Overview

overview

10

Static

static

2c474479d4...f0.exe

windows7-x64

10

2c474479d4...f0.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    252s
  • max time network
    336s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    29/11/2022, 14:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2c474479d41914214db1a52619fa56b741310708aa0d50a9b94ddf2501a54df0.exe

  • Size

    72KB

  • MD5

    04bcd39be011d2e07e736573d74802fe

  • SHA1

    7ae9f84e5be856a0c9a51b8516c6eddad00df8d9

  • SHA256

    2c474479d41914214db1a52619fa56b741310708aa0d50a9b94ddf2501a54df0

  • SHA512

    e432030174543463a2261476291a53a1604b372937c8bddac77cf7a07d7e466f6a819b2d0b521cacdb04fe4f16bc0177581d00f0fc7d5d31345cad1aa1be1b61

  • SSDEEP

    384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf23:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrPD

Score
10/10
evasion

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 36 IoCs
    evasion
  • Disables RegEdit via registry modification 64 IoCs
    evasion
  • Executes dropped EXE 60 IoCs
  • Loads dropped DLL 64 IoCs
  • Drops file in Program Files directory 48 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 61 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 64 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\2c474479d41914214db1a52619fa56b741310708aa0d50a9b94ddf2501a54df0.exe
    "C:\Users\Admin\AppData\Local\Temp\2c474479d41914214db1a52619fa56b741310708aa0d50a9b94ddf2501a54df0.exe"
    1⤵
    • Modifies visibility of file extensions in Explorer
    • Disables RegEdit via registry modification
    • Loads dropped DLL
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:692
    • C:\Users\Admin\AppData\Local\Temp\3183229442\backup.exe
      C:\Users\Admin\AppData\Local\Temp\3183229442\backup.exe C:\Users\Admin\AppData\Local\Temp\3183229442\
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      • System policy modification
      PID:1472
      • C:\backup.exe
        \backup.exe \
        3⤵
        • Modifies visibility of file extensions in Explorer
        • Disables RegEdit via registry modification
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        • System policy modification
        PID:1536
        • C:\PerfLogs\System Restore.exe
          "C:\PerfLogs\System Restore.exe" C:\PerfLogs\
          4⤵
          • Modifies visibility of file extensions in Explorer
          • Disables RegEdit via registry modification
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          • System policy modification
          PID:804
          • C:\PerfLogs\Admin\backup.exe
            C:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\
            5⤵
            • Modifies visibility of file extensions in Explorer
            • Disables RegEdit via registry modification
            • Executes dropped EXE
            • Suspicious use of SetWindowsHookEx
            • System policy modification
            PID:1708
        • C:\Program Files\backup.exe
          "C:\Program Files\backup.exe" C:\Program Files\
          4⤵
          • Modifies visibility of file extensions in Explorer
          • Disables RegEdit via registry modification
          • Executes dropped EXE
          • Loads dropped DLL
          • Drops file in Program Files directory
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          • System policy modification
          PID:1304
          • C:\Program Files\7-Zip\backup.exe
            "C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\
            5⤵
            • Modifies visibility of file extensions in Explorer
            • Disables RegEdit via registry modification
            • Executes dropped EXE
            • Loads dropped DLL
            • Drops file in Program Files directory
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            • System policy modification
            PID:1964
            • C:\Program Files\7-Zip\Lang\backup.exe
              "C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\
              6⤵
              • Modifies visibility of file extensions in Explorer
              • Disables RegEdit via registry modification
              • Executes dropped EXE
              • Suspicious use of SetWindowsHookEx
              • System policy modification
              PID:1912
          • C:\Program Files\Common Files\backup.exe
            "C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\
            5⤵
            • Modifies visibility of file extensions in Explorer
            • Disables RegEdit via registry modification
            • Executes dropped EXE
            • Loads dropped DLL
            • Drops file in Program Files directory
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            • System policy modification
            PID:1240
            • C:\Program Files\Common Files\Microsoft Shared\backup.exe
              "C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\
              6⤵
              • Modifies visibility of file extensions in Explorer
              • Disables RegEdit via registry modification
              • Executes dropped EXE
              • Loads dropped DLL
              • Drops file in Program Files directory
              • Suspicious use of SetWindowsHookEx
              • Suspicious use of WriteProcessMemory
              • System policy modification
              PID:1460
              • C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe
                "C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\
                7⤵
                • Modifies visibility of file extensions in Explorer
                • Disables RegEdit via registry modification
                • Executes dropped EXE
                • Suspicious use of SetWindowsHookEx
                • System policy modification
                PID:1176
              • C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe
                "C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\
                7⤵
                • Modifies visibility of file extensions in Explorer
                • Disables RegEdit via registry modification
                • Executes dropped EXE
                • Loads dropped DLL
                • Drops file in Program Files directory
                • Suspicious use of SetWindowsHookEx
                • System policy modification
                PID:1872
                • C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  • Disables RegEdit via registry modification
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:816
                • C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\update.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  • Disables RegEdit via registry modification
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:1696
                • C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  • Disables RegEdit via registry modification
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:1524
                • C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\data.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  • Disables RegEdit via registry modification
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  PID:1528
                • C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  • Disables RegEdit via registry modification
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:1204
                • C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  • Disables RegEdit via registry modification
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:1140
                • C:\Program Files\Common Files\Microsoft Shared\ink\en-US\update.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\en-US\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  • Disables RegEdit via registry modification
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:1936
                • C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  • Disables RegEdit via registry modification
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  PID:1928
                • C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  • Disables RegEdit via registry modification
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:532
                • C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  • Disables RegEdit via registry modification
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:1372
                • C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\
                  8⤵
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  PID:1884
                • C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\update.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\
                  8⤵
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  PID:824
                • C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\
                  8⤵
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  PID:1892
                • C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\
                  8⤵
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  PID:1728
              • C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe
                "C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\
                7⤵
                • Executes dropped EXE
                • Suspicious use of SetWindowsHookEx
                PID:2008
              • C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe
                "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\
                7⤵
                • Executes dropped EXE
                • Suspicious use of SetWindowsHookEx
                PID:1528
              • C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe
                "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\
                7⤵
                • Executes dropped EXE
                • Suspicious use of SetWindowsHookEx
                PID:1368
            • C:\Program Files\Common Files\Services\backup.exe
              "C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\
              6⤵
              • Modifies visibility of file extensions in Explorer
              • Disables RegEdit via registry modification
              • Executes dropped EXE
              • Suspicious use of SetWindowsHookEx
              PID:644
            • C:\Program Files\Common Files\SpeechEngines\backup.exe
              "C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\
              6⤵
              • Executes dropped EXE
              • Suspicious use of SetWindowsHookEx
              PID:936
            • C:\Program Files\Common Files\System\backup.exe
              "C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\
              6⤵
              • Executes dropped EXE
              • Suspicious use of SetWindowsHookEx
              PID:2024
          • C:\Program Files\DVD Maker\backup.exe
            "C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\
            5⤵
            • Modifies visibility of file extensions in Explorer
            • Disables RegEdit via registry modification
            • Executes dropped EXE
            • Drops file in Program Files directory
            • Suspicious use of SetWindowsHookEx
            • System policy modification
            PID:852
            • C:\Program Files\DVD Maker\de-DE\backup.exe
              "C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\
              6⤵
              • Executes dropped EXE
              • Suspicious use of SetWindowsHookEx
              PID:804
          • C:\Program Files\Google\backup.exe
            "C:\Program Files\Google\backup.exe" C:\Program Files\Google\
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetWindowsHookEx
            PID:1448
          • C:\Program Files\Internet Explorer\backup.exe
            "C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetWindowsHookEx
            PID:1944
          • C:\Program Files\Java\backup.exe
            "C:\Program Files\Java\backup.exe" C:\Program Files\Java\
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetWindowsHookEx
            PID:1584
        • C:\Program Files (x86)\backup.exe
          "C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\
          4⤵
          • Modifies visibility of file extensions in Explorer
          • Disables RegEdit via registry modification
          • Executes dropped EXE
          • Loads dropped DLL
          • Drops file in Program Files directory
          • Suspicious use of SetWindowsHookEx
          • System policy modification
          PID:1544
          • C:\Program Files (x86)\Adobe\backup.exe
            "C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\
            5⤵
            • Modifies visibility of file extensions in Explorer
            • Disables RegEdit via registry modification
            • Executes dropped EXE
            • Loads dropped DLL
            • Drops file in Program Files directory
            • Suspicious use of SetWindowsHookEx
            • System policy modification
            PID:1704
            • C:\Program Files (x86)\Adobe\Reader 9.0\update.exe
              "C:\Program Files (x86)\Adobe\Reader 9.0\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\
              6⤵
              • Modifies visibility of file extensions in Explorer
              • Disables RegEdit via registry modification
              • Executes dropped EXE
              • Loads dropped DLL
              • Drops file in Program Files directory
              • Suspicious use of SetWindowsHookEx
              • System policy modification
              PID:2044
              • C:\Program Files (x86)\Adobe\Reader 9.0\Esl\System Restore.exe
                "C:\Program Files (x86)\Adobe\Reader 9.0\Esl\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\
                7⤵
                • Modifies visibility of file extensions in Explorer
                • Disables RegEdit via registry modification
                • Executes dropped EXE
                • Loads dropped DLL
                • Suspicious use of SetWindowsHookEx
                • System policy modification
                PID:1584
              • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe
                "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\
                7⤵
                • Modifies visibility of file extensions in Explorer
                • Disables RegEdit via registry modification
                • Executes dropped EXE
                • Drops file in Program Files directory
                • Suspicious use of SetWindowsHookEx
                • System policy modification
                PID:1220
                • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe
                  "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\
                  8⤵
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  PID:1616
                • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe
                  "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\
                  8⤵
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  PID:1500
                • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe
                  "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\
                  8⤵
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  PID:1468
                • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe
                  "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\
                  8⤵
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  PID:1684
              • C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe
                "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\
                7⤵
                • Modifies visibility of file extensions in Explorer
                • Disables RegEdit via registry modification
                • Executes dropped EXE
                • Suspicious use of SetWindowsHookEx
                • System policy modification
                PID:1692
              • C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe
                "C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\
                7⤵
                • Executes dropped EXE
                • Suspicious use of SetWindowsHookEx
                PID:2028
          • C:\Program Files (x86)\Common Files\backup.exe
            "C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\
            5⤵
            • Modifies visibility of file extensions in Explorer
            • Disables RegEdit via registry modification
            • Executes dropped EXE
            • Drops file in Program Files directory
            • Suspicious use of SetWindowsHookEx
            • System policy modification
            PID:316
            • C:\Program Files (x86)\Common Files\Adobe\backup.exe
              "C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\
              6⤵
              • Executes dropped EXE
              • Suspicious use of SetWindowsHookEx
              PID:1928
          • C:\Program Files (x86)\Google\backup.exe
            "C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetWindowsHookEx
            PID:1960
          • C:\Program Files (x86)\Internet Explorer\backup.exe
            "C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetWindowsHookEx
            PID:960
          • C:\Program Files (x86)\Microsoft Analysis Services\backup.exe
            "C:\Program Files (x86)\Microsoft Analysis Services\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetWindowsHookEx
            PID:1688
        • C:\Users\backup.exe
          C:\Users\backup.exe C:\Users\
          4⤵
          • Executes dropped EXE
          • Suspicious use of SetWindowsHookEx
          PID:1880
        • C:\Windows\backup.exe
          C:\Windows\backup.exe C:\Windows\
          4⤵
          • Executes dropped EXE
          • Suspicious use of SetWindowsHookEx
          PID:924
    • C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe
      C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • System policy modification
      PID:1572
    • C:\Users\Admin\AppData\Local\Temp\Low\backup.exe
      C:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:872
    • C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe
      "C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • System policy modification
      PID:1684
    • C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe
      "C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • System policy modification
      PID:924
    • C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe
      C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • System policy modification
      PID:2024
    • C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe
      C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • System policy modification
      PID:1336

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PerfLogs\Admin\backup.exe
    Filesize

    72KB

    MD5

    64d1cbac1e02f65d7c8669bb8dd642b9

    SHA1

    d96c6b69a1d5f2cf2a52919ec176bf28a790198f

    SHA256

    0c09440c7ebdce55014a5c5c4f6674ed7ac89d4f3439aa3036bf883140cf5593

    SHA512

    9bc8a1cd32c1522701c99634680ee1a3fd6275535ea0bed46f48c765fb8035cbf0b7d507e8c90b2980e2527e963a47832cd12a78de133a08231ccaf75d9fdf37

    Download Submit

  • C:\PerfLogs\System Restore.exe
    Filesize

    72KB

    MD5

    7066bc77fd04ee8849f46fe229a5c5df

    SHA1

    6a2fc113f22d962e9764891fcb87f5140de853e0

    SHA256

    54720c9a725f47daa9c7756bd53700107e4cff3e98f477852406e8dd6e16f6c2

    SHA512

    1eaed58fe97f7a01d0f12feed3e2da9e4855c401f9dd78587e4cb1b3f4c966a86849c433463df7c303926d8e5ef3108aeec4604eaf961be1efdd3093ef1c353b

    Download Submit

  • C:\PerfLogs\System Restore.exe
    Filesize

    72KB

    MD5

    7066bc77fd04ee8849f46fe229a5c5df

    SHA1

    6a2fc113f22d962e9764891fcb87f5140de853e0

    SHA256

    54720c9a725f47daa9c7756bd53700107e4cff3e98f477852406e8dd6e16f6c2

    SHA512

    1eaed58fe97f7a01d0f12feed3e2da9e4855c401f9dd78587e4cb1b3f4c966a86849c433463df7c303926d8e5ef3108aeec4604eaf961be1efdd3093ef1c353b

    Download Submit

  • C:\Program Files\7-Zip\Lang\backup.exe
    Filesize

    72KB

    MD5

    136062077e87f41d7b9980d40c5f099f

    SHA1

    5afc4ca03d3516c1720ce35b123deed91f4f642c

    SHA256

    74c5d0ac979c86c8852b65beb5674b67904c28a1c45faaf99e24b9e5eac358b3

    SHA512

    24d3052a01ec8e2cf1d5825c20ebdbe053e63b8ed25e2e5ea3b6c9f6cc2c533d86f421f4b2b752f8efda94d4ae45a9e4984a57feb19843c1b7ecb74e1cde4662

    Download Submit

  • C:\Program Files\7-Zip\backup.exe
    Filesize

    72KB

    MD5

    025dc6ac5bf659dcee13a27d39baefb9

    SHA1

    a695a28c8c7fe270e27050c5e74374fd39885f9c

    SHA256

    4520b372e5abe9db9f76157f787a9036a5ab81279113382a695ff653634ed87b

    SHA512

    41c868b3a98b396276c8d137816b20530bc718a4f4f3d36fc8176e6ffc7f747c65574f3486318c06452ea1e5e78aaf07d8ef00725c6289968e6eb76866eadb24

    Download Submit

  • C:\Program Files\7-Zip\backup.exe
    Filesize

    72KB

    MD5

    025dc6ac5bf659dcee13a27d39baefb9

    SHA1

    a695a28c8c7fe270e27050c5e74374fd39885f9c

    SHA256

    4520b372e5abe9db9f76157f787a9036a5ab81279113382a695ff653634ed87b

    SHA512

    41c868b3a98b396276c8d137816b20530bc718a4f4f3d36fc8176e6ffc7f747c65574f3486318c06452ea1e5e78aaf07d8ef00725c6289968e6eb76866eadb24

    Download Submit

  • C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe
    Filesize

    72KB

    MD5

    1a59f7e6a37c7d0f1e4e2f4d3a1e42ab

    SHA1

    6a82f2bee56d72f071d2801c8d99be15fa6f0232

    SHA256

    51c0f537ebf3a2f0f5f9a70e72e65333dfff7ea5bc4ca99e8a34d36f8760262d

    SHA512

    4eac8aec4af93cbcccbbdafeee9ad12ff1266991d80bb629793c55dee0200764cdeda2ee65f69306d76c1d9388baca63e0e7dfd158a7e07c053270c2afe43e42

    Download Submit

  • C:\Program Files\Common Files\Microsoft Shared\backup.exe
    Filesize

    72KB

    MD5

    01f0e9767b6094aca106269ebfc82768

    SHA1

    704eb05bcafa75a7ee4b1cc7e83450777445882b

    SHA256

    5bd00baf0ca76b5a8567e097f8dbac00d11a46baeb1930f2c26d7dbf0d30851f

    SHA512

    cdc3ac0e7e72d16dd180832ae7d8eb15f7b6c17ac4419f96ca7cd38f8484c571fe9a78ea2675fb0370966e74ca1df2526cb9d20c469eb720766e21e28b5af22c

    Download Submit

  • C:\Program Files\Common Files\Microsoft Shared\backup.exe
    Filesize

    72KB

    MD5

    01f0e9767b6094aca106269ebfc82768

    SHA1

    704eb05bcafa75a7ee4b1cc7e83450777445882b

    SHA256

    5bd00baf0ca76b5a8567e097f8dbac00d11a46baeb1930f2c26d7dbf0d30851f

    SHA512

    cdc3ac0e7e72d16dd180832ae7d8eb15f7b6c17ac4419f96ca7cd38f8484c571fe9a78ea2675fb0370966e74ca1df2526cb9d20c469eb720766e21e28b5af22c

    Download Submit

  • C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe
    Filesize

    72KB

    MD5

    45f263f71879b792bf976e8e0573cb78

    SHA1

    fa5574c1578bfac0f1aea729147ffc2cb1393394

    SHA256

    48c24be017d406893ac70d56c451600bbf1f6658a7f37ec524c4e762bf29dc00

    SHA512

    e4e0a001e68f1a0e5be7227b1a3f1b3d83115337751b85d289a28af15f7c776dace8d81283f7c9f1d272caff00bcd69cd1008ed5a2305a56957aa145e578813b

    Download Submit

  • C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe
    Filesize

    72KB

    MD5

    1a59f7e6a37c7d0f1e4e2f4d3a1e42ab

    SHA1

    6a82f2bee56d72f071d2801c8d99be15fa6f0232

    SHA256

    51c0f537ebf3a2f0f5f9a70e72e65333dfff7ea5bc4ca99e8a34d36f8760262d

    SHA512

    4eac8aec4af93cbcccbbdafeee9ad12ff1266991d80bb629793c55dee0200764cdeda2ee65f69306d76c1d9388baca63e0e7dfd158a7e07c053270c2afe43e42

    Download Submit

  • C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe
    Filesize

    72KB

    MD5

    1a59f7e6a37c7d0f1e4e2f4d3a1e42ab

    SHA1

    6a82f2bee56d72f071d2801c8d99be15fa6f0232

    SHA256

    51c0f537ebf3a2f0f5f9a70e72e65333dfff7ea5bc4ca99e8a34d36f8760262d

    SHA512

    4eac8aec4af93cbcccbbdafeee9ad12ff1266991d80bb629793c55dee0200764cdeda2ee65f69306d76c1d9388baca63e0e7dfd158a7e07c053270c2afe43e42

    Download Submit

  • C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\update.exe
    Filesize

    72KB

    MD5

    45f263f71879b792bf976e8e0573cb78

    SHA1

    fa5574c1578bfac0f1aea729147ffc2cb1393394

    SHA256

    48c24be017d406893ac70d56c451600bbf1f6658a7f37ec524c4e762bf29dc00

    SHA512

    e4e0a001e68f1a0e5be7227b1a3f1b3d83115337751b85d289a28af15f7c776dace8d81283f7c9f1d272caff00bcd69cd1008ed5a2305a56957aa145e578813b

    Download Submit

  • C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\update.exe
    Filesize

    72KB

    MD5

    45f263f71879b792bf976e8e0573cb78

    SHA1

    fa5574c1578bfac0f1aea729147ffc2cb1393394

    SHA256

    48c24be017d406893ac70d56c451600bbf1f6658a7f37ec524c4e762bf29dc00

    SHA512

    e4e0a001e68f1a0e5be7227b1a3f1b3d83115337751b85d289a28af15f7c776dace8d81283f7c9f1d272caff00bcd69cd1008ed5a2305a56957aa145e578813b

    Download Submit

  • C:\Program Files\Common Files\backup.exe
    Filesize

    72KB

    MD5

    ce0f28a48eb6c0081458d6075b93ac72

    SHA1

    0630ea04ecf8a45db6f3e5a4c73d117e221d8128

    SHA256

    58f865c9672553f69efe0e8c09050fa094f479407b34c96ce8bf031ba1d13690

    SHA512

    ae8e923158096fbc3340d7f4fc715509f435b8c5c554e4136500fefca99c98d85b2895fd7c1a3e318515e3f9444aad381fa427ce8ca8d3609d2b1e2e27722061

    Download Submit

  • C:\Program Files\Common Files\backup.exe
    Filesize

    72KB

    MD5

    ce0f28a48eb6c0081458d6075b93ac72

    SHA1

    0630ea04ecf8a45db6f3e5a4c73d117e221d8128

    SHA256

    58f865c9672553f69efe0e8c09050fa094f479407b34c96ce8bf031ba1d13690

    SHA512

    ae8e923158096fbc3340d7f4fc715509f435b8c5c554e4136500fefca99c98d85b2895fd7c1a3e318515e3f9444aad381fa427ce8ca8d3609d2b1e2e27722061

    Download Submit

  • C:\Program Files\backup.exe
    Filesize

    72KB

    MD5

    7f28154fded66bc0cfe740ff70061102

    SHA1

    d278452ff76aa1f494c11fae2ae8c3d4301a5725

    SHA256

    158ffeaf01b2c8843c72d08e9b38a9f7ddf7a7f1b9c1bf0ed7a84af6c30d24c0

    SHA512

    23fbde68309ecb5006098c5622d5d383398240d12338ca7e549bc2d273dc722945cdf352781c2ee1f8b954c4f165d8b5b18d832c1a7e8a2dee99783269039dc3

    Download Submit

  • C:\Program Files\backup.exe
    Filesize

    72KB

    MD5

    7f28154fded66bc0cfe740ff70061102

    SHA1

    d278452ff76aa1f494c11fae2ae8c3d4301a5725

    SHA256

    158ffeaf01b2c8843c72d08e9b38a9f7ddf7a7f1b9c1bf0ed7a84af6c30d24c0

    SHA512

    23fbde68309ecb5006098c5622d5d383398240d12338ca7e549bc2d273dc722945cdf352781c2ee1f8b954c4f165d8b5b18d832c1a7e8a2dee99783269039dc3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\3183229442\backup.exe
    Filesize

    72KB

    MD5

    5ff1ff75d93e384b85cd3c1a8b7b8cdb

    SHA1

    404faa35dd543ffcef234b7138d88e5e7fbee346

    SHA256

    d235d53678087e36b6489883d55deee624c7fbc2341b49f70ea9ebda53f42633

    SHA512

    43a73501a08359398f02f36fc3963c111efd4f9fae1c2d4bb814d49c4d21fe9ea107c5271fc97332b272ad6b2a1b8ff89acd1a748a88dc3645ecc1e91e06de87

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\3183229442\backup.exe
    Filesize

    72KB

    MD5

    5ff1ff75d93e384b85cd3c1a8b7b8cdb

    SHA1

    404faa35dd543ffcef234b7138d88e5e7fbee346

    SHA256

    d235d53678087e36b6489883d55deee624c7fbc2341b49f70ea9ebda53f42633

    SHA512

    43a73501a08359398f02f36fc3963c111efd4f9fae1c2d4bb814d49c4d21fe9ea107c5271fc97332b272ad6b2a1b8ff89acd1a748a88dc3645ecc1e91e06de87

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Low\backup.exe
    Filesize

    72KB

    MD5

    5ff1ff75d93e384b85cd3c1a8b7b8cdb

    SHA1

    404faa35dd543ffcef234b7138d88e5e7fbee346

    SHA256

    d235d53678087e36b6489883d55deee624c7fbc2341b49f70ea9ebda53f42633

    SHA512

    43a73501a08359398f02f36fc3963c111efd4f9fae1c2d4bb814d49c4d21fe9ea107c5271fc97332b272ad6b2a1b8ff89acd1a748a88dc3645ecc1e91e06de87

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe
    Filesize

    72KB

    MD5

    857326c3aa3d362f66fc7bf21de340ec

    SHA1

    9a5257fa7df9164a9d0c96061914c70608af11d1

    SHA256

    78167494ad53b7a7133865aea8e25e671264167939b45bd2a7a9f79afe98dce0

    SHA512

    16ce7194a531bd3bea4392425728f31af6dfd594da43b343fd9a8a758e05de07175efc0c79eb360f32a1b23d79596109fab98c64f2f8177b599afdf7a447feed

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe
    Filesize

    72KB

    MD5

    53a08317d6655731ee05f6906d58952f

    SHA1

    9c585987ba06a68ec7f0866d8aff5767cb3463f2

    SHA256

    ddbb174c82a6ca50c4047095b6cb3ad83908e113e47eb6af34bb75fa936a391f

    SHA512

    b64aa37eb5f14952cb73f5233515eb937e9d5c2a4d9a3e2e8ffe98b2e2f5655e310f84a5836a00cbd634c8c9f020f7dfe519adca20f2ce96c1ef651db0a48a3d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe
    Filesize

    72KB

    MD5

    03db9047675f764b1c0b79b47c68da37

    SHA1

    36035dc990210b49b05f46ff7da764a8b86b9f1e

    SHA256

    8f3a4a7b1fc8e44be1628432cf867b66d07f17a7745f125c86b5b102d96cacea

    SHA512

    96432a7ac766ba659f80d7b840cfe9bdfef176f69725985bf0df7da10bde122fe4fe596f6083eeba6ba4df0a7f4be4e6ac2621b626184f6ac661d1e2a7025635

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe
    Filesize

    72KB

    MD5

    5ff1ff75d93e384b85cd3c1a8b7b8cdb

    SHA1

    404faa35dd543ffcef234b7138d88e5e7fbee346

    SHA256

    d235d53678087e36b6489883d55deee624c7fbc2341b49f70ea9ebda53f42633

    SHA512

    43a73501a08359398f02f36fc3963c111efd4f9fae1c2d4bb814d49c4d21fe9ea107c5271fc97332b272ad6b2a1b8ff89acd1a748a88dc3645ecc1e91e06de87

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe
    Filesize

    72KB

    MD5

    59c8cc9927113af2398af5ebde810d36

    SHA1

    1688c9556183e4ff2821ea2e31dd1ea58d73e087

    SHA256

    8b182f3a27d9b6a899eb465619a1062f262b6911c16a66894ae188d5b2f51172

    SHA512

    5bad503075378bceca0a33bd6fb14ed35a2b012ceee6c0880e34ad8af100e17e2253de7279b73611809596d423236c215d3c54d41dcee380bc5df4dc7cc631b8

    Download Submit

  • C:\backup.exe
    Filesize

    72KB

    MD5

    67a2f7b0a25220b8a58d9f5fd7528c81

    SHA1

    235626058fe5db14d5caab31050b7d4b165b26c5

    SHA256

    40aa421dc7271f8ef92a1d62e93dd80fe61ba9eba58d7567038b566e483c4249

    SHA512

    4ab55e45ffe9d9113251ed3da63e32231e153966ab65e07a10371fcc1a5c958e931b44766ff6b6789e06c800ce41c39bb624ec58c80a2e0b012c09020aa7e173

    Download Submit

  • C:\backup.exe
    Filesize

    72KB

    MD5

    67a2f7b0a25220b8a58d9f5fd7528c81

    SHA1

    235626058fe5db14d5caab31050b7d4b165b26c5

    SHA256

    40aa421dc7271f8ef92a1d62e93dd80fe61ba9eba58d7567038b566e483c4249

    SHA512

    4ab55e45ffe9d9113251ed3da63e32231e153966ab65e07a10371fcc1a5c958e931b44766ff6b6789e06c800ce41c39bb624ec58c80a2e0b012c09020aa7e173

    Download Submit

  • \PerfLogs\Admin\backup.exe
    Filesize

    72KB

    MD5

    64d1cbac1e02f65d7c8669bb8dd642b9

    SHA1

    d96c6b69a1d5f2cf2a52919ec176bf28a790198f

    SHA256

    0c09440c7ebdce55014a5c5c4f6674ed7ac89d4f3439aa3036bf883140cf5593

    SHA512

    9bc8a1cd32c1522701c99634680ee1a3fd6275535ea0bed46f48c765fb8035cbf0b7d507e8c90b2980e2527e963a47832cd12a78de133a08231ccaf75d9fdf37

    Download Submit

  • \PerfLogs\Admin\backup.exe
    Filesize

    72KB

    MD5

    64d1cbac1e02f65d7c8669bb8dd642b9

    SHA1

    d96c6b69a1d5f2cf2a52919ec176bf28a790198f

    SHA256

    0c09440c7ebdce55014a5c5c4f6674ed7ac89d4f3439aa3036bf883140cf5593

    SHA512

    9bc8a1cd32c1522701c99634680ee1a3fd6275535ea0bed46f48c765fb8035cbf0b7d507e8c90b2980e2527e963a47832cd12a78de133a08231ccaf75d9fdf37

    Download Submit

  • \PerfLogs\System Restore.exe
    Filesize

    72KB

    MD5

    7066bc77fd04ee8849f46fe229a5c5df

    SHA1

    6a2fc113f22d962e9764891fcb87f5140de853e0

    SHA256

    54720c9a725f47daa9c7756bd53700107e4cff3e98f477852406e8dd6e16f6c2

    SHA512

    1eaed58fe97f7a01d0f12feed3e2da9e4855c401f9dd78587e4cb1b3f4c966a86849c433463df7c303926d8e5ef3108aeec4604eaf961be1efdd3093ef1c353b

    Download Submit

  • \PerfLogs\System Restore.exe
    Filesize

    72KB

    MD5

    7066bc77fd04ee8849f46fe229a5c5df

    SHA1

    6a2fc113f22d962e9764891fcb87f5140de853e0

    SHA256

    54720c9a725f47daa9c7756bd53700107e4cff3e98f477852406e8dd6e16f6c2

    SHA512

    1eaed58fe97f7a01d0f12feed3e2da9e4855c401f9dd78587e4cb1b3f4c966a86849c433463df7c303926d8e5ef3108aeec4604eaf961be1efdd3093ef1c353b

    Download Submit

  • \Program Files\7-Zip\Lang\backup.exe
    Filesize

    72KB

    MD5

    136062077e87f41d7b9980d40c5f099f

    SHA1

    5afc4ca03d3516c1720ce35b123deed91f4f642c

    SHA256

    74c5d0ac979c86c8852b65beb5674b67904c28a1c45faaf99e24b9e5eac358b3

    SHA512

    24d3052a01ec8e2cf1d5825c20ebdbe053e63b8ed25e2e5ea3b6c9f6cc2c533d86f421f4b2b752f8efda94d4ae45a9e4984a57feb19843c1b7ecb74e1cde4662

    Download Submit

  • \Program Files\7-Zip\Lang\backup.exe
    Filesize

    72KB

    MD5

    136062077e87f41d7b9980d40c5f099f

    SHA1

    5afc4ca03d3516c1720ce35b123deed91f4f642c

    SHA256

    74c5d0ac979c86c8852b65beb5674b67904c28a1c45faaf99e24b9e5eac358b3

    SHA512

    24d3052a01ec8e2cf1d5825c20ebdbe053e63b8ed25e2e5ea3b6c9f6cc2c533d86f421f4b2b752f8efda94d4ae45a9e4984a57feb19843c1b7ecb74e1cde4662

    Download Submit

  • \Program Files\7-Zip\backup.exe
    Filesize

    72KB

    MD5

    025dc6ac5bf659dcee13a27d39baefb9

    SHA1

    a695a28c8c7fe270e27050c5e74374fd39885f9c

    SHA256

    4520b372e5abe9db9f76157f787a9036a5ab81279113382a695ff653634ed87b

    SHA512

    41c868b3a98b396276c8d137816b20530bc718a4f4f3d36fc8176e6ffc7f747c65574f3486318c06452ea1e5e78aaf07d8ef00725c6289968e6eb76866eadb24

    Download Submit

  • \Program Files\7-Zip\backup.exe
    Filesize

    72KB

    MD5

    025dc6ac5bf659dcee13a27d39baefb9

    SHA1

    a695a28c8c7fe270e27050c5e74374fd39885f9c

    SHA256

    4520b372e5abe9db9f76157f787a9036a5ab81279113382a695ff653634ed87b

    SHA512

    41c868b3a98b396276c8d137816b20530bc718a4f4f3d36fc8176e6ffc7f747c65574f3486318c06452ea1e5e78aaf07d8ef00725c6289968e6eb76866eadb24

    Download Submit

  • \Program Files\Common Files\Microsoft Shared\Filters\backup.exe
    Filesize

    72KB

    MD5

    1a59f7e6a37c7d0f1e4e2f4d3a1e42ab

    SHA1

    6a82f2bee56d72f071d2801c8d99be15fa6f0232

    SHA256

    51c0f537ebf3a2f0f5f9a70e72e65333dfff7ea5bc4ca99e8a34d36f8760262d

    SHA512

    4eac8aec4af93cbcccbbdafeee9ad12ff1266991d80bb629793c55dee0200764cdeda2ee65f69306d76c1d9388baca63e0e7dfd158a7e07c053270c2afe43e42

    Download Submit

  • \Program Files\Common Files\Microsoft Shared\Filters\backup.exe
    Filesize

    72KB

    MD5

    1a59f7e6a37c7d0f1e4e2f4d3a1e42ab

    SHA1

    6a82f2bee56d72f071d2801c8d99be15fa6f0232

    SHA256

    51c0f537ebf3a2f0f5f9a70e72e65333dfff7ea5bc4ca99e8a34d36f8760262d

    SHA512

    4eac8aec4af93cbcccbbdafeee9ad12ff1266991d80bb629793c55dee0200764cdeda2ee65f69306d76c1d9388baca63e0e7dfd158a7e07c053270c2afe43e42

    Download Submit

  • \Program Files\Common Files\Microsoft Shared\backup.exe
    Filesize

    72KB

    MD5

    01f0e9767b6094aca106269ebfc82768

    SHA1

    704eb05bcafa75a7ee4b1cc7e83450777445882b

    SHA256

    5bd00baf0ca76b5a8567e097f8dbac00d11a46baeb1930f2c26d7dbf0d30851f

    SHA512

    cdc3ac0e7e72d16dd180832ae7d8eb15f7b6c17ac4419f96ca7cd38f8484c571fe9a78ea2675fb0370966e74ca1df2526cb9d20c469eb720766e21e28b5af22c

    Download Submit

  • \Program Files\Common Files\Microsoft Shared\backup.exe
    Filesize

    72KB

    MD5

    01f0e9767b6094aca106269ebfc82768

    SHA1

    704eb05bcafa75a7ee4b1cc7e83450777445882b

    SHA256

    5bd00baf0ca76b5a8567e097f8dbac00d11a46baeb1930f2c26d7dbf0d30851f

    SHA512

    cdc3ac0e7e72d16dd180832ae7d8eb15f7b6c17ac4419f96ca7cd38f8484c571fe9a78ea2675fb0370966e74ca1df2526cb9d20c469eb720766e21e28b5af22c

    Download Submit

  • \Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe
    Filesize

    72KB

    MD5

    45f263f71879b792bf976e8e0573cb78

    SHA1

    fa5574c1578bfac0f1aea729147ffc2cb1393394

    SHA256

    48c24be017d406893ac70d56c451600bbf1f6658a7f37ec524c4e762bf29dc00

    SHA512

    e4e0a001e68f1a0e5be7227b1a3f1b3d83115337751b85d289a28af15f7c776dace8d81283f7c9f1d272caff00bcd69cd1008ed5a2305a56957aa145e578813b

    Download Submit

  • \Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe
    Filesize

    72KB

    MD5

    45f263f71879b792bf976e8e0573cb78

    SHA1

    fa5574c1578bfac0f1aea729147ffc2cb1393394

    SHA256

    48c24be017d406893ac70d56c451600bbf1f6658a7f37ec524c4e762bf29dc00

    SHA512

    e4e0a001e68f1a0e5be7227b1a3f1b3d83115337751b85d289a28af15f7c776dace8d81283f7c9f1d272caff00bcd69cd1008ed5a2305a56957aa145e578813b

    Download Submit

  • \Program Files\Common Files\Microsoft Shared\ink\backup.exe
    Filesize

    72KB

    MD5

    1a59f7e6a37c7d0f1e4e2f4d3a1e42ab

    SHA1

    6a82f2bee56d72f071d2801c8d99be15fa6f0232

    SHA256

    51c0f537ebf3a2f0f5f9a70e72e65333dfff7ea5bc4ca99e8a34d36f8760262d

    SHA512

    4eac8aec4af93cbcccbbdafeee9ad12ff1266991d80bb629793c55dee0200764cdeda2ee65f69306d76c1d9388baca63e0e7dfd158a7e07c053270c2afe43e42

    Download Submit

  • \Program Files\Common Files\Microsoft Shared\ink\backup.exe
    Filesize

    72KB

    MD5

    1a59f7e6a37c7d0f1e4e2f4d3a1e42ab

    SHA1

    6a82f2bee56d72f071d2801c8d99be15fa6f0232

    SHA256

    51c0f537ebf3a2f0f5f9a70e72e65333dfff7ea5bc4ca99e8a34d36f8760262d

    SHA512

    4eac8aec4af93cbcccbbdafeee9ad12ff1266991d80bb629793c55dee0200764cdeda2ee65f69306d76c1d9388baca63e0e7dfd158a7e07c053270c2afe43e42

    Download Submit

  • \Program Files\Common Files\Microsoft Shared\ink\bg-BG\update.exe
    Filesize

    72KB

    MD5

    45f263f71879b792bf976e8e0573cb78

    SHA1

    fa5574c1578bfac0f1aea729147ffc2cb1393394

    SHA256

    48c24be017d406893ac70d56c451600bbf1f6658a7f37ec524c4e762bf29dc00

    SHA512

    e4e0a001e68f1a0e5be7227b1a3f1b3d83115337751b85d289a28af15f7c776dace8d81283f7c9f1d272caff00bcd69cd1008ed5a2305a56957aa145e578813b

    Download Submit

  • \Program Files\Common Files\Microsoft Shared\ink\bg-BG\update.exe
    Filesize

    72KB

    MD5

    45f263f71879b792bf976e8e0573cb78

    SHA1

    fa5574c1578bfac0f1aea729147ffc2cb1393394

    SHA256

    48c24be017d406893ac70d56c451600bbf1f6658a7f37ec524c4e762bf29dc00

    SHA512

    e4e0a001e68f1a0e5be7227b1a3f1b3d83115337751b85d289a28af15f7c776dace8d81283f7c9f1d272caff00bcd69cd1008ed5a2305a56957aa145e578813b

    Download Submit

  • \Program Files\Common Files\backup.exe
    Filesize

    72KB

    MD5

    ce0f28a48eb6c0081458d6075b93ac72

    SHA1

    0630ea04ecf8a45db6f3e5a4c73d117e221d8128

    SHA256

    58f865c9672553f69efe0e8c09050fa094f479407b34c96ce8bf031ba1d13690

    SHA512

    ae8e923158096fbc3340d7f4fc715509f435b8c5c554e4136500fefca99c98d85b2895fd7c1a3e318515e3f9444aad381fa427ce8ca8d3609d2b1e2e27722061

    Download Submit

  • \Program Files\Common Files\backup.exe
    Filesize

    72KB

    MD5

    ce0f28a48eb6c0081458d6075b93ac72

    SHA1

    0630ea04ecf8a45db6f3e5a4c73d117e221d8128

    SHA256

    58f865c9672553f69efe0e8c09050fa094f479407b34c96ce8bf031ba1d13690

    SHA512

    ae8e923158096fbc3340d7f4fc715509f435b8c5c554e4136500fefca99c98d85b2895fd7c1a3e318515e3f9444aad381fa427ce8ca8d3609d2b1e2e27722061

    Download Submit

  • \Program Files\backup.exe
    Filesize

    72KB

    MD5

    7f28154fded66bc0cfe740ff70061102

    SHA1

    d278452ff76aa1f494c11fae2ae8c3d4301a5725

    SHA256

    158ffeaf01b2c8843c72d08e9b38a9f7ddf7a7f1b9c1bf0ed7a84af6c30d24c0

    SHA512

    23fbde68309ecb5006098c5622d5d383398240d12338ca7e549bc2d273dc722945cdf352781c2ee1f8b954c4f165d8b5b18d832c1a7e8a2dee99783269039dc3

    Download Submit

  • \Program Files\backup.exe
    Filesize

    72KB

    MD5

    7f28154fded66bc0cfe740ff70061102

    SHA1

    d278452ff76aa1f494c11fae2ae8c3d4301a5725

    SHA256

    158ffeaf01b2c8843c72d08e9b38a9f7ddf7a7f1b9c1bf0ed7a84af6c30d24c0

    SHA512

    23fbde68309ecb5006098c5622d5d383398240d12338ca7e549bc2d273dc722945cdf352781c2ee1f8b954c4f165d8b5b18d832c1a7e8a2dee99783269039dc3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\3183229442\backup.exe
    Filesize

    72KB

    MD5

    5ff1ff75d93e384b85cd3c1a8b7b8cdb

    SHA1

    404faa35dd543ffcef234b7138d88e5e7fbee346

    SHA256

    d235d53678087e36b6489883d55deee624c7fbc2341b49f70ea9ebda53f42633

    SHA512

    43a73501a08359398f02f36fc3963c111efd4f9fae1c2d4bb814d49c4d21fe9ea107c5271fc97332b272ad6b2a1b8ff89acd1a748a88dc3645ecc1e91e06de87

    Download Submit

  • \Users\Admin\AppData\Local\Temp\3183229442\backup.exe
    Filesize

    72KB

    MD5

    5ff1ff75d93e384b85cd3c1a8b7b8cdb

    SHA1

    404faa35dd543ffcef234b7138d88e5e7fbee346

    SHA256

    d235d53678087e36b6489883d55deee624c7fbc2341b49f70ea9ebda53f42633

    SHA512

    43a73501a08359398f02f36fc3963c111efd4f9fae1c2d4bb814d49c4d21fe9ea107c5271fc97332b272ad6b2a1b8ff89acd1a748a88dc3645ecc1e91e06de87

    Download Submit

  • \Users\Admin\AppData\Local\Temp\Low\backup.exe
    Filesize

    72KB

    MD5

    5ff1ff75d93e384b85cd3c1a8b7b8cdb

    SHA1

    404faa35dd543ffcef234b7138d88e5e7fbee346

    SHA256

    d235d53678087e36b6489883d55deee624c7fbc2341b49f70ea9ebda53f42633

    SHA512

    43a73501a08359398f02f36fc3963c111efd4f9fae1c2d4bb814d49c4d21fe9ea107c5271fc97332b272ad6b2a1b8ff89acd1a748a88dc3645ecc1e91e06de87

    Download Submit

  • \Users\Admin\AppData\Local\Temp\Low\backup.exe
    Filesize

    72KB

    MD5

    5ff1ff75d93e384b85cd3c1a8b7b8cdb

    SHA1

    404faa35dd543ffcef234b7138d88e5e7fbee346

    SHA256

    d235d53678087e36b6489883d55deee624c7fbc2341b49f70ea9ebda53f42633

    SHA512

    43a73501a08359398f02f36fc3963c111efd4f9fae1c2d4bb814d49c4d21fe9ea107c5271fc97332b272ad6b2a1b8ff89acd1a748a88dc3645ecc1e91e06de87

    Download Submit

  • \Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe
    Filesize

    72KB

    MD5

    857326c3aa3d362f66fc7bf21de340ec

    SHA1

    9a5257fa7df9164a9d0c96061914c70608af11d1

    SHA256

    78167494ad53b7a7133865aea8e25e671264167939b45bd2a7a9f79afe98dce0

    SHA512

    16ce7194a531bd3bea4392425728f31af6dfd594da43b343fd9a8a758e05de07175efc0c79eb360f32a1b23d79596109fab98c64f2f8177b599afdf7a447feed

    Download Submit

  • \Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe
    Filesize

    72KB

    MD5

    857326c3aa3d362f66fc7bf21de340ec

    SHA1

    9a5257fa7df9164a9d0c96061914c70608af11d1

    SHA256

    78167494ad53b7a7133865aea8e25e671264167939b45bd2a7a9f79afe98dce0

    SHA512

    16ce7194a531bd3bea4392425728f31af6dfd594da43b343fd9a8a758e05de07175efc0c79eb360f32a1b23d79596109fab98c64f2f8177b599afdf7a447feed

    Download Submit

  • \Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe
    Filesize

    72KB

    MD5

    53a08317d6655731ee05f6906d58952f

    SHA1

    9c585987ba06a68ec7f0866d8aff5767cb3463f2

    SHA256

    ddbb174c82a6ca50c4047095b6cb3ad83908e113e47eb6af34bb75fa936a391f

    SHA512

    b64aa37eb5f14952cb73f5233515eb937e9d5c2a4d9a3e2e8ffe98b2e2f5655e310f84a5836a00cbd634c8c9f020f7dfe519adca20f2ce96c1ef651db0a48a3d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe
    Filesize

    72KB

    MD5

    53a08317d6655731ee05f6906d58952f

    SHA1

    9c585987ba06a68ec7f0866d8aff5767cb3463f2

    SHA256

    ddbb174c82a6ca50c4047095b6cb3ad83908e113e47eb6af34bb75fa936a391f

    SHA512

    b64aa37eb5f14952cb73f5233515eb937e9d5c2a4d9a3e2e8ffe98b2e2f5655e310f84a5836a00cbd634c8c9f020f7dfe519adca20f2ce96c1ef651db0a48a3d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe
    Filesize

    72KB

    MD5

    03db9047675f764b1c0b79b47c68da37

    SHA1

    36035dc990210b49b05f46ff7da764a8b86b9f1e

    SHA256

    8f3a4a7b1fc8e44be1628432cf867b66d07f17a7745f125c86b5b102d96cacea

    SHA512

    96432a7ac766ba659f80d7b840cfe9bdfef176f69725985bf0df7da10bde122fe4fe596f6083eeba6ba4df0a7f4be4e6ac2621b626184f6ac661d1e2a7025635

    Download Submit

  • \Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe
    Filesize

    72KB

    MD5

    03db9047675f764b1c0b79b47c68da37

    SHA1

    36035dc990210b49b05f46ff7da764a8b86b9f1e

    SHA256

    8f3a4a7b1fc8e44be1628432cf867b66d07f17a7745f125c86b5b102d96cacea

    SHA512

    96432a7ac766ba659f80d7b840cfe9bdfef176f69725985bf0df7da10bde122fe4fe596f6083eeba6ba4df0a7f4be4e6ac2621b626184f6ac661d1e2a7025635

    Download Submit

  • \Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe
    Filesize

    72KB

    MD5

    5ff1ff75d93e384b85cd3c1a8b7b8cdb

    SHA1

    404faa35dd543ffcef234b7138d88e5e7fbee346

    SHA256

    d235d53678087e36b6489883d55deee624c7fbc2341b49f70ea9ebda53f42633

    SHA512

    43a73501a08359398f02f36fc3963c111efd4f9fae1c2d4bb814d49c4d21fe9ea107c5271fc97332b272ad6b2a1b8ff89acd1a748a88dc3645ecc1e91e06de87

    Download Submit

  • \Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe
    Filesize

    72KB

    MD5

    5ff1ff75d93e384b85cd3c1a8b7b8cdb

    SHA1

    404faa35dd543ffcef234b7138d88e5e7fbee346

    SHA256

    d235d53678087e36b6489883d55deee624c7fbc2341b49f70ea9ebda53f42633

    SHA512

    43a73501a08359398f02f36fc3963c111efd4f9fae1c2d4bb814d49c4d21fe9ea107c5271fc97332b272ad6b2a1b8ff89acd1a748a88dc3645ecc1e91e06de87

    Download Submit

  • \Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe
    Filesize

    72KB

    MD5

    59c8cc9927113af2398af5ebde810d36

    SHA1

    1688c9556183e4ff2821ea2e31dd1ea58d73e087

    SHA256

    8b182f3a27d9b6a899eb465619a1062f262b6911c16a66894ae188d5b2f51172

    SHA512

    5bad503075378bceca0a33bd6fb14ed35a2b012ceee6c0880e34ad8af100e17e2253de7279b73611809596d423236c215d3c54d41dcee380bc5df4dc7cc631b8

    Download Submit

  • \Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe
    Filesize

    72KB

    MD5

    59c8cc9927113af2398af5ebde810d36

    SHA1

    1688c9556183e4ff2821ea2e31dd1ea58d73e087

    SHA256

    8b182f3a27d9b6a899eb465619a1062f262b6911c16a66894ae188d5b2f51172

    SHA512

    5bad503075378bceca0a33bd6fb14ed35a2b012ceee6c0880e34ad8af100e17e2253de7279b73611809596d423236c215d3c54d41dcee380bc5df4dc7cc631b8

    Download Submit

  • memory/692-151-0x0000000074381000-0x0000000074383000-memory.dmp

    Filesize

    8KB

    Download

  • memory/692-134-0x0000000074E61000-0x0000000074E63000-memory.dmp

    Filesize

    8KB

    Download