Overview

overview

10

Static

static

8d538d8ad8...b6.exe

windows7-x64

10

8d538d8ad8...b6.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    136s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    02/12/2022, 20:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8d538d8ad835529322f11f596a990aaef0dba9bfea17b576e451fadf82b062b6.exe

  • Size

    72KB

  • MD5

    00ab915645ab259270a7b240eed62420

  • SHA1

    c3a8ace8c8fce6fa34d388f259bb81e033cde5da

  • SHA256

    8d538d8ad835529322f11f596a990aaef0dba9bfea17b576e451fadf82b062b6

  • SHA512

    789914e5ff954bbad9a40f12276d8163f1b4a9e00d886d5176035aa5e5244f9af60dbc1852521c30000669832173a840a7c5554b817c6bb7079860d0a5a0ba22

  • SSDEEP

    384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2T:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrPH

Score
10/10
evasion

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 36 IoCs
    evasion
  • Disables RegEdit via registry modification 64 IoCs
    evasion
  • Executes dropped EXE 56 IoCs
  • Loads dropped DLL 64 IoCs
  • Drops file in Program Files directory 42 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 56 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 64 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\8d538d8ad835529322f11f596a990aaef0dba9bfea17b576e451fadf82b062b6.exe
    "C:\Users\Admin\AppData\Local\Temp\8d538d8ad835529322f11f596a990aaef0dba9bfea17b576e451fadf82b062b6.exe"
    1⤵
    • Modifies visibility of file extensions in Explorer
    • Disables RegEdit via registry modification
    • Loads dropped DLL
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:744
    • C:\Users\Admin\AppData\Local\Temp\2651074012\backup.exe
      C:\Users\Admin\AppData\Local\Temp\2651074012\backup.exe C:\Users\Admin\AppData\Local\Temp\2651074012\
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      • System policy modification
      PID:1932
      • C:\backup.exe
        \backup.exe \
        3⤵
        • Modifies visibility of file extensions in Explorer
        • Disables RegEdit via registry modification
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        • System policy modification
        PID:1532
        • C:\PerfLogs\backup.exe
          C:\PerfLogs\backup.exe C:\PerfLogs\
          4⤵
          • Modifies visibility of file extensions in Explorer
          • Disables RegEdit via registry modification
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          • System policy modification
          PID:1364
          • C:\PerfLogs\Admin\backup.exe
            C:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\
            5⤵
            • Modifies visibility of file extensions in Explorer
            • Disables RegEdit via registry modification
            • Executes dropped EXE
            • Suspicious use of SetWindowsHookEx
            • System policy modification
            PID:1204
        • C:\Program Files\backup.exe
          "C:\Program Files\backup.exe" C:\Program Files\
          4⤵
          • Modifies visibility of file extensions in Explorer
          • Disables RegEdit via registry modification
          • Executes dropped EXE
          • Loads dropped DLL
          • Drops file in Program Files directory
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          • System policy modification
          PID:1736
          • C:\Program Files\7-Zip\backup.exe
            "C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\
            5⤵
            • Modifies visibility of file extensions in Explorer
            • Disables RegEdit via registry modification
            • Executes dropped EXE
            • Loads dropped DLL
            • Drops file in Program Files directory
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            • System policy modification
            PID:1104
            • C:\Program Files\7-Zip\Lang\data.exe
              "C:\Program Files\7-Zip\Lang\data.exe" C:\Program Files\7-Zip\Lang\
              6⤵
              • Modifies visibility of file extensions in Explorer
              • Disables RegEdit via registry modification
              • Executes dropped EXE
              • Suspicious use of SetWindowsHookEx
              • System policy modification
              PID:2012
          • C:\Program Files\Common Files\backup.exe
            "C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\
            5⤵
            • Modifies visibility of file extensions in Explorer
            • Disables RegEdit via registry modification
            • Executes dropped EXE
            • Loads dropped DLL
            • Drops file in Program Files directory
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            • System policy modification
            PID:1816
            • C:\Program Files\Common Files\Microsoft Shared\backup.exe
              "C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\
              6⤵
              • Modifies visibility of file extensions in Explorer
              • Disables RegEdit via registry modification
              • Executes dropped EXE
              • Loads dropped DLL
              • Drops file in Program Files directory
              • Suspicious use of SetWindowsHookEx
              • Suspicious use of WriteProcessMemory
              • System policy modification
              PID:1172
              • C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe
                "C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\
                7⤵
                • Modifies visibility of file extensions in Explorer
                • Disables RegEdit via registry modification
                • Executes dropped EXE
                • Suspicious use of SetWindowsHookEx
                • System policy modification
                PID:1676
              • C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe
                "C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\
                7⤵
                • Modifies visibility of file extensions in Explorer
                • Disables RegEdit via registry modification
                • Executes dropped EXE
                • Loads dropped DLL
                • Drops file in Program Files directory
                • Suspicious use of SetWindowsHookEx
                • System policy modification
                PID:948
                • C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  • Disables RegEdit via registry modification
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:1128
                • C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  • Disables RegEdit via registry modification
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:2040
                • C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  • Disables RegEdit via registry modification
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:1992
                • C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  • Disables RegEdit via registry modification
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  PID:908
                • C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  • Disables RegEdit via registry modification
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:1448
                • C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  • Disables RegEdit via registry modification
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:1696
                • C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  • Disables RegEdit via registry modification
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:1444
                • C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  • Disables RegEdit via registry modification
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:776
                • C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  • Disables RegEdit via registry modification
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:1460
                • C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  • Disables RegEdit via registry modification
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:1536
                • C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\
                  8⤵
                  • Modifies visibility of file extensions in Explorer
                  • Disables RegEdit via registry modification
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:340
                • C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe
                  "C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\
                  8⤵
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  PID:1280
                  • C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe
                    "C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\
                    9⤵
                      PID:1756
                  • C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe
                    "C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\
                    8⤵
                      PID:1524
                  • C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe
                    "C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\
                    7⤵
                    • Executes dropped EXE
                    PID:1552
                  • C:\Program Files\Common Files\Microsoft Shared\OFFICE14\data.exe
                    "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\data.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\
                    7⤵
                    • Modifies visibility of file extensions in Explorer
                    • Disables RegEdit via registry modification
                    • Executes dropped EXE
                    • Drops file in Program Files directory
                    • Suspicious use of SetWindowsHookEx
                    • System policy modification
                    PID:1396
                    • C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe
                      "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\
                      8⤵
                      • Executes dropped EXE
                      • Suspicious use of SetWindowsHookEx
                      PID:1644
                  • C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe
                    "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\
                    7⤵
                    • Executes dropped EXE
                    • Suspicious use of SetWindowsHookEx
                    PID:1980
                  • C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe
                    "C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\
                    7⤵
                      PID:1880
                  • C:\Program Files\Common Files\Services\backup.exe
                    "C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\
                    6⤵
                    • Modifies visibility of file extensions in Explorer
                    • Disables RegEdit via registry modification
                    • Executes dropped EXE
                    • Suspicious use of SetWindowsHookEx
                    • System policy modification
                    PID:364
                  • C:\Program Files\Common Files\SpeechEngines\backup.exe
                    "C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\
                    6⤵
                    • Modifies visibility of file extensions in Explorer
                    • Disables RegEdit via registry modification
                    • Executes dropped EXE
                    • Drops file in Program Files directory
                    • Suspicious use of SetWindowsHookEx
                    • System policy modification
                    PID:1204
                    • C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe
                      "C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\
                      7⤵
                      • Executes dropped EXE
                      • Suspicious use of SetWindowsHookEx
                      PID:1004
                  • C:\Program Files\Common Files\System\backup.exe
                    "C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\
                    6⤵
                    • Executes dropped EXE
                    • Suspicious use of SetWindowsHookEx
                    PID:908
                • C:\Program Files\DVD Maker\backup.exe
                  "C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\
                  5⤵
                  • Modifies visibility of file extensions in Explorer
                  • Disables RegEdit via registry modification
                  • Executes dropped EXE
                  • Drops file in Program Files directory
                  • Suspicious use of SetWindowsHookEx
                  • System policy modification
                  PID:524
                  • C:\Program Files\DVD Maker\de-DE\backup.exe
                    "C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\
                    6⤵
                    • Modifies visibility of file extensions in Explorer
                    • Disables RegEdit via registry modification
                    • Executes dropped EXE
                    • Suspicious use of SetWindowsHookEx
                    • System policy modification
                    PID:1904
                  • C:\Program Files\DVD Maker\en-US\backup.exe
                    "C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\
                    6⤵
                    • Executes dropped EXE
                    • Suspicious use of SetWindowsHookEx
                    PID:1148
                  • C:\Program Files\DVD Maker\es-ES\backup.exe
                    "C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\
                    6⤵
                    • Executes dropped EXE
                    • Suspicious use of SetWindowsHookEx
                    PID:2044
                  • C:\Program Files\DVD Maker\fr-FR\backup.exe
                    "C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\
                    6⤵
                    • Executes dropped EXE
                    • Suspicious use of SetWindowsHookEx
                    PID:684
                  • C:\Program Files\DVD Maker\it-IT\backup.exe
                    "C:\Program Files\DVD Maker\it-IT\backup.exe" C:\Program Files\DVD Maker\it-IT\
                    6⤵
                    • Executes dropped EXE
                    • Suspicious use of SetWindowsHookEx
                    PID:1424
                  • C:\Program Files\DVD Maker\ja-JP\backup.exe
                    "C:\Program Files\DVD Maker\ja-JP\backup.exe" C:\Program Files\DVD Maker\ja-JP\
                    6⤵
                      PID:1492
                  • C:\Program Files\Google\backup.exe
                    "C:\Program Files\Google\backup.exe" C:\Program Files\Google\
                    5⤵
                    • Executes dropped EXE
                    • Suspicious use of SetWindowsHookEx
                    PID:1940
                  • C:\Program Files\Internet Explorer\backup.exe
                    "C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\
                    5⤵
                    • Executes dropped EXE
                    • Suspicious use of SetWindowsHookEx
                    PID:1732
                  • C:\Program Files\Java\backup.exe
                    "C:\Program Files\Java\backup.exe" C:\Program Files\Java\
                    5⤵
                    • Executes dropped EXE
                    • Suspicious use of SetWindowsHookEx
                    PID:1664
                  • C:\Program Files\Microsoft Games\backup.exe
                    "C:\Program Files\Microsoft Games\backup.exe" C:\Program Files\Microsoft Games\
                    5⤵
                    • Executes dropped EXE
                    • Suspicious use of SetWindowsHookEx
                    PID:1884
                    • C:\Program Files\Microsoft Games\Chess\backup.exe
                      "C:\Program Files\Microsoft Games\Chess\backup.exe" C:\Program Files\Microsoft Games\Chess\
                      6⤵
                        PID:1368
                    • C:\Program Files\Microsoft Office\backup.exe
                      "C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\
                      5⤵
                        PID:860
                        • C:\Program Files\Microsoft Office\Office14\backup.exe
                          "C:\Program Files\Microsoft Office\Office14\backup.exe" C:\Program Files\Microsoft Office\Office14\
                          6⤵
                            PID:1456
                      • C:\Program Files (x86)\backup.exe
                        "C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\
                        4⤵
                        • Modifies visibility of file extensions in Explorer
                        • Disables RegEdit via registry modification
                        • Executes dropped EXE
                        • Drops file in Program Files directory
                        • Suspicious use of SetWindowsHookEx
                        • System policy modification
                        PID:1576
                        • C:\Program Files (x86)\Adobe\backup.exe
                          "C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\
                          5⤵
                          • Modifies visibility of file extensions in Explorer
                          • Disables RegEdit via registry modification
                          • Executes dropped EXE
                          • Drops file in Program Files directory
                          • Suspicious use of SetWindowsHookEx
                          • System policy modification
                          PID:1924
                          • C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe
                            "C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\
                            6⤵
                            • Executes dropped EXE
                            • Suspicious use of SetWindowsHookEx
                            PID:952
                        • C:\Program Files (x86)\Common Files\backup.exe
                          "C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\
                          5⤵
                          • Executes dropped EXE
                          • Suspicious use of SetWindowsHookEx
                          PID:1976
                        • C:\Program Files (x86)\Google\backup.exe
                          "C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\
                          5⤵
                          • Executes dropped EXE
                          • Suspicious use of SetWindowsHookEx
                          PID:664
                        • C:\Program Files (x86)\Internet Explorer\backup.exe
                          "C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\
                          5⤵
                            PID:1400
                            • C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe
                              "C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe" C:\Program Files (x86)\Internet Explorer\de-DE\
                              6⤵
                                PID:1404
                          • C:\Users\backup.exe
                            C:\Users\backup.exe C:\Users\
                            4⤵
                            • Modifies visibility of file extensions in Explorer
                            • Disables RegEdit via registry modification
                            • Executes dropped EXE
                            • Suspicious use of SetWindowsHookEx
                            PID:1104
                            • C:\Users\Admin\backup.exe
                              C:\Users\Admin\backup.exe C:\Users\Admin\
                              5⤵
                              • Executes dropped EXE
                              • Suspicious use of SetWindowsHookEx
                              PID:1676
                            • C:\Users\Public\backup.exe
                              C:\Users\Public\backup.exe C:\Users\Public\
                              5⤵
                              • Executes dropped EXE
                              • Suspicious use of SetWindowsHookEx
                              PID:1984
                              • C:\Users\Public\Documents\backup.exe
                                C:\Users\Public\Documents\backup.exe C:\Users\Public\Documents\
                                6⤵
                                  PID:1996
                            • C:\Windows\backup.exe
                              C:\Windows\backup.exe C:\Windows\
                              4⤵
                              • Executes dropped EXE
                              • Suspicious use of SetWindowsHookEx
                              PID:2040
                        • C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\update.exe
                          C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\update.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\
                          2⤵
                          • Modifies visibility of file extensions in Explorer
                          • Disables RegEdit via registry modification
                          • Executes dropped EXE
                          • Loads dropped DLL
                          • Suspicious use of SetWindowsHookEx
                          • System policy modification
                          PID:1480
                        • C:\Users\Admin\AppData\Local\Temp\Low\backup.exe
                          C:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\
                          2⤵
                          • Executes dropped EXE
                          • Suspicious use of SetWindowsHookEx
                          PID:2024
                        • C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe
                          "C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\
                          2⤵
                          • Modifies visibility of file extensions in Explorer
                          • Disables RegEdit via registry modification
                          • Executes dropped EXE
                          • Suspicious use of SetWindowsHookEx
                          • System policy modification
                          PID:2028
                        • C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe
                          "C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\
                          2⤵
                          • Modifies visibility of file extensions in Explorer
                          • Disables RegEdit via registry modification
                          • Executes dropped EXE
                          • Suspicious use of SetWindowsHookEx
                          • System policy modification
                          PID:1696
                        • C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe
                          C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\
                          2⤵
                          • Modifies visibility of file extensions in Explorer
                          • Disables RegEdit via registry modification
                          • Executes dropped EXE
                          • Suspicious use of SetWindowsHookEx
                          PID:1112
                        • C:\Users\Admin\AppData\Local\Temp\WPDNSE\data.exe
                          C:\Users\Admin\AppData\Local\Temp\WPDNSE\data.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\
                          2⤵
                          • Modifies visibility of file extensions in Explorer
                          • Disables RegEdit via registry modification
                          • Executes dropped EXE
                          • Suspicious use of SetWindowsHookEx
                          • System policy modification
                          PID:1956

                      Network

                      MITRE ATT&CK Enterprise v6

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\PerfLogs\Admin\backup.exe
                        Filesize

                        72KB

                        MD5

                        ea8d8bd7dddd7f510d4ca7263904a5d9

                        SHA1

                        fc4c80a16467f8b4a9ccc7231f1bfc24d6071e3e

                        SHA256

                        a4deeec4f8402feb5db4a90e894007e9ce5beac80770d4f3fae1c2fc79f2ce59

                        SHA512

                        b66598e356c8ff6b4b7c3d4c2d3a7f071a53968ed36df45372ea8202ed165edae9b07859686e1adc08aa7c207bdd1db804be0411d67b183ccfeb7dd4e7e9d626

                        Download Submit

                      • C:\PerfLogs\backup.exe
                        Filesize

                        72KB

                        MD5

                        37d9aea5ef67e67cabc1fbea7de2e27a

                        SHA1

                        9e700065136d8ac46f68b4f182f972ed3dcb7213

                        SHA256

                        26d1be26e64d6aa8cf4e8f0154d1ec6d2e12913645de130afc8c80157e84426c

                        SHA512

                        44cd0c39a62afb29de90d999a2880ea1432e80c4d3401473b46299513b90a96b69c8bc80b68f1fb947b789a6901dfaed5e92e02d093a0ec7d0b2b8f2410a0551

                        Download Submit

                      • C:\PerfLogs\backup.exe
                        Filesize

                        72KB

                        MD5

                        37d9aea5ef67e67cabc1fbea7de2e27a

                        SHA1

                        9e700065136d8ac46f68b4f182f972ed3dcb7213

                        SHA256

                        26d1be26e64d6aa8cf4e8f0154d1ec6d2e12913645de130afc8c80157e84426c

                        SHA512

                        44cd0c39a62afb29de90d999a2880ea1432e80c4d3401473b46299513b90a96b69c8bc80b68f1fb947b789a6901dfaed5e92e02d093a0ec7d0b2b8f2410a0551

                        Download Submit

                      • C:\Program Files\7-Zip\Lang\data.exe
                        Filesize

                        72KB

                        MD5

                        bce18a68dd07f29b93c02d503a2c8fc9

                        SHA1

                        089d4437799c8930f56b124e8d87c4b149f266fb

                        SHA256

                        cfff9cdf1aa54ef176abe02b8b41e503de6bde4252da90f36bd09448f3ab4787

                        SHA512

                        0f672b2df0ab983a180d9f96897c3379e471d844909bd7c08c0053893def46d2b6d1bc2e439427c1f281d1b41dc32fdada77a1c6e4539c74766a25f9cb539c93

                        Download Submit

                      • C:\Program Files\7-Zip\backup.exe
                        Filesize

                        72KB

                        MD5

                        62af09e85da2f61295b53f086abcfc3b

                        SHA1

                        7a3fd16227fbac08dea686608b0d257b54c2bd7c

                        SHA256

                        31bd936bfcfea615a5dfe39bb7abdc29aa2afd2ca61618f9b074123fe2e7ef49

                        SHA512

                        9bcfe0091b39f0340c57df1cb924d89b9bf14ced844fa029718d2768902b7fb8289ce3d811e560551f68dfce121514bb0015518c18153264eb76e02187cd8064

                        Download Submit

                      • C:\Program Files\7-Zip\backup.exe
                        Filesize

                        72KB

                        MD5

                        62af09e85da2f61295b53f086abcfc3b

                        SHA1

                        7a3fd16227fbac08dea686608b0d257b54c2bd7c

                        SHA256

                        31bd936bfcfea615a5dfe39bb7abdc29aa2afd2ca61618f9b074123fe2e7ef49

                        SHA512

                        9bcfe0091b39f0340c57df1cb924d89b9bf14ced844fa029718d2768902b7fb8289ce3d811e560551f68dfce121514bb0015518c18153264eb76e02187cd8064

                        Download Submit

                      • C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe
                        Filesize

                        72KB

                        MD5

                        6ce9edd1c2be1fd6b58c9b1e9bd9acf5

                        SHA1

                        f0c807929a85ba789515176bbca838a7a596c40a

                        SHA256

                        48a8781268c23f2b05b14b945c67189a5ed598466d9f7bdcac5eecd883ec2a2a

                        SHA512

                        fb4cadabc3e999c75faaa10274fee477d35d3de87160a73a2ed3facf280229a3844781a4bf2dbffbd3a7501b33cc55933455483e6db3ffa8f19c6f017822763b

                        Download Submit

                      • C:\Program Files\Common Files\Microsoft Shared\backup.exe
                        Filesize

                        72KB

                        MD5

                        b6e64a84d3c278cdafd44170d0410883

                        SHA1

                        bd5087fde5a294d818a65c676db0421fb5a29185

                        SHA256

                        d5d8f6d7f710a4ca73d9238704ba91a096906c7339a66b85ec8750e94524b602

                        SHA512

                        4993e1093383ffb2cafebf2bf9ef50fe948ab4a510606a6c0d1860e76fcc309bb85f4e3c45997d1d9b108d146714aae6e05edee1739f7554348a28c6baf99f9c

                        Download Submit

                      • C:\Program Files\Common Files\Microsoft Shared\backup.exe
                        Filesize

                        72KB

                        MD5

                        b6e64a84d3c278cdafd44170d0410883

                        SHA1

                        bd5087fde5a294d818a65c676db0421fb5a29185

                        SHA256

                        d5d8f6d7f710a4ca73d9238704ba91a096906c7339a66b85ec8750e94524b602

                        SHA512

                        4993e1093383ffb2cafebf2bf9ef50fe948ab4a510606a6c0d1860e76fcc309bb85f4e3c45997d1d9b108d146714aae6e05edee1739f7554348a28c6baf99f9c

                        Download Submit

                      • C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe
                        Filesize

                        72KB

                        MD5

                        33b9657ad1a9fc91605ac54e02d4bcff

                        SHA1

                        b3fcba540dcf3e681171e21a3a199b3bf7d418c5

                        SHA256

                        3fbf9a9220c83a148f1498cf6268c53a767c4adc25680bca0b8df6c0cdeba1e2

                        SHA512

                        851f84ae47ad71d12111efccc971c734ef82677137820bc4f9349af80ce6b177659f744129a081c377ce10de642d848fcae3f730adfd7c22b4e6d975cec30612

                        Download Submit

                      • C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe
                        Filesize

                        72KB

                        MD5

                        6ce9edd1c2be1fd6b58c9b1e9bd9acf5

                        SHA1

                        f0c807929a85ba789515176bbca838a7a596c40a

                        SHA256

                        48a8781268c23f2b05b14b945c67189a5ed598466d9f7bdcac5eecd883ec2a2a

                        SHA512

                        fb4cadabc3e999c75faaa10274fee477d35d3de87160a73a2ed3facf280229a3844781a4bf2dbffbd3a7501b33cc55933455483e6db3ffa8f19c6f017822763b

                        Download Submit

                      • C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe
                        Filesize

                        72KB

                        MD5

                        6ce9edd1c2be1fd6b58c9b1e9bd9acf5

                        SHA1

                        f0c807929a85ba789515176bbca838a7a596c40a

                        SHA256

                        48a8781268c23f2b05b14b945c67189a5ed598466d9f7bdcac5eecd883ec2a2a

                        SHA512

                        fb4cadabc3e999c75faaa10274fee477d35d3de87160a73a2ed3facf280229a3844781a4bf2dbffbd3a7501b33cc55933455483e6db3ffa8f19c6f017822763b

                        Download Submit

                      • C:\Program Files\Common Files\backup.exe
                        Filesize

                        72KB

                        MD5

                        d43a4a47e8cd9a1740d602413a97d4c9

                        SHA1

                        f9bca646495445d50c630cac359c8f60de250ac8

                        SHA256

                        782ec3053f882bb3f1712cf61f9fcc9810542987bac1963a3d253782264a64c7

                        SHA512

                        6cc218241b04a3282102e22cfce48b9be826080017beeb754534fd471f70e5a58f90e98e6ba1fb81f589854dd5ddbfb146bfeb9c48738367628bdb82d84f3d02

                        Download Submit

                      • C:\Program Files\Common Files\backup.exe
                        Filesize

                        72KB

                        MD5

                        d43a4a47e8cd9a1740d602413a97d4c9

                        SHA1

                        f9bca646495445d50c630cac359c8f60de250ac8

                        SHA256

                        782ec3053f882bb3f1712cf61f9fcc9810542987bac1963a3d253782264a64c7

                        SHA512

                        6cc218241b04a3282102e22cfce48b9be826080017beeb754534fd471f70e5a58f90e98e6ba1fb81f589854dd5ddbfb146bfeb9c48738367628bdb82d84f3d02

                        Download Submit

                      • C:\Program Files\backup.exe
                        Filesize

                        72KB

                        MD5

                        0ae227cd62b6d07b9c7a255a16c8098a

                        SHA1

                        500fc8917c30ee92f087230cda37adae81f3a8f3

                        SHA256

                        5f6e2f6bae10ae1d6a5391e154139158fd84f6a1df4008121329e8aabdc3c880

                        SHA512

                        33eaa3497715df75c7142a2fbc8c33f629038105322fd3fe781d434ee5c1c27b2c1209e51f278ab4e52ba9158db79f98a396f5ecc95d9467a6f136e26f2266d2

                        Download Submit

                      • C:\Program Files\backup.exe
                        Filesize

                        72KB

                        MD5

                        0ae227cd62b6d07b9c7a255a16c8098a

                        SHA1

                        500fc8917c30ee92f087230cda37adae81f3a8f3

                        SHA256

                        5f6e2f6bae10ae1d6a5391e154139158fd84f6a1df4008121329e8aabdc3c880

                        SHA512

                        33eaa3497715df75c7142a2fbc8c33f629038105322fd3fe781d434ee5c1c27b2c1209e51f278ab4e52ba9158db79f98a396f5ecc95d9467a6f136e26f2266d2

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\2651074012\backup.exe
                        Filesize

                        72KB

                        MD5

                        472beb0f1a6526f1d5b2f69145cffca3

                        SHA1

                        8696d3e398ab1462cbdcee89766c0bc61a267339

                        SHA256

                        60423f02d84bbed28defd94e2496eff645f21bdb8f7e0368d26542ac825592f7

                        SHA512

                        4a30d3140ed730ff6340661466801cad1e4dbce07768e498dc733c529a87c270642d483d6fd614dbd09196f16c3cc7d81d7eeeedaf1cfc380a68126f7cb59cfd

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\2651074012\backup.exe
                        Filesize

                        72KB

                        MD5

                        472beb0f1a6526f1d5b2f69145cffca3

                        SHA1

                        8696d3e398ab1462cbdcee89766c0bc61a267339

                        SHA256

                        60423f02d84bbed28defd94e2496eff645f21bdb8f7e0368d26542ac825592f7

                        SHA512

                        4a30d3140ed730ff6340661466801cad1e4dbce07768e498dc733c529a87c270642d483d6fd614dbd09196f16c3cc7d81d7eeeedaf1cfc380a68126f7cb59cfd

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\Low\backup.exe
                        Filesize

                        72KB

                        MD5

                        472beb0f1a6526f1d5b2f69145cffca3

                        SHA1

                        8696d3e398ab1462cbdcee89766c0bc61a267339

                        SHA256

                        60423f02d84bbed28defd94e2496eff645f21bdb8f7e0368d26542ac825592f7

                        SHA512

                        4a30d3140ed730ff6340661466801cad1e4dbce07768e498dc733c529a87c270642d483d6fd614dbd09196f16c3cc7d81d7eeeedaf1cfc380a68126f7cb59cfd

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe
                        Filesize

                        72KB

                        MD5

                        08c6b8e3cd369ddec2a6284c7117d293

                        SHA1

                        49a6370d8a9875d464976921a161be31848632ca

                        SHA256

                        c0681f93eaade61100635204f60d3c322198ca3df3b7b05a12d36e6512629445

                        SHA512

                        36096a130055b90e687b1d082ad6615ee20e7bc88a50abbd537a1dc5962d9b096d561ffa7dc60b36c0cc94bc78049f54936f824637c8b73a6a24328ecfaa5ba4

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe
                        Filesize

                        72KB

                        MD5

                        08c6b8e3cd369ddec2a6284c7117d293

                        SHA1

                        49a6370d8a9875d464976921a161be31848632ca

                        SHA256

                        c0681f93eaade61100635204f60d3c322198ca3df3b7b05a12d36e6512629445

                        SHA512

                        36096a130055b90e687b1d082ad6615ee20e7bc88a50abbd537a1dc5962d9b096d561ffa7dc60b36c0cc94bc78049f54936f824637c8b73a6a24328ecfaa5ba4

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\WPDNSE\data.exe
                        Filesize

                        72KB

                        MD5

                        08c6b8e3cd369ddec2a6284c7117d293

                        SHA1

                        49a6370d8a9875d464976921a161be31848632ca

                        SHA256

                        c0681f93eaade61100635204f60d3c322198ca3df3b7b05a12d36e6512629445

                        SHA512

                        36096a130055b90e687b1d082ad6615ee20e7bc88a50abbd537a1dc5962d9b096d561ffa7dc60b36c0cc94bc78049f54936f824637c8b73a6a24328ecfaa5ba4

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\update.exe
                        Filesize

                        72KB

                        MD5

                        472beb0f1a6526f1d5b2f69145cffca3

                        SHA1

                        8696d3e398ab1462cbdcee89766c0bc61a267339

                        SHA256

                        60423f02d84bbed28defd94e2496eff645f21bdb8f7e0368d26542ac825592f7

                        SHA512

                        4a30d3140ed730ff6340661466801cad1e4dbce07768e498dc733c529a87c270642d483d6fd614dbd09196f16c3cc7d81d7eeeedaf1cfc380a68126f7cb59cfd

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\update.exe
                        Filesize

                        72KB

                        MD5

                        472beb0f1a6526f1d5b2f69145cffca3

                        SHA1

                        8696d3e398ab1462cbdcee89766c0bc61a267339

                        SHA256

                        60423f02d84bbed28defd94e2496eff645f21bdb8f7e0368d26542ac825592f7

                        SHA512

                        4a30d3140ed730ff6340661466801cad1e4dbce07768e498dc733c529a87c270642d483d6fd614dbd09196f16c3cc7d81d7eeeedaf1cfc380a68126f7cb59cfd

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe
                        Filesize

                        72KB

                        MD5

                        08c6b8e3cd369ddec2a6284c7117d293

                        SHA1

                        49a6370d8a9875d464976921a161be31848632ca

                        SHA256

                        c0681f93eaade61100635204f60d3c322198ca3df3b7b05a12d36e6512629445

                        SHA512

                        36096a130055b90e687b1d082ad6615ee20e7bc88a50abbd537a1dc5962d9b096d561ffa7dc60b36c0cc94bc78049f54936f824637c8b73a6a24328ecfaa5ba4

                        Download Submit

                      • C:\backup.exe
                        Filesize

                        72KB

                        MD5

                        26f8f6a9d210126934ab357df50d88d6

                        SHA1

                        f89bd3083a2f5c943ebe535fe7c599a461592503

                        SHA256

                        3a6c43947c033db49820b4a8bf56fc621d053fd3273aa570e8d5077582efd144

                        SHA512

                        3c3c695355cf088e66bc0c04ad0239b576e23bcd4b20fa5f12a56fd879d774c953cebeb0d266ee150a7b7a8294b5a5f4c52f1a3824fe5dd1cc3652d6dbb374d3

                        Download Submit

                      • C:\backup.exe
                        Filesize

                        72KB

                        MD5

                        26f8f6a9d210126934ab357df50d88d6

                        SHA1

                        f89bd3083a2f5c943ebe535fe7c599a461592503

                        SHA256

                        3a6c43947c033db49820b4a8bf56fc621d053fd3273aa570e8d5077582efd144

                        SHA512

                        3c3c695355cf088e66bc0c04ad0239b576e23bcd4b20fa5f12a56fd879d774c953cebeb0d266ee150a7b7a8294b5a5f4c52f1a3824fe5dd1cc3652d6dbb374d3

                        Download Submit

                      • \PerfLogs\Admin\backup.exe
                        Filesize

                        72KB

                        MD5

                        ea8d8bd7dddd7f510d4ca7263904a5d9

                        SHA1

                        fc4c80a16467f8b4a9ccc7231f1bfc24d6071e3e

                        SHA256

                        a4deeec4f8402feb5db4a90e894007e9ce5beac80770d4f3fae1c2fc79f2ce59

                        SHA512

                        b66598e356c8ff6b4b7c3d4c2d3a7f071a53968ed36df45372ea8202ed165edae9b07859686e1adc08aa7c207bdd1db804be0411d67b183ccfeb7dd4e7e9d626

                        Download Submit

                      • \PerfLogs\Admin\backup.exe
                        Filesize

                        72KB

                        MD5

                        ea8d8bd7dddd7f510d4ca7263904a5d9

                        SHA1

                        fc4c80a16467f8b4a9ccc7231f1bfc24d6071e3e

                        SHA256

                        a4deeec4f8402feb5db4a90e894007e9ce5beac80770d4f3fae1c2fc79f2ce59

                        SHA512

                        b66598e356c8ff6b4b7c3d4c2d3a7f071a53968ed36df45372ea8202ed165edae9b07859686e1adc08aa7c207bdd1db804be0411d67b183ccfeb7dd4e7e9d626

                        Download Submit

                      • \PerfLogs\backup.exe
                        Filesize

                        72KB

                        MD5

                        37d9aea5ef67e67cabc1fbea7de2e27a

                        SHA1

                        9e700065136d8ac46f68b4f182f972ed3dcb7213

                        SHA256

                        26d1be26e64d6aa8cf4e8f0154d1ec6d2e12913645de130afc8c80157e84426c

                        SHA512

                        44cd0c39a62afb29de90d999a2880ea1432e80c4d3401473b46299513b90a96b69c8bc80b68f1fb947b789a6901dfaed5e92e02d093a0ec7d0b2b8f2410a0551

                        Download Submit

                      • \PerfLogs\backup.exe
                        Filesize

                        72KB

                        MD5

                        37d9aea5ef67e67cabc1fbea7de2e27a

                        SHA1

                        9e700065136d8ac46f68b4f182f972ed3dcb7213

                        SHA256

                        26d1be26e64d6aa8cf4e8f0154d1ec6d2e12913645de130afc8c80157e84426c

                        SHA512

                        44cd0c39a62afb29de90d999a2880ea1432e80c4d3401473b46299513b90a96b69c8bc80b68f1fb947b789a6901dfaed5e92e02d093a0ec7d0b2b8f2410a0551

                        Download Submit

                      • \Program Files\7-Zip\Lang\data.exe
                        Filesize

                        72KB

                        MD5

                        bce18a68dd07f29b93c02d503a2c8fc9

                        SHA1

                        089d4437799c8930f56b124e8d87c4b149f266fb

                        SHA256

                        cfff9cdf1aa54ef176abe02b8b41e503de6bde4252da90f36bd09448f3ab4787

                        SHA512

                        0f672b2df0ab983a180d9f96897c3379e471d844909bd7c08c0053893def46d2b6d1bc2e439427c1f281d1b41dc32fdada77a1c6e4539c74766a25f9cb539c93

                        Download Submit

                      • \Program Files\7-Zip\Lang\data.exe
                        Filesize

                        72KB

                        MD5

                        bce18a68dd07f29b93c02d503a2c8fc9

                        SHA1

                        089d4437799c8930f56b124e8d87c4b149f266fb

                        SHA256

                        cfff9cdf1aa54ef176abe02b8b41e503de6bde4252da90f36bd09448f3ab4787

                        SHA512

                        0f672b2df0ab983a180d9f96897c3379e471d844909bd7c08c0053893def46d2b6d1bc2e439427c1f281d1b41dc32fdada77a1c6e4539c74766a25f9cb539c93

                        Download Submit

                      • \Program Files\7-Zip\backup.exe
                        Filesize

                        72KB

                        MD5

                        62af09e85da2f61295b53f086abcfc3b

                        SHA1

                        7a3fd16227fbac08dea686608b0d257b54c2bd7c

                        SHA256

                        31bd936bfcfea615a5dfe39bb7abdc29aa2afd2ca61618f9b074123fe2e7ef49

                        SHA512

                        9bcfe0091b39f0340c57df1cb924d89b9bf14ced844fa029718d2768902b7fb8289ce3d811e560551f68dfce121514bb0015518c18153264eb76e02187cd8064

                        Download Submit

                      • \Program Files\7-Zip\backup.exe
                        Filesize

                        72KB

                        MD5

                        62af09e85da2f61295b53f086abcfc3b

                        SHA1

                        7a3fd16227fbac08dea686608b0d257b54c2bd7c

                        SHA256

                        31bd936bfcfea615a5dfe39bb7abdc29aa2afd2ca61618f9b074123fe2e7ef49

                        SHA512

                        9bcfe0091b39f0340c57df1cb924d89b9bf14ced844fa029718d2768902b7fb8289ce3d811e560551f68dfce121514bb0015518c18153264eb76e02187cd8064

                        Download Submit

                      • \Program Files\Common Files\Microsoft Shared\Filters\backup.exe
                        Filesize

                        72KB

                        MD5

                        6ce9edd1c2be1fd6b58c9b1e9bd9acf5

                        SHA1

                        f0c807929a85ba789515176bbca838a7a596c40a

                        SHA256

                        48a8781268c23f2b05b14b945c67189a5ed598466d9f7bdcac5eecd883ec2a2a

                        SHA512

                        fb4cadabc3e999c75faaa10274fee477d35d3de87160a73a2ed3facf280229a3844781a4bf2dbffbd3a7501b33cc55933455483e6db3ffa8f19c6f017822763b

                        Download Submit

                      • \Program Files\Common Files\Microsoft Shared\Filters\backup.exe
                        Filesize

                        72KB

                        MD5

                        6ce9edd1c2be1fd6b58c9b1e9bd9acf5

                        SHA1

                        f0c807929a85ba789515176bbca838a7a596c40a

                        SHA256

                        48a8781268c23f2b05b14b945c67189a5ed598466d9f7bdcac5eecd883ec2a2a

                        SHA512

                        fb4cadabc3e999c75faaa10274fee477d35d3de87160a73a2ed3facf280229a3844781a4bf2dbffbd3a7501b33cc55933455483e6db3ffa8f19c6f017822763b

                        Download Submit

                      • \Program Files\Common Files\Microsoft Shared\backup.exe
                        Filesize

                        72KB

                        MD5

                        b6e64a84d3c278cdafd44170d0410883

                        SHA1

                        bd5087fde5a294d818a65c676db0421fb5a29185

                        SHA256

                        d5d8f6d7f710a4ca73d9238704ba91a096906c7339a66b85ec8750e94524b602

                        SHA512

                        4993e1093383ffb2cafebf2bf9ef50fe948ab4a510606a6c0d1860e76fcc309bb85f4e3c45997d1d9b108d146714aae6e05edee1739f7554348a28c6baf99f9c

                        Download Submit

                      • \Program Files\Common Files\Microsoft Shared\backup.exe
                        Filesize

                        72KB

                        MD5

                        b6e64a84d3c278cdafd44170d0410883

                        SHA1

                        bd5087fde5a294d818a65c676db0421fb5a29185

                        SHA256

                        d5d8f6d7f710a4ca73d9238704ba91a096906c7339a66b85ec8750e94524b602

                        SHA512

                        4993e1093383ffb2cafebf2bf9ef50fe948ab4a510606a6c0d1860e76fcc309bb85f4e3c45997d1d9b108d146714aae6e05edee1739f7554348a28c6baf99f9c

                        Download Submit

                      • \Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe
                        Filesize

                        72KB

                        MD5

                        33b9657ad1a9fc91605ac54e02d4bcff

                        SHA1

                        b3fcba540dcf3e681171e21a3a199b3bf7d418c5

                        SHA256

                        3fbf9a9220c83a148f1498cf6268c53a767c4adc25680bca0b8df6c0cdeba1e2

                        SHA512

                        851f84ae47ad71d12111efccc971c734ef82677137820bc4f9349af80ce6b177659f744129a081c377ce10de642d848fcae3f730adfd7c22b4e6d975cec30612

                        Download Submit

                      • \Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe
                        Filesize

                        72KB

                        MD5

                        33b9657ad1a9fc91605ac54e02d4bcff

                        SHA1

                        b3fcba540dcf3e681171e21a3a199b3bf7d418c5

                        SHA256

                        3fbf9a9220c83a148f1498cf6268c53a767c4adc25680bca0b8df6c0cdeba1e2

                        SHA512

                        851f84ae47ad71d12111efccc971c734ef82677137820bc4f9349af80ce6b177659f744129a081c377ce10de642d848fcae3f730adfd7c22b4e6d975cec30612

                        Download Submit

                      • \Program Files\Common Files\Microsoft Shared\ink\backup.exe
                        Filesize

                        72KB

                        MD5

                        6ce9edd1c2be1fd6b58c9b1e9bd9acf5

                        SHA1

                        f0c807929a85ba789515176bbca838a7a596c40a

                        SHA256

                        48a8781268c23f2b05b14b945c67189a5ed598466d9f7bdcac5eecd883ec2a2a

                        SHA512

                        fb4cadabc3e999c75faaa10274fee477d35d3de87160a73a2ed3facf280229a3844781a4bf2dbffbd3a7501b33cc55933455483e6db3ffa8f19c6f017822763b

                        Download Submit

                      • \Program Files\Common Files\Microsoft Shared\ink\backup.exe
                        Filesize

                        72KB

                        MD5

                        6ce9edd1c2be1fd6b58c9b1e9bd9acf5

                        SHA1

                        f0c807929a85ba789515176bbca838a7a596c40a

                        SHA256

                        48a8781268c23f2b05b14b945c67189a5ed598466d9f7bdcac5eecd883ec2a2a

                        SHA512

                        fb4cadabc3e999c75faaa10274fee477d35d3de87160a73a2ed3facf280229a3844781a4bf2dbffbd3a7501b33cc55933455483e6db3ffa8f19c6f017822763b

                        Download Submit

                      • \Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe
                        Filesize

                        72KB

                        MD5

                        33b9657ad1a9fc91605ac54e02d4bcff

                        SHA1

                        b3fcba540dcf3e681171e21a3a199b3bf7d418c5

                        SHA256

                        3fbf9a9220c83a148f1498cf6268c53a767c4adc25680bca0b8df6c0cdeba1e2

                        SHA512

                        851f84ae47ad71d12111efccc971c734ef82677137820bc4f9349af80ce6b177659f744129a081c377ce10de642d848fcae3f730adfd7c22b4e6d975cec30612

                        Download Submit

                      • \Program Files\Common Files\backup.exe
                        Filesize

                        72KB

                        MD5

                        d43a4a47e8cd9a1740d602413a97d4c9

                        SHA1

                        f9bca646495445d50c630cac359c8f60de250ac8

                        SHA256

                        782ec3053f882bb3f1712cf61f9fcc9810542987bac1963a3d253782264a64c7

                        SHA512

                        6cc218241b04a3282102e22cfce48b9be826080017beeb754534fd471f70e5a58f90e98e6ba1fb81f589854dd5ddbfb146bfeb9c48738367628bdb82d84f3d02

                        Download Submit

                      • \Program Files\Common Files\backup.exe
                        Filesize

                        72KB

                        MD5

                        d43a4a47e8cd9a1740d602413a97d4c9

                        SHA1

                        f9bca646495445d50c630cac359c8f60de250ac8

                        SHA256

                        782ec3053f882bb3f1712cf61f9fcc9810542987bac1963a3d253782264a64c7

                        SHA512

                        6cc218241b04a3282102e22cfce48b9be826080017beeb754534fd471f70e5a58f90e98e6ba1fb81f589854dd5ddbfb146bfeb9c48738367628bdb82d84f3d02

                        Download Submit

                      • \Program Files\backup.exe
                        Filesize

                        72KB

                        MD5

                        0ae227cd62b6d07b9c7a255a16c8098a

                        SHA1

                        500fc8917c30ee92f087230cda37adae81f3a8f3

                        SHA256

                        5f6e2f6bae10ae1d6a5391e154139158fd84f6a1df4008121329e8aabdc3c880

                        SHA512

                        33eaa3497715df75c7142a2fbc8c33f629038105322fd3fe781d434ee5c1c27b2c1209e51f278ab4e52ba9158db79f98a396f5ecc95d9467a6f136e26f2266d2

                        Download Submit

                      • \Program Files\backup.exe
                        Filesize

                        72KB

                        MD5

                        0ae227cd62b6d07b9c7a255a16c8098a

                        SHA1

                        500fc8917c30ee92f087230cda37adae81f3a8f3

                        SHA256

                        5f6e2f6bae10ae1d6a5391e154139158fd84f6a1df4008121329e8aabdc3c880

                        SHA512

                        33eaa3497715df75c7142a2fbc8c33f629038105322fd3fe781d434ee5c1c27b2c1209e51f278ab4e52ba9158db79f98a396f5ecc95d9467a6f136e26f2266d2

                        Download Submit

                      • \Users\Admin\AppData\Local\Temp\2651074012\backup.exe
                        Filesize

                        72KB

                        MD5

                        472beb0f1a6526f1d5b2f69145cffca3

                        SHA1

                        8696d3e398ab1462cbdcee89766c0bc61a267339

                        SHA256

                        60423f02d84bbed28defd94e2496eff645f21bdb8f7e0368d26542ac825592f7

                        SHA512

                        4a30d3140ed730ff6340661466801cad1e4dbce07768e498dc733c529a87c270642d483d6fd614dbd09196f16c3cc7d81d7eeeedaf1cfc380a68126f7cb59cfd

                        Download Submit

                      • \Users\Admin\AppData\Local\Temp\2651074012\backup.exe
                        Filesize

                        72KB

                        MD5

                        472beb0f1a6526f1d5b2f69145cffca3

                        SHA1

                        8696d3e398ab1462cbdcee89766c0bc61a267339

                        SHA256

                        60423f02d84bbed28defd94e2496eff645f21bdb8f7e0368d26542ac825592f7

                        SHA512

                        4a30d3140ed730ff6340661466801cad1e4dbce07768e498dc733c529a87c270642d483d6fd614dbd09196f16c3cc7d81d7eeeedaf1cfc380a68126f7cb59cfd

                        Download Submit

                      • \Users\Admin\AppData\Local\Temp\Low\backup.exe
                        Filesize

                        72KB

                        MD5

                        472beb0f1a6526f1d5b2f69145cffca3

                        SHA1

                        8696d3e398ab1462cbdcee89766c0bc61a267339

                        SHA256

                        60423f02d84bbed28defd94e2496eff645f21bdb8f7e0368d26542ac825592f7

                        SHA512

                        4a30d3140ed730ff6340661466801cad1e4dbce07768e498dc733c529a87c270642d483d6fd614dbd09196f16c3cc7d81d7eeeedaf1cfc380a68126f7cb59cfd

                        Download Submit

                      • \Users\Admin\AppData\Local\Temp\Low\backup.exe
                        Filesize

                        72KB

                        MD5

                        472beb0f1a6526f1d5b2f69145cffca3

                        SHA1

                        8696d3e398ab1462cbdcee89766c0bc61a267339

                        SHA256

                        60423f02d84bbed28defd94e2496eff645f21bdb8f7e0368d26542ac825592f7

                        SHA512

                        4a30d3140ed730ff6340661466801cad1e4dbce07768e498dc733c529a87c270642d483d6fd614dbd09196f16c3cc7d81d7eeeedaf1cfc380a68126f7cb59cfd

                        Download Submit

                      • \Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe
                        Filesize

                        72KB

                        MD5

                        08c6b8e3cd369ddec2a6284c7117d293

                        SHA1

                        49a6370d8a9875d464976921a161be31848632ca

                        SHA256

                        c0681f93eaade61100635204f60d3c322198ca3df3b7b05a12d36e6512629445

                        SHA512

                        36096a130055b90e687b1d082ad6615ee20e7bc88a50abbd537a1dc5962d9b096d561ffa7dc60b36c0cc94bc78049f54936f824637c8b73a6a24328ecfaa5ba4

                        Download Submit

                      • \Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe
                        Filesize

                        72KB

                        MD5

                        08c6b8e3cd369ddec2a6284c7117d293

                        SHA1

                        49a6370d8a9875d464976921a161be31848632ca

                        SHA256

                        c0681f93eaade61100635204f60d3c322198ca3df3b7b05a12d36e6512629445

                        SHA512

                        36096a130055b90e687b1d082ad6615ee20e7bc88a50abbd537a1dc5962d9b096d561ffa7dc60b36c0cc94bc78049f54936f824637c8b73a6a24328ecfaa5ba4

                        Download Submit

                      • \Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe
                        Filesize

                        72KB

                        MD5

                        08c6b8e3cd369ddec2a6284c7117d293

                        SHA1

                        49a6370d8a9875d464976921a161be31848632ca

                        SHA256

                        c0681f93eaade61100635204f60d3c322198ca3df3b7b05a12d36e6512629445

                        SHA512

                        36096a130055b90e687b1d082ad6615ee20e7bc88a50abbd537a1dc5962d9b096d561ffa7dc60b36c0cc94bc78049f54936f824637c8b73a6a24328ecfaa5ba4

                        Download Submit

                      • \Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe
                        Filesize

                        72KB

                        MD5

                        08c6b8e3cd369ddec2a6284c7117d293

                        SHA1

                        49a6370d8a9875d464976921a161be31848632ca

                        SHA256

                        c0681f93eaade61100635204f60d3c322198ca3df3b7b05a12d36e6512629445

                        SHA512

                        36096a130055b90e687b1d082ad6615ee20e7bc88a50abbd537a1dc5962d9b096d561ffa7dc60b36c0cc94bc78049f54936f824637c8b73a6a24328ecfaa5ba4

                        Download Submit

                      • \Users\Admin\AppData\Local\Temp\WPDNSE\data.exe
                        Filesize

                        72KB

                        MD5

                        08c6b8e3cd369ddec2a6284c7117d293

                        SHA1

                        49a6370d8a9875d464976921a161be31848632ca

                        SHA256

                        c0681f93eaade61100635204f60d3c322198ca3df3b7b05a12d36e6512629445

                        SHA512

                        36096a130055b90e687b1d082ad6615ee20e7bc88a50abbd537a1dc5962d9b096d561ffa7dc60b36c0cc94bc78049f54936f824637c8b73a6a24328ecfaa5ba4

                        Download Submit

                      • \Users\Admin\AppData\Local\Temp\WPDNSE\data.exe
                        Filesize

                        72KB

                        MD5

                        08c6b8e3cd369ddec2a6284c7117d293

                        SHA1

                        49a6370d8a9875d464976921a161be31848632ca

                        SHA256

                        c0681f93eaade61100635204f60d3c322198ca3df3b7b05a12d36e6512629445

                        SHA512

                        36096a130055b90e687b1d082ad6615ee20e7bc88a50abbd537a1dc5962d9b096d561ffa7dc60b36c0cc94bc78049f54936f824637c8b73a6a24328ecfaa5ba4

                        Download Submit

                      • \Users\Admin\AppData\Local\Temp\hsperfdata_Admin\update.exe
                        Filesize

                        72KB

                        MD5

                        472beb0f1a6526f1d5b2f69145cffca3

                        SHA1

                        8696d3e398ab1462cbdcee89766c0bc61a267339

                        SHA256

                        60423f02d84bbed28defd94e2496eff645f21bdb8f7e0368d26542ac825592f7

                        SHA512

                        4a30d3140ed730ff6340661466801cad1e4dbce07768e498dc733c529a87c270642d483d6fd614dbd09196f16c3cc7d81d7eeeedaf1cfc380a68126f7cb59cfd

                        Download Submit

                      • \Users\Admin\AppData\Local\Temp\hsperfdata_Admin\update.exe
                        Filesize

                        72KB

                        MD5

                        472beb0f1a6526f1d5b2f69145cffca3

                        SHA1

                        8696d3e398ab1462cbdcee89766c0bc61a267339

                        SHA256

                        60423f02d84bbed28defd94e2496eff645f21bdb8f7e0368d26542ac825592f7

                        SHA512

                        4a30d3140ed730ff6340661466801cad1e4dbce07768e498dc733c529a87c270642d483d6fd614dbd09196f16c3cc7d81d7eeeedaf1cfc380a68126f7cb59cfd

                        Download Submit

                      • \Users\Admin\AppData\Local\Temp\hsperfdata_Admin\update.exe
                        Filesize

                        72KB

                        MD5

                        472beb0f1a6526f1d5b2f69145cffca3

                        SHA1

                        8696d3e398ab1462cbdcee89766c0bc61a267339

                        SHA256

                        60423f02d84bbed28defd94e2496eff645f21bdb8f7e0368d26542ac825592f7

                        SHA512

                        4a30d3140ed730ff6340661466801cad1e4dbce07768e498dc733c529a87c270642d483d6fd614dbd09196f16c3cc7d81d7eeeedaf1cfc380a68126f7cb59cfd

                        Download Submit

                      • \Users\Admin\AppData\Local\Temp\hsperfdata_Admin\update.exe
                        Filesize

                        72KB

                        MD5

                        472beb0f1a6526f1d5b2f69145cffca3

                        SHA1

                        8696d3e398ab1462cbdcee89766c0bc61a267339

                        SHA256

                        60423f02d84bbed28defd94e2496eff645f21bdb8f7e0368d26542ac825592f7

                        SHA512

                        4a30d3140ed730ff6340661466801cad1e4dbce07768e498dc733c529a87c270642d483d6fd614dbd09196f16c3cc7d81d7eeeedaf1cfc380a68126f7cb59cfd

                        Download Submit

                      • \Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe
                        Filesize

                        72KB

                        MD5

                        08c6b8e3cd369ddec2a6284c7117d293

                        SHA1

                        49a6370d8a9875d464976921a161be31848632ca

                        SHA256

                        c0681f93eaade61100635204f60d3c322198ca3df3b7b05a12d36e6512629445

                        SHA512

                        36096a130055b90e687b1d082ad6615ee20e7bc88a50abbd537a1dc5962d9b096d561ffa7dc60b36c0cc94bc78049f54936f824637c8b73a6a24328ecfaa5ba4

                        Download Submit

                      • \Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe
                        Filesize

                        72KB

                        MD5

                        08c6b8e3cd369ddec2a6284c7117d293

                        SHA1

                        49a6370d8a9875d464976921a161be31848632ca

                        SHA256

                        c0681f93eaade61100635204f60d3c322198ca3df3b7b05a12d36e6512629445

                        SHA512

                        36096a130055b90e687b1d082ad6615ee20e7bc88a50abbd537a1dc5962d9b096d561ffa7dc60b36c0cc94bc78049f54936f824637c8b73a6a24328ecfaa5ba4

                        Download Submit

                      • memory/744-108-0x0000000074661000-0x0000000074663000-memory.dmp

                        Filesize

                        8KB

                        Download

                      • memory/1480-66-0x0000000075FB1000-0x0000000075FB3000-memory.dmp

                        Filesize

                        8KB

                        Download