Analysis
-
max time kernel
124s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
23-11-2022 18:50
General
-
Target
d0d7ef84ff853216e89cf9525640512ba94ca0eddfe44e339409a67f8dff0f11.exe
-
Size
72KB
-
MD5
42acc23e45ff51ad82f599f71fbacc9c
-
SHA1
7836e502b1ceda30ce965bbc7b1313342cdcb193
-
SHA256
d0d7ef84ff853216e89cf9525640512ba94ca0eddfe44e339409a67f8dff0f11
-
SHA512
2864121a99aed5a494e36494cb14f8cb1c23037581d29cf4e9cc8e2b1d86588193cfce4c94993e7d0370cf8b4514ee6155f7895b86d0fc0b40e971fba6676128
-
SSDEEP
768:ipQNwC3BEddsEqOt/hyJF+x3BEJwRr3nX:ieTce/U/hKYuKXX
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 4 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d0d7ef84ff853216e89cf9525640512ba94ca0eddfe44e339409a67f8dff0f11.exe"C:\Users\Admin\AppData\Local\Temp\d0d7ef84ff853216e89cf9525640512ba94ca0eddfe44e339409a67f8dff0f11.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\848848657\backup.exeC:\Users\Admin\AppData\Local\Temp\848848657\backup.exe C:\Users\Admin\AppData\Local\Temp\848848657\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\backup.exe\backup.exe \3⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\PerfLogs\Admin\backup.exeC:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\backup.exe"C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\8⤵
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\8⤵
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\7⤵
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\7⤵
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\7⤵
-
C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VC\7⤵
-
C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VGX\7⤵
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\data.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\data.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\7⤵
-
C:\Program Files\Common Files\Services\update.exe"C:\Program Files\Common Files\Services\update.exe" C:\Program Files\Common Files\Services\6⤵
-
C:\Program Files\Common Files\SpeechEngines\backup.exe"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\6⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe"C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\ado\de-DE\System Restore.exe"C:\Program Files\Common Files\System\ado\de-DE\System Restore.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
-
C:\Program Files\Common Files\System\ado\fr-FR\update.exe"C:\Program Files\Common Files\System\ado\fr-FR\update.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
- System policy modification
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\7⤵
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
-
C:\Program Files\Common Files\System\msadc\backup.exe"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\7⤵
-
C:\Program Files\Common Files\System\Ole DB\backup.exe"C:\Program Files\Common Files\System\Ole DB\backup.exe" C:\Program Files\Common Files\System\Ole DB\7⤵
-
C:\Program Files\DVD Maker\backup.exe"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\5⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\DVD Maker\de-DE\backup.exe"C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\6⤵
-
C:\Program Files\DVD Maker\en-US\backup.exe"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\6⤵
- System policy modification
-
C:\Program Files\DVD Maker\es-ES\backup.exe"C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\6⤵
-
C:\Program Files\DVD Maker\fr-FR\backup.exe"C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\DVD Maker\it-IT\backup.exe"C:\Program Files\DVD Maker\it-IT\backup.exe" C:\Program Files\DVD Maker\it-IT\6⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files\DVD Maker\ja-JP\backup.exe"C:\Program Files\DVD Maker\ja-JP\backup.exe" C:\Program Files\DVD Maker\ja-JP\6⤵
- Disables RegEdit via registry modification
-
C:\Program Files\DVD Maker\Shared\backup.exe"C:\Program Files\DVD Maker\Shared\backup.exe" C:\Program Files\DVD Maker\Shared\6⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\8⤵
- System policy modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Full\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\update.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\update.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\update.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\update.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\8⤵
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\System Restore.exe"C:\Program Files\Google\Chrome\System Restore.exe" C:\Program Files\Google\Chrome\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Google\Chrome\Application\update.exe"C:\Program Files\Google\Chrome\Application\update.exe" C:\Program Files\Google\Chrome\Application\7⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\8⤵
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\Internet Explorer\de-DE\System Restore.exe"C:\Program Files\Internet Explorer\de-DE\System Restore.exe" C:\Program Files\Internet Explorer\de-DE\6⤵
-
C:\Program Files\Internet Explorer\en-US\backup.exe"C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\6⤵
-
C:\Program Files\Internet Explorer\es-ES\update.exe"C:\Program Files\Internet Explorer\es-ES\update.exe" C:\Program Files\Internet Explorer\es-ES\6⤵
-
C:\Program Files\Internet Explorer\fr-FR\backup.exe"C:\Program Files\Internet Explorer\fr-FR\backup.exe" C:\Program Files\Internet Explorer\fr-FR\6⤵
-
C:\Program Files\Internet Explorer\images\backup.exe"C:\Program Files\Internet Explorer\images\backup.exe" C:\Program Files\Internet Explorer\images\6⤵
-
C:\Program Files\Internet Explorer\it-IT\backup.exe"C:\Program Files\Internet Explorer\it-IT\backup.exe" C:\Program Files\Internet Explorer\it-IT\6⤵
-
C:\Program Files\Java\System Restore.exe"C:\Program Files\Java\System Restore.exe" C:\Program Files\Java\5⤵
-
C:\Program Files\Microsoft Games\backup.exe"C:\Program Files\Microsoft Games\backup.exe" C:\Program Files\Microsoft Games\5⤵
-
C:\Program Files\Microsoft Office\backup.exe"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\5⤵
-
C:\Program Files\Mozilla Firefox\backup.exe"C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\5⤵
-
C:\Program Files\MSBuild\backup.exe"C:\Program Files\MSBuild\backup.exe" C:\Program Files\MSBuild\5⤵
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\8⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\9⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\9⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\10⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\9⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\9⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\9⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\data.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\data.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\9⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\8⤵
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\System Restore.exe"C:\Program Files (x86)\Common Files\Adobe\System Restore.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
-
C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\7⤵
-
C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Updater6\7⤵
-
C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\6⤵
-
C:\Program Files (x86)\Common Files\DESIGNER\update.exe"C:\Program Files (x86)\Common Files\DESIGNER\update.exe" C:\Program Files (x86)\Common Files\DESIGNER\6⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\data.exe"C:\Program Files (x86)\Common Files\microsoft shared\data.exe" C:\Program Files (x86)\Common Files\microsoft shared\6⤵
-
C:\Program Files (x86)\Common Files\Services\backup.exe"C:\Program Files (x86)\Common Files\Services\backup.exe" C:\Program Files (x86)\Common Files\Services\6⤵
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Google\CrashReports\System Restore.exe"C:\Program Files (x86)\Google\CrashReports\System Restore.exe" C:\Program Files (x86)\Google\CrashReports\6⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Google\Policies\backup.exe"C:\Program Files (x86)\Google\Policies\backup.exe" C:\Program Files (x86)\Google\Policies\6⤵
-
C:\Program Files (x86)\Google\Temp\backup.exe"C:\Program Files (x86)\Google\Temp\backup.exe" C:\Program Files (x86)\Google\Temp\6⤵
-
C:\Program Files (x86)\Google\Update\backup.exe"C:\Program Files (x86)\Google\Update\backup.exe" C:\Program Files (x86)\Google\Update\6⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
-
C:\Program Files (x86)\Microsoft Analysis Services\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\5⤵
-
C:\Program Files (x86)\Microsoft Office\backup.exe"C:\Program Files (x86)\Microsoft Office\backup.exe" C:\Program Files (x86)\Microsoft Office\5⤵
-
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe"C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe" C:\Program Files (x86)\Microsoft SQL Server Compact Edition\5⤵
-
C:\Program Files (x86)\Microsoft Sync Framework\backup.exe"C:\Program Files (x86)\Microsoft Sync Framework\backup.exe" C:\Program Files (x86)\Microsoft Sync Framework\5⤵
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
- Disables RegEdit via registry modification
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\6⤵
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
-
C:\Users\Admin\Favorites\backup.exeC:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\6⤵
-
C:\Users\Admin\Links\backup.exeC:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\6⤵
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Windows directory
- System policy modification
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Windows\AppCompat\backup.exeC:\Windows\AppCompat\backup.exe C:\Windows\AppCompat\5⤵
-
C:\Windows\AppPatch\backup.exeC:\Windows\AppPatch\backup.exe C:\Windows\AppPatch\5⤵
-
C:\Windows\assembly\backup.exeC:\Windows\assembly\backup.exe C:\Windows\assembly\5⤵
-
C:\Windows\Branding\backup.exeC:\Windows\Branding\backup.exe C:\Windows\Branding\5⤵
-
C:\Windows\CSC\backup.exeC:\Windows\CSC\backup.exe C:\Windows\CSC\5⤵
-
C:\Windows\Cursors\backup.exeC:\Windows\Cursors\backup.exe C:\Windows\Cursors\5⤵
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeC:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\PerfLogs\Admin\backup.exeFilesize
72KB
MD5f542aa90a3106da5e369ea7f99a9addc
SHA123da13ab75fe117c2e94d0a090655bbba47e4f4d
SHA256cc188a130b57b1f535616df96d5f97592c31911e85a1ab06228b054a220b1b58
SHA512951bfebc7d04a94ee26999187cc4ca3259199301d09e3c96ea68f2fe88bc312cc5911ac9f927444dbc77a259e3993e7bee5791f2026bac12683ccf9471ff6e58
-
C:\PerfLogs\backup.exeFilesize
72KB
MD5640515446c633fb28391f1a590948edd
SHA1c19f7bc857bdab8d150d89fddff890551f8a553e
SHA2569fede6c61b0612d1750393a1e8e398dce89da9bce9d291a5a993cbd9162307b7
SHA512d5687e61c72bf71321df73b83749852ffd7e4352041489cb738a0f2082e7313c909973dae362d91434babd0c01ab9ba932ffb9adae05c083fbc8101f24cebc23
-
C:\PerfLogs\backup.exeFilesize
72KB
MD5640515446c633fb28391f1a590948edd
SHA1c19f7bc857bdab8d150d89fddff890551f8a553e
SHA2569fede6c61b0612d1750393a1e8e398dce89da9bce9d291a5a993cbd9162307b7
SHA512d5687e61c72bf71321df73b83749852ffd7e4352041489cb738a0f2082e7313c909973dae362d91434babd0c01ab9ba932ffb9adae05c083fbc8101f24cebc23
-
C:\Program Files\7-Zip\Lang\backup.exeFilesize
72KB
MD56b55fa07e1ca1bd8f7b36c7e35ad44e5
SHA1a5f7254162e01965611a4e1d3a57bffac3568b0e
SHA256e6a8c3aaff1244e46036c9f771ab5fdc6ead9847b310fa1c37fd5b21554f359f
SHA5125ed8eebf625eed3873acbcbfae7d47f7cb936926c8041880c4f3262f94317771a37431bcc46a7975910c01a9125cc16fb69d0308a2779c35c61b85ab533a7ff0
-
C:\Program Files\7-Zip\backup.exeFilesize
72KB
MD5185479ba50ad96d6524f85536f03c7d8
SHA156a3e95cb7049fe0e68634aaa11ac11a8fd9719e
SHA2569757457030011825cd49c0e5b89bd63aa4fe7831e26d170e6a8cf3ea5b06ff91
SHA51278fa37dca6282c94d1b045acd982e1da46c5d24716fcd01501c863b89053bd997b16c34ad1de427cc6fc1df35919ec0e268996181c7f9d714f372b55867b5de9
-
C:\Program Files\7-Zip\backup.exeFilesize
72KB
MD5185479ba50ad96d6524f85536f03c7d8
SHA156a3e95cb7049fe0e68634aaa11ac11a8fd9719e
SHA2569757457030011825cd49c0e5b89bd63aa4fe7831e26d170e6a8cf3ea5b06ff91
SHA51278fa37dca6282c94d1b045acd982e1da46c5d24716fcd01501c863b89053bd997b16c34ad1de427cc6fc1df35919ec0e268996181c7f9d714f372b55867b5de9
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exeFilesize
72KB
MD58c2ad354b0c1b32050a430badf9e16fc
SHA1fb77f97e9c8ccb8cf7626034fadf07952e904cb6
SHA2565ca0ad9fb071e457cfaa51b75f64c3fa35812286fafb0c7ae863350858296c41
SHA5122a10af637200c86a25ee3f5f1ed783163a882446bf5e677bcbfba1dcc70bc661de99f0a1ebef76bcb662e7aa9b02fdfd7987174ba281c50a388562712f1858df
-
C:\Program Files\Common Files\Microsoft Shared\backup.exeFilesize
72KB
MD5993234e824154d7ff3d8b43a0a3221fd
SHA12a56710e53be3f586ee0ffcbcfe90ea71470783c
SHA2563a0ec440e6b7bc7dde53495c68d40b0ba4c9278634e40d4af96acd872a0df5ce
SHA512a6eb376eba783cb0c911413ab92cee3299ed1821bfa896fd51498d8168962eb89789a6ef1609d56f1705e6bfce64212b4ffb7017e6d13fe3dbe08cafeddfd149
-
C:\Program Files\Common Files\Microsoft Shared\backup.exeFilesize
72KB
MD5993234e824154d7ff3d8b43a0a3221fd
SHA12a56710e53be3f586ee0ffcbcfe90ea71470783c
SHA2563a0ec440e6b7bc7dde53495c68d40b0ba4c9278634e40d4af96acd872a0df5ce
SHA512a6eb376eba783cb0c911413ab92cee3299ed1821bfa896fd51498d8168962eb89789a6ef1609d56f1705e6bfce64212b4ffb7017e6d13fe3dbe08cafeddfd149
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exeFilesize
72KB
MD521d6f4bfee6f15fb7753f9fe02a6606b
SHA11f02d7ee42b289b092ff947cded7c6df6d73b1ae
SHA256fac8f945dcd6539bfba1252b344f95226302d0666459ed166f025e56c82ff879
SHA51247634b3fb152afbdd5ac32f5ab735e7a2559aa8de14e7749aa87f5c1bb6a0a2f1b34c3a4186211bb35dd6431cd3a2dfa5f0f67412ba9400778def0fc04465118
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exeFilesize
72KB
MD58c2ad354b0c1b32050a430badf9e16fc
SHA1fb77f97e9c8ccb8cf7626034fadf07952e904cb6
SHA2565ca0ad9fb071e457cfaa51b75f64c3fa35812286fafb0c7ae863350858296c41
SHA5122a10af637200c86a25ee3f5f1ed783163a882446bf5e677bcbfba1dcc70bc661de99f0a1ebef76bcb662e7aa9b02fdfd7987174ba281c50a388562712f1858df
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exeFilesize
72KB
MD58c2ad354b0c1b32050a430badf9e16fc
SHA1fb77f97e9c8ccb8cf7626034fadf07952e904cb6
SHA2565ca0ad9fb071e457cfaa51b75f64c3fa35812286fafb0c7ae863350858296c41
SHA5122a10af637200c86a25ee3f5f1ed783163a882446bf5e677bcbfba1dcc70bc661de99f0a1ebef76bcb662e7aa9b02fdfd7987174ba281c50a388562712f1858df
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exeFilesize
72KB
MD521d6f4bfee6f15fb7753f9fe02a6606b
SHA11f02d7ee42b289b092ff947cded7c6df6d73b1ae
SHA256fac8f945dcd6539bfba1252b344f95226302d0666459ed166f025e56c82ff879
SHA51247634b3fb152afbdd5ac32f5ab735e7a2559aa8de14e7749aa87f5c1bb6a0a2f1b34c3a4186211bb35dd6431cd3a2dfa5f0f67412ba9400778def0fc04465118
-
C:\Program Files\Common Files\backup.exeFilesize
72KB
MD5185479ba50ad96d6524f85536f03c7d8
SHA156a3e95cb7049fe0e68634aaa11ac11a8fd9719e
SHA2569757457030011825cd49c0e5b89bd63aa4fe7831e26d170e6a8cf3ea5b06ff91
SHA51278fa37dca6282c94d1b045acd982e1da46c5d24716fcd01501c863b89053bd997b16c34ad1de427cc6fc1df35919ec0e268996181c7f9d714f372b55867b5de9
-
C:\Program Files\Common Files\backup.exeFilesize
72KB
MD5185479ba50ad96d6524f85536f03c7d8
SHA156a3e95cb7049fe0e68634aaa11ac11a8fd9719e
SHA2569757457030011825cd49c0e5b89bd63aa4fe7831e26d170e6a8cf3ea5b06ff91
SHA51278fa37dca6282c94d1b045acd982e1da46c5d24716fcd01501c863b89053bd997b16c34ad1de427cc6fc1df35919ec0e268996181c7f9d714f372b55867b5de9
-
C:\Program Files\backup.exeFilesize
72KB
MD53c584e04015b55e0056e91bc0441c97b
SHA113527fa8733da0778a8ffff05365ab190564ae11
SHA2560850abe9060956159bf887abd6d944287a194fe110077ce707c7dd5dc0037a08
SHA51259afee4bde375421e4ba9b5f2a57133371774e5cf2e13290e8de5f88596c0a3e65a6e9f0495e76ffa8fe3dc6760f37b237ba2879849c51fb82d706be4d2c26b9
-
C:\Program Files\backup.exeFilesize
72KB
MD53c584e04015b55e0056e91bc0441c97b
SHA113527fa8733da0778a8ffff05365ab190564ae11
SHA2560850abe9060956159bf887abd6d944287a194fe110077ce707c7dd5dc0037a08
SHA51259afee4bde375421e4ba9b5f2a57133371774e5cf2e13290e8de5f88596c0a3e65a6e9f0495e76ffa8fe3dc6760f37b237ba2879849c51fb82d706be4d2c26b9
-
C:\Users\Admin\AppData\Local\Temp\848848657\backup.exeFilesize
72KB
MD52262c8e054050f397adfa4d17c208eaf
SHA122da8ddfc2ac370ba0016eaf537e9b0fb6fcfede
SHA256fe4328e26543290efc3f6d419badfed2ec6d52373c3f2bd274fccd284983fb53
SHA512e5cb3b5feab4ae1d595c5099642b8a4a48ee25871794462666718f1628e7bca13dc6d8a134bb3ef9d2273b6747a55313bb7f43d70e7ef2c890fcc5d0414ec3fe
-
C:\Users\Admin\AppData\Local\Temp\848848657\backup.exeFilesize
72KB
MD52262c8e054050f397adfa4d17c208eaf
SHA122da8ddfc2ac370ba0016eaf537e9b0fb6fcfede
SHA256fe4328e26543290efc3f6d419badfed2ec6d52373c3f2bd274fccd284983fb53
SHA512e5cb3b5feab4ae1d595c5099642b8a4a48ee25871794462666718f1628e7bca13dc6d8a134bb3ef9d2273b6747a55313bb7f43d70e7ef2c890fcc5d0414ec3fe
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeFilesize
72KB
MD52262c8e054050f397adfa4d17c208eaf
SHA122da8ddfc2ac370ba0016eaf537e9b0fb6fcfede
SHA256fe4328e26543290efc3f6d419badfed2ec6d52373c3f2bd274fccd284983fb53
SHA512e5cb3b5feab4ae1d595c5099642b8a4a48ee25871794462666718f1628e7bca13dc6d8a134bb3ef9d2273b6747a55313bb7f43d70e7ef2c890fcc5d0414ec3fe
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exeFilesize
72KB
MD52262c8e054050f397adfa4d17c208eaf
SHA122da8ddfc2ac370ba0016eaf537e9b0fb6fcfede
SHA256fe4328e26543290efc3f6d419badfed2ec6d52373c3f2bd274fccd284983fb53
SHA512e5cb3b5feab4ae1d595c5099642b8a4a48ee25871794462666718f1628e7bca13dc6d8a134bb3ef9d2273b6747a55313bb7f43d70e7ef2c890fcc5d0414ec3fe
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exeFilesize
72KB
MD5ac117a249c94ecf6caa72a6fb711b873
SHA107f7f1c83426310fb285e26e67f1450b4279eeb2
SHA2562e5062b57bb2a75e37f12bcacc54c768a95d52cea0d4c605638d7883244b2fce
SHA512cac81029efe08fb637bbf7adcb6850cae3c4e7666cb4fa2e53b63a33773d193caa6a193da1b12cb1a526df814d3cb25fcb8f7a38324d9ec2021a42317cc18d97
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeFilesize
72KB
MD5ac117a249c94ecf6caa72a6fb711b873
SHA107f7f1c83426310fb285e26e67f1450b4279eeb2
SHA2562e5062b57bb2a75e37f12bcacc54c768a95d52cea0d4c605638d7883244b2fce
SHA512cac81029efe08fb637bbf7adcb6850cae3c4e7666cb4fa2e53b63a33773d193caa6a193da1b12cb1a526df814d3cb25fcb8f7a38324d9ec2021a42317cc18d97
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeFilesize
72KB
MD52262c8e054050f397adfa4d17c208eaf
SHA122da8ddfc2ac370ba0016eaf537e9b0fb6fcfede
SHA256fe4328e26543290efc3f6d419badfed2ec6d52373c3f2bd274fccd284983fb53
SHA512e5cb3b5feab4ae1d595c5099642b8a4a48ee25871794462666718f1628e7bca13dc6d8a134bb3ef9d2273b6747a55313bb7f43d70e7ef2c890fcc5d0414ec3fe
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeFilesize
72KB
MD5ac117a249c94ecf6caa72a6fb711b873
SHA107f7f1c83426310fb285e26e67f1450b4279eeb2
SHA2562e5062b57bb2a75e37f12bcacc54c768a95d52cea0d4c605638d7883244b2fce
SHA512cac81029efe08fb637bbf7adcb6850cae3c4e7666cb4fa2e53b63a33773d193caa6a193da1b12cb1a526df814d3cb25fcb8f7a38324d9ec2021a42317cc18d97
-
C:\backup.exeFilesize
72KB
MD5299eaad71e5d33158ee4ee4d9b0c9328
SHA15159c1ce77eca1bf7235490ea31b5b55518b5dc0
SHA256736d4751b6135a06f052fbc9cd802cf34269da707f4d7823d7244d50476c6da6
SHA512154a85300d58c26621d5bd6b911bf711bb93e8a3554b952ffadc406b7d01c0031835a61380d58f8d2eeed65b48bd1399d3075fcd6c119620cad451bc9fbd43aa
-
C:\backup.exeFilesize
72KB
MD5299eaad71e5d33158ee4ee4d9b0c9328
SHA15159c1ce77eca1bf7235490ea31b5b55518b5dc0
SHA256736d4751b6135a06f052fbc9cd802cf34269da707f4d7823d7244d50476c6da6
SHA512154a85300d58c26621d5bd6b911bf711bb93e8a3554b952ffadc406b7d01c0031835a61380d58f8d2eeed65b48bd1399d3075fcd6c119620cad451bc9fbd43aa
-
\PerfLogs\Admin\backup.exeFilesize
72KB
MD5f542aa90a3106da5e369ea7f99a9addc
SHA123da13ab75fe117c2e94d0a090655bbba47e4f4d
SHA256cc188a130b57b1f535616df96d5f97592c31911e85a1ab06228b054a220b1b58
SHA512951bfebc7d04a94ee26999187cc4ca3259199301d09e3c96ea68f2fe88bc312cc5911ac9f927444dbc77a259e3993e7bee5791f2026bac12683ccf9471ff6e58
-
\PerfLogs\Admin\backup.exeFilesize
72KB
MD5f542aa90a3106da5e369ea7f99a9addc
SHA123da13ab75fe117c2e94d0a090655bbba47e4f4d
SHA256cc188a130b57b1f535616df96d5f97592c31911e85a1ab06228b054a220b1b58
SHA512951bfebc7d04a94ee26999187cc4ca3259199301d09e3c96ea68f2fe88bc312cc5911ac9f927444dbc77a259e3993e7bee5791f2026bac12683ccf9471ff6e58
-
\PerfLogs\backup.exeFilesize
72KB
MD5640515446c633fb28391f1a590948edd
SHA1c19f7bc857bdab8d150d89fddff890551f8a553e
SHA2569fede6c61b0612d1750393a1e8e398dce89da9bce9d291a5a993cbd9162307b7
SHA512d5687e61c72bf71321df73b83749852ffd7e4352041489cb738a0f2082e7313c909973dae362d91434babd0c01ab9ba932ffb9adae05c083fbc8101f24cebc23
-
\PerfLogs\backup.exeFilesize
72KB
MD5640515446c633fb28391f1a590948edd
SHA1c19f7bc857bdab8d150d89fddff890551f8a553e
SHA2569fede6c61b0612d1750393a1e8e398dce89da9bce9d291a5a993cbd9162307b7
SHA512d5687e61c72bf71321df73b83749852ffd7e4352041489cb738a0f2082e7313c909973dae362d91434babd0c01ab9ba932ffb9adae05c083fbc8101f24cebc23
-
\Program Files\7-Zip\Lang\backup.exeFilesize
72KB
MD56b55fa07e1ca1bd8f7b36c7e35ad44e5
SHA1a5f7254162e01965611a4e1d3a57bffac3568b0e
SHA256e6a8c3aaff1244e46036c9f771ab5fdc6ead9847b310fa1c37fd5b21554f359f
SHA5125ed8eebf625eed3873acbcbfae7d47f7cb936926c8041880c4f3262f94317771a37431bcc46a7975910c01a9125cc16fb69d0308a2779c35c61b85ab533a7ff0
-
\Program Files\7-Zip\Lang\backup.exeFilesize
72KB
MD56b55fa07e1ca1bd8f7b36c7e35ad44e5
SHA1a5f7254162e01965611a4e1d3a57bffac3568b0e
SHA256e6a8c3aaff1244e46036c9f771ab5fdc6ead9847b310fa1c37fd5b21554f359f
SHA5125ed8eebf625eed3873acbcbfae7d47f7cb936926c8041880c4f3262f94317771a37431bcc46a7975910c01a9125cc16fb69d0308a2779c35c61b85ab533a7ff0
-
\Program Files\7-Zip\backup.exeFilesize
72KB
MD5185479ba50ad96d6524f85536f03c7d8
SHA156a3e95cb7049fe0e68634aaa11ac11a8fd9719e
SHA2569757457030011825cd49c0e5b89bd63aa4fe7831e26d170e6a8cf3ea5b06ff91
SHA51278fa37dca6282c94d1b045acd982e1da46c5d24716fcd01501c863b89053bd997b16c34ad1de427cc6fc1df35919ec0e268996181c7f9d714f372b55867b5de9
-
\Program Files\7-Zip\backup.exeFilesize
72KB
MD5185479ba50ad96d6524f85536f03c7d8
SHA156a3e95cb7049fe0e68634aaa11ac11a8fd9719e
SHA2569757457030011825cd49c0e5b89bd63aa4fe7831e26d170e6a8cf3ea5b06ff91
SHA51278fa37dca6282c94d1b045acd982e1da46c5d24716fcd01501c863b89053bd997b16c34ad1de427cc6fc1df35919ec0e268996181c7f9d714f372b55867b5de9
-
\Program Files\Common Files\Microsoft Shared\Filters\backup.exeFilesize
72KB
MD58c2ad354b0c1b32050a430badf9e16fc
SHA1fb77f97e9c8ccb8cf7626034fadf07952e904cb6
SHA2565ca0ad9fb071e457cfaa51b75f64c3fa35812286fafb0c7ae863350858296c41
SHA5122a10af637200c86a25ee3f5f1ed783163a882446bf5e677bcbfba1dcc70bc661de99f0a1ebef76bcb662e7aa9b02fdfd7987174ba281c50a388562712f1858df
-
\Program Files\Common Files\Microsoft Shared\Filters\backup.exeFilesize
72KB
MD58c2ad354b0c1b32050a430badf9e16fc
SHA1fb77f97e9c8ccb8cf7626034fadf07952e904cb6
SHA2565ca0ad9fb071e457cfaa51b75f64c3fa35812286fafb0c7ae863350858296c41
SHA5122a10af637200c86a25ee3f5f1ed783163a882446bf5e677bcbfba1dcc70bc661de99f0a1ebef76bcb662e7aa9b02fdfd7987174ba281c50a388562712f1858df
-
\Program Files\Common Files\Microsoft Shared\backup.exeFilesize
72KB
MD5993234e824154d7ff3d8b43a0a3221fd
SHA12a56710e53be3f586ee0ffcbcfe90ea71470783c
SHA2563a0ec440e6b7bc7dde53495c68d40b0ba4c9278634e40d4af96acd872a0df5ce
SHA512a6eb376eba783cb0c911413ab92cee3299ed1821bfa896fd51498d8168962eb89789a6ef1609d56f1705e6bfce64212b4ffb7017e6d13fe3dbe08cafeddfd149
-
\Program Files\Common Files\Microsoft Shared\backup.exeFilesize
72KB
MD5993234e824154d7ff3d8b43a0a3221fd
SHA12a56710e53be3f586ee0ffcbcfe90ea71470783c
SHA2563a0ec440e6b7bc7dde53495c68d40b0ba4c9278634e40d4af96acd872a0df5ce
SHA512a6eb376eba783cb0c911413ab92cee3299ed1821bfa896fd51498d8168962eb89789a6ef1609d56f1705e6bfce64212b4ffb7017e6d13fe3dbe08cafeddfd149
-
\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exeFilesize
72KB
MD521d6f4bfee6f15fb7753f9fe02a6606b
SHA11f02d7ee42b289b092ff947cded7c6df6d73b1ae
SHA256fac8f945dcd6539bfba1252b344f95226302d0666459ed166f025e56c82ff879
SHA51247634b3fb152afbdd5ac32f5ab735e7a2559aa8de14e7749aa87f5c1bb6a0a2f1b34c3a4186211bb35dd6431cd3a2dfa5f0f67412ba9400778def0fc04465118
-
\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exeFilesize
72KB
MD521d6f4bfee6f15fb7753f9fe02a6606b
SHA11f02d7ee42b289b092ff947cded7c6df6d73b1ae
SHA256fac8f945dcd6539bfba1252b344f95226302d0666459ed166f025e56c82ff879
SHA51247634b3fb152afbdd5ac32f5ab735e7a2559aa8de14e7749aa87f5c1bb6a0a2f1b34c3a4186211bb35dd6431cd3a2dfa5f0f67412ba9400778def0fc04465118
-
\Program Files\Common Files\Microsoft Shared\ink\backup.exeFilesize
72KB
MD58c2ad354b0c1b32050a430badf9e16fc
SHA1fb77f97e9c8ccb8cf7626034fadf07952e904cb6
SHA2565ca0ad9fb071e457cfaa51b75f64c3fa35812286fafb0c7ae863350858296c41
SHA5122a10af637200c86a25ee3f5f1ed783163a882446bf5e677bcbfba1dcc70bc661de99f0a1ebef76bcb662e7aa9b02fdfd7987174ba281c50a388562712f1858df
-
\Program Files\Common Files\Microsoft Shared\ink\backup.exeFilesize
72KB
MD58c2ad354b0c1b32050a430badf9e16fc
SHA1fb77f97e9c8ccb8cf7626034fadf07952e904cb6
SHA2565ca0ad9fb071e457cfaa51b75f64c3fa35812286fafb0c7ae863350858296c41
SHA5122a10af637200c86a25ee3f5f1ed783163a882446bf5e677bcbfba1dcc70bc661de99f0a1ebef76bcb662e7aa9b02fdfd7987174ba281c50a388562712f1858df
-
\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exeFilesize
72KB
MD521d6f4bfee6f15fb7753f9fe02a6606b
SHA11f02d7ee42b289b092ff947cded7c6df6d73b1ae
SHA256fac8f945dcd6539bfba1252b344f95226302d0666459ed166f025e56c82ff879
SHA51247634b3fb152afbdd5ac32f5ab735e7a2559aa8de14e7749aa87f5c1bb6a0a2f1b34c3a4186211bb35dd6431cd3a2dfa5f0f67412ba9400778def0fc04465118
-
\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exeFilesize
72KB
MD521d6f4bfee6f15fb7753f9fe02a6606b
SHA11f02d7ee42b289b092ff947cded7c6df6d73b1ae
SHA256fac8f945dcd6539bfba1252b344f95226302d0666459ed166f025e56c82ff879
SHA51247634b3fb152afbdd5ac32f5ab735e7a2559aa8de14e7749aa87f5c1bb6a0a2f1b34c3a4186211bb35dd6431cd3a2dfa5f0f67412ba9400778def0fc04465118
-
\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exeFilesize
72KB
MD521d6f4bfee6f15fb7753f9fe02a6606b
SHA11f02d7ee42b289b092ff947cded7c6df6d73b1ae
SHA256fac8f945dcd6539bfba1252b344f95226302d0666459ed166f025e56c82ff879
SHA51247634b3fb152afbdd5ac32f5ab735e7a2559aa8de14e7749aa87f5c1bb6a0a2f1b34c3a4186211bb35dd6431cd3a2dfa5f0f67412ba9400778def0fc04465118
-
\Program Files\Common Files\backup.exeFilesize
72KB
MD5185479ba50ad96d6524f85536f03c7d8
SHA156a3e95cb7049fe0e68634aaa11ac11a8fd9719e
SHA2569757457030011825cd49c0e5b89bd63aa4fe7831e26d170e6a8cf3ea5b06ff91
SHA51278fa37dca6282c94d1b045acd982e1da46c5d24716fcd01501c863b89053bd997b16c34ad1de427cc6fc1df35919ec0e268996181c7f9d714f372b55867b5de9
-
\Program Files\Common Files\backup.exeFilesize
72KB
MD5185479ba50ad96d6524f85536f03c7d8
SHA156a3e95cb7049fe0e68634aaa11ac11a8fd9719e
SHA2569757457030011825cd49c0e5b89bd63aa4fe7831e26d170e6a8cf3ea5b06ff91
SHA51278fa37dca6282c94d1b045acd982e1da46c5d24716fcd01501c863b89053bd997b16c34ad1de427cc6fc1df35919ec0e268996181c7f9d714f372b55867b5de9
-
\Program Files\backup.exeFilesize
72KB
MD53c584e04015b55e0056e91bc0441c97b
SHA113527fa8733da0778a8ffff05365ab190564ae11
SHA2560850abe9060956159bf887abd6d944287a194fe110077ce707c7dd5dc0037a08
SHA51259afee4bde375421e4ba9b5f2a57133371774e5cf2e13290e8de5f88596c0a3e65a6e9f0495e76ffa8fe3dc6760f37b237ba2879849c51fb82d706be4d2c26b9
-
\Program Files\backup.exeFilesize
72KB
MD53c584e04015b55e0056e91bc0441c97b
SHA113527fa8733da0778a8ffff05365ab190564ae11
SHA2560850abe9060956159bf887abd6d944287a194fe110077ce707c7dd5dc0037a08
SHA51259afee4bde375421e4ba9b5f2a57133371774e5cf2e13290e8de5f88596c0a3e65a6e9f0495e76ffa8fe3dc6760f37b237ba2879849c51fb82d706be4d2c26b9
-
\Users\Admin\AppData\Local\Temp\848848657\backup.exeFilesize
72KB
MD52262c8e054050f397adfa4d17c208eaf
SHA122da8ddfc2ac370ba0016eaf537e9b0fb6fcfede
SHA256fe4328e26543290efc3f6d419badfed2ec6d52373c3f2bd274fccd284983fb53
SHA512e5cb3b5feab4ae1d595c5099642b8a4a48ee25871794462666718f1628e7bca13dc6d8a134bb3ef9d2273b6747a55313bb7f43d70e7ef2c890fcc5d0414ec3fe
-
\Users\Admin\AppData\Local\Temp\848848657\backup.exeFilesize
72KB
MD52262c8e054050f397adfa4d17c208eaf
SHA122da8ddfc2ac370ba0016eaf537e9b0fb6fcfede
SHA256fe4328e26543290efc3f6d419badfed2ec6d52373c3f2bd274fccd284983fb53
SHA512e5cb3b5feab4ae1d595c5099642b8a4a48ee25871794462666718f1628e7bca13dc6d8a134bb3ef9d2273b6747a55313bb7f43d70e7ef2c890fcc5d0414ec3fe
-
\Users\Admin\AppData\Local\Temp\Low\backup.exeFilesize
72KB
MD52262c8e054050f397adfa4d17c208eaf
SHA122da8ddfc2ac370ba0016eaf537e9b0fb6fcfede
SHA256fe4328e26543290efc3f6d419badfed2ec6d52373c3f2bd274fccd284983fb53
SHA512e5cb3b5feab4ae1d595c5099642b8a4a48ee25871794462666718f1628e7bca13dc6d8a134bb3ef9d2273b6747a55313bb7f43d70e7ef2c890fcc5d0414ec3fe
-
\Users\Admin\AppData\Local\Temp\Low\backup.exeFilesize
72KB
MD52262c8e054050f397adfa4d17c208eaf
SHA122da8ddfc2ac370ba0016eaf537e9b0fb6fcfede
SHA256fe4328e26543290efc3f6d419badfed2ec6d52373c3f2bd274fccd284983fb53
SHA512e5cb3b5feab4ae1d595c5099642b8a4a48ee25871794462666718f1628e7bca13dc6d8a134bb3ef9d2273b6747a55313bb7f43d70e7ef2c890fcc5d0414ec3fe
-
\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exeFilesize
72KB
MD52262c8e054050f397adfa4d17c208eaf
SHA122da8ddfc2ac370ba0016eaf537e9b0fb6fcfede
SHA256fe4328e26543290efc3f6d419badfed2ec6d52373c3f2bd274fccd284983fb53
SHA512e5cb3b5feab4ae1d595c5099642b8a4a48ee25871794462666718f1628e7bca13dc6d8a134bb3ef9d2273b6747a55313bb7f43d70e7ef2c890fcc5d0414ec3fe
-
\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exeFilesize
72KB
MD52262c8e054050f397adfa4d17c208eaf
SHA122da8ddfc2ac370ba0016eaf537e9b0fb6fcfede
SHA256fe4328e26543290efc3f6d419badfed2ec6d52373c3f2bd274fccd284983fb53
SHA512e5cb3b5feab4ae1d595c5099642b8a4a48ee25871794462666718f1628e7bca13dc6d8a134bb3ef9d2273b6747a55313bb7f43d70e7ef2c890fcc5d0414ec3fe
-
\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exeFilesize
72KB
MD5ac117a249c94ecf6caa72a6fb711b873
SHA107f7f1c83426310fb285e26e67f1450b4279eeb2
SHA2562e5062b57bb2a75e37f12bcacc54c768a95d52cea0d4c605638d7883244b2fce
SHA512cac81029efe08fb637bbf7adcb6850cae3c4e7666cb4fa2e53b63a33773d193caa6a193da1b12cb1a526df814d3cb25fcb8f7a38324d9ec2021a42317cc18d97
-
\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exeFilesize
72KB
MD5ac117a249c94ecf6caa72a6fb711b873
SHA107f7f1c83426310fb285e26e67f1450b4279eeb2
SHA2562e5062b57bb2a75e37f12bcacc54c768a95d52cea0d4c605638d7883244b2fce
SHA512cac81029efe08fb637bbf7adcb6850cae3c4e7666cb4fa2e53b63a33773d193caa6a193da1b12cb1a526df814d3cb25fcb8f7a38324d9ec2021a42317cc18d97
-
\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeFilesize
72KB
MD5ac117a249c94ecf6caa72a6fb711b873
SHA107f7f1c83426310fb285e26e67f1450b4279eeb2
SHA2562e5062b57bb2a75e37f12bcacc54c768a95d52cea0d4c605638d7883244b2fce
SHA512cac81029efe08fb637bbf7adcb6850cae3c4e7666cb4fa2e53b63a33773d193caa6a193da1b12cb1a526df814d3cb25fcb8f7a38324d9ec2021a42317cc18d97
-
\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeFilesize
72KB
MD5ac117a249c94ecf6caa72a6fb711b873
SHA107f7f1c83426310fb285e26e67f1450b4279eeb2
SHA2562e5062b57bb2a75e37f12bcacc54c768a95d52cea0d4c605638d7883244b2fce
SHA512cac81029efe08fb637bbf7adcb6850cae3c4e7666cb4fa2e53b63a33773d193caa6a193da1b12cb1a526df814d3cb25fcb8f7a38324d9ec2021a42317cc18d97
-
\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeFilesize
72KB
MD52262c8e054050f397adfa4d17c208eaf
SHA122da8ddfc2ac370ba0016eaf537e9b0fb6fcfede
SHA256fe4328e26543290efc3f6d419badfed2ec6d52373c3f2bd274fccd284983fb53
SHA512e5cb3b5feab4ae1d595c5099642b8a4a48ee25871794462666718f1628e7bca13dc6d8a134bb3ef9d2273b6747a55313bb7f43d70e7ef2c890fcc5d0414ec3fe
-
\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeFilesize
72KB
MD52262c8e054050f397adfa4d17c208eaf
SHA122da8ddfc2ac370ba0016eaf537e9b0fb6fcfede
SHA256fe4328e26543290efc3f6d419badfed2ec6d52373c3f2bd274fccd284983fb53
SHA512e5cb3b5feab4ae1d595c5099642b8a4a48ee25871794462666718f1628e7bca13dc6d8a134bb3ef9d2273b6747a55313bb7f43d70e7ef2c890fcc5d0414ec3fe
-
\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeFilesize
72KB
MD5ac117a249c94ecf6caa72a6fb711b873
SHA107f7f1c83426310fb285e26e67f1450b4279eeb2
SHA2562e5062b57bb2a75e37f12bcacc54c768a95d52cea0d4c605638d7883244b2fce
SHA512cac81029efe08fb637bbf7adcb6850cae3c4e7666cb4fa2e53b63a33773d193caa6a193da1b12cb1a526df814d3cb25fcb8f7a38324d9ec2021a42317cc18d97
-
\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeFilesize
72KB
MD5ac117a249c94ecf6caa72a6fb711b873
SHA107f7f1c83426310fb285e26e67f1450b4279eeb2
SHA2562e5062b57bb2a75e37f12bcacc54c768a95d52cea0d4c605638d7883244b2fce
SHA512cac81029efe08fb637bbf7adcb6850cae3c4e7666cb4fa2e53b63a33773d193caa6a193da1b12cb1a526df814d3cb25fcb8f7a38324d9ec2021a42317cc18d97
-
memory/268-259-0x0000000000000000-mapping.dmp
-
memory/300-219-0x0000000000000000-mapping.dmp
-
memory/308-222-0x0000000000000000-mapping.dmp
-
memory/320-262-0x0000000000000000-mapping.dmp
-
memory/320-64-0x0000000000000000-mapping.dmp
-
memory/328-237-0x0000000000000000-mapping.dmp
-
memory/432-228-0x0000000000000000-mapping.dmp
-
memory/560-274-0x0000000000000000-mapping.dmp
-
memory/568-179-0x0000000000000000-mapping.dmp
-
memory/572-70-0x0000000000000000-mapping.dmp
-
memory/592-201-0x0000000000000000-mapping.dmp
-
memory/592-286-0x0000000000000000-mapping.dmp
-
memory/608-249-0x0000000000000000-mapping.dmp
-
memory/824-301-0x0000000000000000-mapping.dmp
-
memory/828-76-0x0000000000000000-mapping.dmp
-
memory/888-243-0x0000000000000000-mapping.dmp
-
memory/892-253-0x0000000000000000-mapping.dmp
-
memory/996-58-0x0000000000000000-mapping.dmp
-
memory/1052-106-0x0000000000000000-mapping.dmp
-
memory/1060-282-0x0000000000000000-mapping.dmp
-
memory/1096-287-0x0000000000000000-mapping.dmp
-
memory/1108-174-0x0000000000000000-mapping.dmp
-
memory/1136-119-0x0000000000000000-mapping.dmp
-
memory/1160-100-0x0000000000000000-mapping.dmp
-
memory/1184-225-0x0000000000000000-mapping.dmp
-
memory/1232-240-0x0000000000000000-mapping.dmp
-
memory/1280-231-0x0000000000000000-mapping.dmp
-
memory/1352-195-0x0000000000000000-mapping.dmp
-
memory/1352-280-0x0000000000000000-mapping.dmp
-
memory/1380-155-0x0000000000000000-mapping.dmp
-
memory/1436-268-0x0000000000000000-mapping.dmp
-
memory/1440-265-0x0000000000000000-mapping.dmp
-
memory/1468-277-0x0000000000000000-mapping.dmp
-
memory/1468-191-0x0000000000000000-mapping.dmp
-
memory/1516-82-0x0000000000000000-mapping.dmp
-
memory/1536-213-0x0000000000000000-mapping.dmp
-
memory/1536-296-0x0000000000000000-mapping.dmp
-
memory/1544-198-0x0000000000000000-mapping.dmp
-
memory/1596-204-0x0000000000000000-mapping.dmp
-
memory/1608-250-0x0000000000000000-mapping.dmp
-
memory/1636-295-0x0000000000000000-mapping.dmp
-
memory/1640-88-0x0000000000000000-mapping.dmp
-
memory/1652-207-0x0000000000000000-mapping.dmp
-
memory/1656-304-0x0000000000000000-mapping.dmp
-
memory/1668-134-0x0000000000000000-mapping.dmp
-
memory/1672-140-0x0000000000000000-mapping.dmp
-
memory/1700-307-0x0000000000000000-mapping.dmp
-
memory/1748-168-0x0000000000000000-mapping.dmp
-
memory/1748-256-0x0000000000000000-mapping.dmp
-
memory/1772-246-0x0000000000000000-mapping.dmp
-
memory/1784-161-0x0000000000000000-mapping.dmp
-
memory/1788-185-0x0000000000000000-mapping.dmp
-
memory/1840-127-0x0000000000000000-mapping.dmp
-
memory/1888-182-0x0000000000000000-mapping.dmp
-
memory/1916-292-0x0000000000000000-mapping.dmp
-
memory/1924-188-0x0000000000000000-mapping.dmp
-
memory/1928-210-0x0000000000000000-mapping.dmp
-
memory/1932-271-0x0000000000000000-mapping.dmp
-
memory/1936-92-0x0000000000000000-mapping.dmp
-
memory/1956-120-0x0000000075DF1000-0x0000000075DF3000-memory.dmpFilesize
8KB
-
memory/1956-150-0x0000000074B91000-0x0000000074B93000-memory.dmpFilesize
8KB
-
memory/2000-113-0x0000000000000000-mapping.dmp
-
memory/2004-216-0x0000000000000000-mapping.dmp
-
memory/2012-234-0x0000000000000000-mapping.dmp
-
memory/2032-308-0x0000000000000000-mapping.dmp
-
memory/2036-147-0x0000000000000000-mapping.dmp