
MD5efc2225d2e2ca560fa7921b1ea1d87fe
SHA1874595a04fa9fcf30ab06656097dfe8640d3a6d7
SHA2567c0e9bc51b7b000f96f54f66b4787e654f4807dc5251abd119438b44d57c4480
SHA512cdce2746ddf52d7bbdfc9e199b1084a70dd37cb8fd9d774fa61593d2a0deaa5c5dbe03ee480df94d64a5c9e8444460788d5aa8ae69acec2151ba18db1c74e616
-
\Users\Admin\AppData\Local\Temp\Low\backup.exeFilesize
72KB
MD5efc2225d2e2ca560fa7921b1ea1d87fe
SHA1874595a04fa9fcf30ab06656097dfe8640d3a6d7
SHA2567c0e9bc51b7b000f96f54f66b4787e654f4807dc5251abd119438b44d57c4480
SHA512cdce2746ddf52d7bbdfc9e199b1084a70dd37cb8fd9d774fa61593d2a0deaa5c5dbe03ee480df94d64a5c9e8444460788d5aa8ae69acec2151ba18db1c74e616
-
\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exeFilesize
72KB
MD5efc2225d2e2ca560fa7921b1ea1d87fe
SHA1874595a04fa9fcf30ab06656097dfe8640d3a6d7
SHA2567c0e9bc51b7b000f96f54f66b4787e654f4807dc5251abd119438b44d57c4480
SHA512cdce2746ddf52d7bbdfc9e199b1084a70dd37cb8fd9d774fa61593d2a0deaa5c5dbe03ee480df94d64a5c9e8444460788d5aa8ae69acec2151ba18db1c74e616
-
\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exeFilesize
72KB
MD5efc2225d2e2ca560fa7921b1ea1d87fe
SHA1874595a04fa9fcf30ab06656097dfe8640d3a6d7
SHA2567c0e9bc51b7b000f96f54f66b4787e654f4807dc5251abd119438b44d57c4480
SHA512cdce2746ddf52d7bbdfc9e199b1084a70dd37cb8fd9d774fa61593d2a0deaa5c5dbe03ee480df94d64a5c9e8444460788d5aa8ae69acec2151ba18db1c74e616
-
\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exeFilesize
72KB
MD5efc2225d2e2ca560fa7921b1ea1d87fe
SHA1874595a04fa9fcf30ab06656097dfe8640d3a6d7
SHA2567c0e9bc51b7b000f96f54f66b4787e654f4807dc5251abd119438b44d57c4480
SHA512cdce2746ddf52d7bbdfc9e199b1084a70dd37cb8fd9d774fa61593d2a0deaa5c5dbe03ee480df94d64a5c9e8444460788d5aa8ae69acec2151ba18db1c74e616
-
\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exeFilesize
72KB
MD5efc2225d2e2ca560fa7921b1ea1d87fe
SHA1874595a04fa9fcf30ab06656097dfe8640d3a6d7
SHA2567c0e9bc51b7b000f96f54f66b4787e654f4807dc5251abd119438b44d57c4480
SHA512cdce2746ddf52d7bbdfc9e199b1084a70dd37cb8fd9d774fa61593d2a0deaa5c5dbe03ee480df94d64a5c9e8444460788d5aa8ae69acec2151ba18db1c74e616
-
\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeFilesize
72KB
MD5efc2225d2e2ca560fa7921b1ea1d87fe
SHA1874595a04fa9fcf30ab06656097dfe8640d3a6d7
SHA2567c0e9bc51b7b000f96f54f66b4787e654f4807dc5251abd119438b44d57c4480
SHA512cdce2746ddf52d7bbdfc9e199b1084a70dd37cb8fd9d774fa61593d2a0deaa5c5dbe03ee480df94d64a5c9e8444460788d5aa8ae69acec2151ba18db1c74e616
-
\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeFilesize
72KB
MD5efc2225d2e2ca560fa7921b1ea1d87fe
SHA1874595a04fa9fcf30ab06656097dfe8640d3a6d7
SHA2567c0e9bc51b7b000f96f54f66b4787e654f4807dc5251abd119438b44d57c4480
SHA512cdce2746ddf52d7bbdfc9e199b1084a70dd37cb8fd9d774fa61593d2a0deaa5c5dbe03ee480df94d64a5c9e8444460788d5aa8ae69acec2151ba18db1c74e616
-
\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeFilesize
72KB
MD5b6be0108a7b45669487250532cc84a3f
SHA182a48b8fa4d04b58fb6741b22108762bff551613
SHA2568eab4d55506bb78776cc88ca96bf2f5d5dccc14dc230411b68727688489224d8
SHA512c392abbc0f55d194aa05dadc93161866271d8502d4fe1734cb1b1eff350946ec92d25a95adb98ccfea38e514ae9bef7a2b0e8ea5aa2f1823575488eabe8ce884
-
\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeFilesize
72KB
MD5b6be0108a7b45669487250532cc84a3f
SHA182a48b8fa4d04b58fb6741b22108762bff551613
SHA2568eab4d55506bb78776cc88ca96bf2f5d5dccc14dc230411b68727688489224d8
SHA512c392abbc0f55d194aa05dadc93161866271d8502d4fe1734cb1b1eff350946ec92d25a95adb98ccfea38e514ae9bef7a2b0e8ea5aa2f1823575488eabe8ce884
-
\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeFilesize
72KB
MD5efc2225d2e2ca560fa7921b1ea1d87fe
SHA1874595a04fa9fcf30ab06656097dfe8640d3a6d7
SHA2567c0e9bc51b7b000f96f54f66b4787e654f4807dc5251abd119438b44d57c4480
SHA512cdce2746ddf52d7bbdfc9e199b1084a70dd37cb8fd9d774fa61593d2a0deaa5c5dbe03ee480df94d64a5c9e8444460788d5aa8ae69acec2151ba18db1c74e616
-
\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeFilesize
72KB
MD5efc2225d2e2ca560fa7921b1ea1d87fe
SHA1874595a04fa9fcf30ab06656097dfe8640d3a6d7
SHA2567c0e9bc51b7b000f96f54f66b4787e654f4807dc5251abd119438b44d57c4480
SHA512cdce2746ddf52d7bbdfc9e199b1084a70dd37cb8fd9d774fa61593d2a0deaa5c5dbe03ee480df94d64a5c9e8444460788d5aa8ae69acec2151ba18db1c74e616
-
memory/268-82-0x0000000000000000-mapping.dmp
-
memory/268-270-0x0000000000000000-mapping.dmp
-
memory/428-188-0x0000000000000000-mapping.dmp
-
memory/432-128-0x0000000000000000-mapping.dmp
-
memory/572-88-0x0000000000000000-mapping.dmp
-
memory/652-195-0x0000000000000000-mapping.dmp
-
memory/676-267-0x0000000000000000-mapping.dmp
-
memory/768-280-0x0000000000000000-mapping.dmp
-
memory/768-94-0x0000000000000000-mapping.dmp
-
memory/808-236-0x0000000000000000-mapping.dmp
-
memory/812-313-0x0000000000000000-mapping.dmp
-
memory/896-222-0x0000000000000000-mapping.dmp
-
memory/960-239-0x0000000000000000-mapping.dmp
-
memory/968-210-0x0000000000000000-mapping.dmp
-
memory/972-121-0x0000000000000000-mapping.dmp
-
memory/988-135-0x0000000000000000-mapping.dmp
-
memory/1044-276-0x0000000000000000-mapping.dmp
-
memory/1080-70-0x0000000000000000-mapping.dmp
-
memory/1088-225-0x0000000000000000-mapping.dmp
-
memory/1112-245-0x0000000000000000-mapping.dmp
-
memory/1116-155-0x0000000000000000-mapping.dmp
-
memory/1120-255-0x0000000000000000-mapping.dmp
-
memory/1224-192-0x0000000000000000-mapping.dmp
-
memory/1228-229-0x0000000000000000-mapping.dmp
-
memory/1252-168-0x0000000000000000-mapping.dmp
-
memory/1312-204-0x0000000000000000-mapping.dmp
-
memory/1312-289-0x0000000000000000-mapping.dmp
-
memory/1332-298-0x0000000000000000-mapping.dmp
-
memory/1332-115-0x0000000000000000-mapping.dmp
-
memory/1340-273-0x0000000000000000-mapping.dmp
-
memory/1408-76-0x0000000000000000-mapping.dmp
-
memory/1448-292-0x0000000000000000-mapping.dmp
-
memory/1460-314-0x0000000000000000-mapping.dmp
-
memory/1496-307-0x0000000000000000-mapping.dmp
-
memory/1500-242-0x0000000000000000-mapping.dmp
-
memory/1560-207-0x0000000000000000-mapping.dmp
-
memory/1600-198-0x0000000000000000-mapping.dmp
-
memory/1600-283-0x0000000000000000-mapping.dmp
-
memory/1652-233-0x0000000000000000-mapping.dmp
-
memory/1684-185-0x0000000000000000-mapping.dmp
-
memory/1696-213-0x0000000000000000-mapping.dmp
-
memory/1712-58-0x0000000000000000-mapping.dmp
-
memory/1724-310-0x0000000000000000-mapping.dmp
-
memory/1728-141-0x0000000000000000-mapping.dmp
-
memory/1756-108-0x0000000000000000-mapping.dmp
-
memory/1764-148-0x0000000000000000-mapping.dmp
-
memory/1768-249-0x0000000000000000-mapping.dmp
-
memory/1788-182-0x0000000000000000-mapping.dmp
-
memory/1820-219-0x0000000000000000-mapping.dmp
-
memory/1828-101-0x0000000000000000-mapping.dmp
-
memory/1832-201-0x0000000000000000-mapping.dmp
-
memory/1832-286-0x0000000000000000-mapping.dmp
-
memory/1892-252-0x0000000000000000-mapping.dmp
-
memory/1900-161-0x0000000000000000-mapping.dmp
-
memory/1904-216-0x0000000000000000-mapping.dmp
-
memory/1908-64-0x0000000000000000-mapping.dmp
-
memory/1968-295-0x0000000000000000-mapping.dmp
-
memory/1972-100-0x00000000741A1000-0x00000000741A3000-memory.dmpFilesize
8KB
-
memory/1972-98-0x0000000075981000-0x0000000075983000-memory.dmpFilesize
8KB
-
memory/1988-301-0x0000000000000000-mapping.dmp
-
memory/1996-264-0x0000000000000000-mapping.dmp
-
memory/2012-179-0x0000000000000000-mapping.dmp
-
memory/2028-304-0x0000000000000000-mapping.dmp
-
memory/2036-174-0x0000000000000000-mapping.dmp
-
memory/2036-261-0x0000000000000000-mapping.dmp
-
memory/2040-258-0x0000000000000000-mapping.dmp