SmartHawk

3.0

中危

该样本未表现出任何异常！

重新分析

下载样本

0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd

0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe

分析耗时

134s

引擎	描述	特征	威胁分数	可能家族	检测耗时
DACN	基于动态分析和胶囊网络的可视化恶意软件检测	API调用、DLL以及注册表的修改情况	0.14	Unknown	0.05s
FACILE	利用改进的层次胶囊网络对二进制恶意软件图像进行识别分类	二进制图像映射为的灰度图像	1.00	Unknown	0.04s
IMCLNet	轻量化深度卷积网络模型实现恶意软件家族检测	原始二进制映射而成的可视化图像	0.66	Unknown	0.22s
MFGraph	利用静态特征构建图网络以检测恶意软件	原始二进制PE文件的静态特征节点	0.00	Unknown	0.00s

Time & API	Arguments	Status	Return	Repeated
1727545339.719375 GlobalMemoryStatusEx		success	1	0

Time & API	Arguments	Status
1727545342.156375 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1635560 registers.ecx: 2 registers.edx: 0 registers.ebx: 8865344 registers.esp: 1635560 registers.ebp: 1635640 registers.esi: 8865344 registers.edi: 8865344 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545342.188375 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1635360 registers.ecx: 2 registers.edx: 0 registers.ebx: 8865344 registers.esp: 1635360 registers.ebp: 1635440 registers.esi: 8865344 registers.edi: 8865344 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545282.249875 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 8603808 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 8603808 registers.edi: 8603808 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545282.655875 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 4933888 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 4933888 registers.edi: 4933888 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545283.047125 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 5982368 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 5982368 registers.edi: 5982368 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545344.827625 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 5718712 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 5718712 registers.edi: 5718712 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545283.469 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 5720224 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 5720224 registers.edi: 5720224 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545284.84425 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 5128888 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 5128888 registers.edi: 5128888 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545284.827625 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 2704424 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 2704424 registers.edi: 2704424 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545283.89125 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 5064864 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 5064864 registers.edi: 5064864 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545284.328125 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 5916832 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 5916832 registers.edi: 5916832 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545284.8125 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 5099200 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 5099200 registers.edi: 5099200 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545284.749625 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 5916832 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 5916832 registers.edi: 5916832 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545284.8125 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 5750544 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 5750544 registers.edi: 5750544 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545285.1405 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 5523616 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 5523616 registers.edi: 5523616 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545288.171625 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 8733472 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 8733472 registers.edi: 8733472 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545285.578125 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 4999328 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 4999328 registers.edi: 4999328 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545285.594375 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 3359496 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 3359496 registers.edi: 3359496 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545285.984 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 5064864 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 5064864 registers.edi: 5064864 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545287.062625 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 5063432 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 5063432 registers.edi: 5063432 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545286.344375 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 6112200 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 6112200 registers.edi: 6112200 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545286.344 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 2705568 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 2705568 registers.edi: 2705568 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545286.734 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 5916832 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 5916832 registers.edi: 5916832 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545286.672 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 5260288 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 5260288 registers.edi: 5260288 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545287.06275 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 5658112 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 5658112 registers.edi: 5658112 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545287.078375 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 3098784 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 3098784 registers.edi: 3098784 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545288.171625 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 9126840 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 9126840 registers.edi: 9126840 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545287.499625 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 8865944 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 8865944 registers.edi: 8865944 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545287.797375 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 5981328 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 5981328 registers.edi: 5981328 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545287.87525 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 8865952 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 8865952 registers.edi: 8865952 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545288.15575 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 4932736 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 4932736 registers.edi: 4932736 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545288.234 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 3360928 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 3360928 registers.edi: 3360928 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545291.31275 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 8864312 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 8864312 registers.edi: 8864312 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545288.594375 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 3361024 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 3361024 registers.edi: 3361024 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545288.891125 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 3296640 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 3296640 registers.edi: 3296640 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545288.938375 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 9128096 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 9128096 registers.edi: 9128096 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545290.266125 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 5980864 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 5980864 registers.edi: 5980864 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545289.31275 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 5785760 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 5785760 registers.edi: 5785760 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545289.593875 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 5718776 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 5718776 registers.edi: 5718776 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545289.703375 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 2705568 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 2705568 registers.edi: 2705568 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545289.938 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 5391136 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 5391136 registers.edi: 5391136 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545290.04675 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 5130480 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 5130480 registers.edi: 5130480 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545290.26575 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 5391112 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 5391112 registers.edi: 5391112 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545290.406125 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 2705568 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 2705568 registers.edi: 2705568 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545291.2965 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 5849832 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 5849832 registers.edi: 5849832 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545290.797125 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 2836640 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 2836640 registers.edi: 2836640 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545290.952625 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 9126944 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 9126944 registers.edi: 9126944 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545291.15575 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 5785760 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 5785760 registers.edi: 5785760 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545291.29675 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 6177808 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 6177808 registers.edi: 6177808 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success
1727545291.531125 __exception__	exception.address: 0x76e8b727 exception.instruction: leave exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.exception_code: 0xc000008f registers.eax: 1636572 registers.ecx: 2 registers.edx: 0 registers.ebx: 6244512 registers.esp: 1636572 registers.ebp: 1636652 registers.esi: 6244512 registers.edi: 6244512 stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228	success

Time & API	Arguments	Status
1727545340.203375 NtAllocateVirtualMemory	process_handle: 0xffffffff base_address: 0x03670000 region_size: 4096 allocation_type: 4096 (MEM_COMMIT) protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3028	success
1727545284.3125 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x74d51000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 1960	success
1727545284.3585 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x72591000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 1960	success
1727545284.3905 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x738a1000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 1960	success
1727545284.7185 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x74d51000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 2424	success
1727545284.7495 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x72591000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 2424	success
1727545284.7805 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x738a1000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 2424	success
1727545286.96875 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x74d51000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 1848	success
1727545286.98375 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x72591000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 1848	success
1727545287.01575 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x738a1000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 1848	success
1727545288.813125 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x74d51000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 2944	success
1727545288.844125 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x72591000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 2944	success
1727545288.859125 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x738a1000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 2944	success
1727545292.5775 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x74d51000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 816	success
1727545292.5935 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x72591000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 816	success
1727545292.6245 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x738a1000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 816	success
1727545292.9215 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x74d51000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 2980	success
1727545292.9525 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x72591000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 2980	success
1727545292.9835 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x738a1000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 2980	success
1727545293.3125 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x74d51000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 1592	success
1727545293.3435 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x72591000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 1592	success
1727545293.3745 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x738a1000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 1592	success
1727545293.671875 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x74d51000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 2788	success
1727545293.702875 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x72591000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 2788	success
1727545293.733875 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x738a1000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 2788	success
1727545294.030875 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x74d51000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3096	success
1727545294.046875 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x72591000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3096	success
1727545294.077875 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x738a1000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3096	success
1727545294.405875 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x74d51000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3160	success
1727545294.452875 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x72591000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3160	success
1727545294.468875 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x738a1000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3160	success
1727545294.797125 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x74d51000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3248	success
1727545294.813125 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x72591000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3248	success
1727545294.828125 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x738a1000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3248	success
1727545295.109 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x74d51000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3336	success
1727545295.156 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x72591000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3336	success
1727545295.172 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x738a1000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3336	success
1727545295.563125 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x74d51000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3424	success
1727545295.594125 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x72591000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3424	success
1727545295.625125 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x738a1000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3424	success
1727545295.969375 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x74d51000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3544	success
1727545296.000375 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x72591000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3544	success
1727545296.016375 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x738a1000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3544	success
1727545296.313125 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x74d51000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3624	success
1727545296.344125 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x72591000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3624	success
1727545296.375125 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x738a1000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3624	success
1727545296.703125 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x74d51000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3712	success
1727545296.719125 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x72591000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3712	success
1727545296.766125 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x738a1000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3712	success
1727545297.094375 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x74d51000 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3796	success

Time & API	Arguments	Status	Return	Repeated
1727545342.219375 SetFileAttributesW	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath: C:\Users\Administrator\AppData\Local\Temp\0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.zip filepath_r: C:\Users\Administrator\AppData\Local\Temp\0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.zip	success	1	0

Time & API	Arguments	Status
1727545281.344375 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00360000 length: 24576 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 3028	success
1727545281.375375 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00360000 length: 40960 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 3028	success
1727545281.780875 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00420000 length: 24576 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 920	success
1727545281.812875 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00420000 length: 40960 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 920	success
1727545282.140875 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x003d0000 length: 24576 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 1260	success
1727545282.171875 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x003d0000 length: 40960 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 1260	success
1727545282.530875 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00420000 length: 24576 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 2228	success
1727545282.546875 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00420000 length: 40960 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 2228	success
1727545282.938125 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x003c0000 length: 24576 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 2492	success
1727545282.969125 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x003c0000 length: 40960 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 2492	success
1727545283.108625 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00420000 length: 24576 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 1836	success
1727545283.108625 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00420000 length: 40960 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 1836	success
1727545283.344 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00510000 length: 24576 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 1920	success
1727545283.375 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00510000 length: 40960 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 1920	success
1727545283.39125 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00420000 length: 24576 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 952	success
1727545283.42225 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00420000 length: 40960 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 952	success
1727545283.733625 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x01c10000 length: 24576 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 2476	success
1727545283.749625 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x01c10000 length: 40960 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 2476	success
1727545283.76625 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00440000 length: 24576 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 1012	success
1727545283.79725 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00440000 length: 40960 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 1012	success
1727545284.203125 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x003d0000 length: 24576 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 1148	success
1727545284.234125 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x003d0000 length: 40960 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 1148	success
1727545284.3125 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00430000 length: 24576 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 1960	success
1727545284.3435 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00430000 length: 40960 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 1960	success
1727545284.624625 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x003d0000 length: 24576 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 2592	success
1727545284.655625 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x003d0000 length: 40960 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 2592	success
1727545284.7025 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00680000 length: 24576 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 2424	success
1727545284.7335 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00680000 length: 40960 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 2424	success
1727545285.0305 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00420000 length: 24576 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 2836	success
1727545285.0465 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00420000 length: 40960 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 2836	success
1727545285.108625 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00390000 length: 24576 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 2080	success
1727545285.140625 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00390000 length: 40960 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 2080	success
1727545285.438125 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00430000 length: 24576 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 2644	success
1727545285.469125 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00430000 length: 40960 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 2644	success
1727545285.469375 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x004e0000 length: 24576 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 2844	success
1727545285.500375 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x004e0000 length: 40960 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 2844	success
1727545285.859 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00440000 length: 24576 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 2420	success
1727545285.875 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00440000 length: 40960 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 2420	success
1727545285.874625 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x003d0000 length: 24576 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 2084	success
1727545285.905625 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x003d0000 length: 40960 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 2084	success
1727545286.219375 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00350000 length: 24576 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 2352	success
1727545286.250375 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00350000 length: 40960 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 2352	success
1727545286.234 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00520000 length: 24576 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 1372	success
1727545286.25 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00520000 length: 40960 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 1372	success
1727545286.609 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00540000 length: 24576 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 2136	success
1727545286.641 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00540000 length: 40960 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 2136	success
1727545286.594 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00430000 length: 24576 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 2472	success
1727545286.609 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00430000 length: 40960 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 2472	success
1727545286.95275 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00430000 length: 24576 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 1848	success
1727545286.98375 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00430000 length: 40960 protection: 32 (PAGE_EXECUTE_READ) process_identifier: 1848	success

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2009-01-06 12:02:14

PE Imphash

1f75ee5de8ac0c77c6e43508555114fe

Sections

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
UPX0	0x00001000	0x00010000	0x00000000	0.0
UPX1	0x00011000	0x00004000	0x00003e00	7.804677160000417
.rsrc	0x00015000	0x00006000	0x00005e00	4.19218612720756

Resources

Name	Offset	Size	Language	Sub-language	File type
RT_ICON	0x0001a4f8	0x00000468	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_ICON	0x0001a4f8	0x00000468	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_ICON	0x0001a4f8	0x00000468	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_ICON	0x0001a4f8	0x00000468	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_ICON	0x0001a4f8	0x00000468	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_ICON	0x0001a4f8	0x00000468	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_GROUP_ICON	0x0001a964	0x0000005c	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_VERSION	0x0001a9c4	0x00000224	LANG_ENGLISH	SUBLANG_ENGLISH_US	None

Imports

Library KERNEL32.DLL:

• 0x41ac24 LoadLibraryA

• 0x41ac28 ExitProcess

• 0x41ac2c GetProcAddress

• 0x41ac30 VirtualProtect

Library MSVBVM60.DLL:

• 0x41ac38 None

L!This program cannot be run in DOS mode.
sisisi
ldsiRichsi
/S%L]"
(H2222
`|X22220L4D2222
h2222T@tx2222lp<P22228
Project1
frm_main
sMmg#3
<Z5u]_+
pkm3\k(wSM4
v`L0[$P
d4H{\u'G@
7t<s:3?
#l#CuTx#|C
$jv]yGd8X
hZas<o
uk<TpW
DSSS]voO
g.O_}t
/stun$%12V44)
/Z[qBabcd
ef/Yg}!}Yh.V8
(YZZ[a((/
NEFGHK
X'3*z
J[6`o39
?chh74Xd
;hh<\{
3([[+g&p[
Cp-Bgd
kxr|30$4xQ
vm(#tfsK'hT
tWd(tK'
+d8hn4k
{*lzD!w@gylz/
`cDOE!gYjji
D\2^~7j'@
v^wJgL
I56789:<#$>
U-m]`]yG+m
;loB's
:R{o]G:
no{~#
;Y6]^_`a
"OPQRSTUV=G
%;<=>>?@AB
i|eL4$
z"g'd
R9:(Hi
F7zeJ/
(7sz`iF1#
Cf8i:s&
qWfID3s
OntsoV
x(\jEs&t_
liZXzm
h4gzW
YKDf,?
MroWzp
("G}!l3
!;o/@.3wS3vc
{v;C%]u
/B6qs.P'|C{M
dC&!*@
PGLU.([!p
vwryq]J4[
t^B0#K
elQXdKVq|#O!
~>LWD;
7~irC/*GB:b
5_G`SG+
ffllZ{vHh[x
EOt{Q[w4
o%Z:n7S?
kX6Zfm]sdlp5H
n;~Ys,g
|VYCi}Q4t`e}
tq^HP#K)
vcOkdu
`R)c[5X
6+j!`{st
YZ~jLwd
J?etD_^
Form1vg
$HT~_ f{chh
g ]c((t
\b|m4]S
0 Az4tm
I^\@@-VB5!*
lj@tt#\YxJ
HmusicvnWV
rosoft Windowsf
PoL54$
x02 'T
2At,AN
~}qA}|@O
q08/Yj
pwTnK(~nOn=
(s*xGK8
#\?deX#
&oo5uE
%/yp`l(X[t+
/q+ 1rk
[I|#pus
Df=3hD<
K}+Nzz
0n;Oza/`c
module
egistry
untilW
checkM1
f4n@3K
(/R}`U
F;M"-KZj.=h
+3qC:\L
gram Fis\<Vz/)ual Studio\VB98
6.OL\hg
0|In[@
gd#BVh[
3Kk!nel32
^(CeMu
6bgOykw
RTHsG@0G(0
ZNCx4Sr
<HdCd'#"
~@HKr$/
kY8\AcVcO
d=42F7i
cAnDLL[
'C*Z|4%H[x8!
WINDOWS\sy)
em\msvbvm60.l\3^
a4api1
gSetV^ueE
Open KeyHGl2$
JFoH;a
d)_/KSav@N~C 
Fstrror
EnumGX!
TokK(4qivFg.
+VupI',
^lkcs3
GFCAurrDtQ
wCr/]}
in'dzr
zGp!1I+4
xK/bC+msttFM
h1 v[dm
uccNF+d
g+sKQpJH
QMp"t_
DCM<;agZGD,
4Td#Post8
O`WsAW
TextAGh\2$
GLxgth+^r Ohp
,bONjH_]a
u Est!`
[0_xvzc
o5MGrwrc%C1m]
X.y,x8'
t4l:nl
2*#pa{
pl.p#ttgPp1/
(JX(+W
Pwxz4a0>$d
oex})P5
1@gPT"
q<R9l-qS/l
p!1(kG
(<]/Y,
'9:#NLV:u:SfNq
@%I`w!%
wL`cKXf&|
i;~66s
W%ZBa~A
<640`F
*<8*.F*B+
<D&`{!E$
8ut.fva
@tB&/4w
d8s+pfhDD68
#^qa_,
*%Fk&g4X
QCbMS}
Y<*l0L\x
9c(t=7:
oGo<bn
tXn?$WX`]#
i(rdH/8
!hK"'#X
XE@|dU
H[sw*\`
#5l0HU
/ov8%A31@
>;\?A3
@M(]{<
B2YQ`[\`
c$a\\<'X\X\$Y.
XXBjBBbXkM
l0dC-!v:
[a sIpClW
C7\D@& 
PPLPddLPLLA&
Bt-88 
X`X`{+
?&xqPPfnr
\PYTYL2
J3fGTO7`
gfO`:n
h<l-,,"s
X<@8447
Q+xdr,h
'+0Ra:
(-XF+4\`!
k40r,d;
"d2L&d29**D@E
MethCallEneginQ
EVENT_SINK_AddRef$
D2Function>
__vbaEx
!"ctY#D
[uWe(t d.
d'.Vxt
G`.data`1
.rsrc+
GPGWHU,
XPTPSWXaD$j
jjjjjjjjjjjjjjjjjjjjjjjjjj]
jjjjjjjjjjjjjjjjjjjjjjjjjj
dddddddddddddddddddddddddd
dddddddddddddddddddddddddd
__________________________r
stun$%12V44)
zzzzzzzzzzzzzzz{
Tikumn
/Z[qr
bcdddddddddef/YggggggggggggggYh
(YZZ[a((
(YYZZZ]
NEFGHK
deEFGHIyKL
12344*z
$P&'(Z
|bbbbbbbbbbbbbbb
UUUUUUUUUUUUUUUC
qrst!w@gylz///////
q`cDefE!gYjjiiijj2mnop
UUCCCDVWX
YZZ[\2^
CDEFvwJgL
23456789:<#$>
 "#$%&'()*+,
bcdefghi
WXYZ[\]^_`a
LMNOPQRSTUV
CDEFGGGHIJK
9:;<=>>?@AB
345678
$%&'()*+,-.
-kkeJ/
.nnnnnnnS8
/qqqqqqqqqqq\@$
tttttttttttttttfI3
wwwwwwwwwwwwwwwwwwwpS<
zzzzzzzzzzzzzzzzzzzzzzzz\E&
}}}}}}}}}}}}}}}}}}}}}}}}}}M
H((wf,
I33lfZ
}KUUmfh
}]WWnf
urpg\B(
qkruvwyq]J4
gpwvvvvw{}tkW=!
kt{{{{{{{z{|
s#Keq|
fvhQC7Q
~Yn_YNA^
u]O7 q
w~~xkZD'~
+j!{tp
YZ~jLwd
KERNEL32.DLL
MSVBVM60.DLL
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
hdH, d
l\XL@\
~xkZF+
R:u]O:&
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
040904B0
CompanyName
ProductName
Microsoft Windows
FileVersion
1.00.0057
ProductVersion
1.00.0057
InternalName
musicvn
OriginalFilename
musicvn.exe
(5%&'37
34456:
&*/3333,7
$%%%%
!!!5588844445
 ###$
 !!-%&(((
 "&012

Process Tree

explorer.exe (1412) C:\Windows\Explorer.EXE
0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe (3028) "C:\Users\Administrator\AppData\Local\Temp\0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe"
- System Restore.exe (5048) "C:\Users\Administrator\AppData\Local\Temp\{D0BE5024-B2C9-4283-A654-CF5C0A8AD3AC}\System Restore.exe" C:\Users\Administrator\AppData\Local\Temp\{D0BE5024-B2C9-4283-A654-CF5C0A8AD3AC}\
- backup.exe (2644) C:\Users\Administrator\AppData\Local\Temp\{2BEFC5EC-7E68-472f-BFBA-9452629B70A7}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{2BEFC5EC-7E68-472f-BFBA-9452629B70A7}\
- backup.exe (4548) C:\Users\Administrator\AppData\Local\Temp\{E3718C7E-DD72-4ca7-BA47-4A7230AD86CC}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{E3718C7E-DD72-4ca7-BA47-4A7230AD86CC}\
- backup.exe (8344) C:\Users\Administrator\AppData\Local\Temp\lSvSbBjLdZgCvLhB\backup.exe C:\Users\Administrator\AppData\Local\Temp\lSvSbBjLdZgCvLhB\
- backup.exe (9932) C:\Users\Administrator\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Administrator\AppData\Local\Temp\WPDNSE\
- backup.exe (9808) C:\Users\Administrator\AppData\Local\Temp\qRiTlKoYcHfXkHrA\backup.exe C:\Users\Administrator\AppData\Local\Temp\qRiTlKoYcHfXkHrA\
- backup.exe (5204) C:\Users\Administrator\AppData\Local\Temp\dQeBqYwAtRxDgGmJ\backup.exe C:\Users\Administrator\AppData\Local\Temp\dQeBqYwAtRxDgGmJ\
- backup.exe (6484) C:\Users\Administrator\AppData\Local\Temp\gGyIaMtGxUsQuCeQ\backup.exe C:\Users\Administrator\AppData\Local\Temp\gGyIaMtGxUsQuCeQ\
- backup.exe (11432) C:\Users\Administrator\AppData\Local\Temp\xOqBdIxBuToKsKrC\backup.exe C:\Users\Administrator\AppData\Local\Temp\xOqBdIxBuToKsKrC\
- backup.exe (2708) C:\Users\Administrator\AppData\Local\Temp\{7723B3EA-D1C9-4dec-A024-176C96A8CD60}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{7723B3EA-D1C9-4dec-A024-176C96A8CD60}\
- backup.exe (2836) C:\Users\Administrator\AppData\Local\Temp\{1E01E5A1-6033-4922-A35E-A0F547E0C9E1}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{1E01E5A1-6033-4922-A35E-A0F547E0C9E1}\
- backup.exe (3488) C:\Users\Administrator\AppData\Local\Temp\{BC129C12-F0A6-453f-8165-3149FA0A3F22}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{BC129C12-F0A6-453f-8165-3149FA0A3F22}\
- data.exe (9964) C:\Users\Administrator\AppData\Local\Temp\pAwWdWrZtKqWbMgQ\data.exe C:\Users\Administrator\AppData\Local\Temp\pAwWdWrZtKqWbMgQ\
- backup.exe (4528) C:\Users\Administrator\AppData\Local\Temp\{CD8C5AB3-4C7C-4a20-B5C0-A95755CE9246}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{CD8C5AB3-4C7C-4a20-B5C0-A95755CE9246}\
- backup.exe (4472) C:\Users\Administrator\AppData\Local\Temp\{EAFFD803-F927-40fb-A377-A1F640453D44}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{EAFFD803-F927-40fb-A377-A1F640453D44}\
- backup.exe (8584) C:\Users\Administrator\AppData\Local\Temp\mJfCfKyMzJuCkAiC\backup.exe C:\Users\Administrator\AppData\Local\Temp\mJfCfKyMzJuCkAiC\
- backup.exe (6640) C:\Users\Administrator\AppData\Local\Temp\gUsMfHvTsUaHaYaF\backup.exe C:\Users\Administrator\AppData\Local\Temp\gUsMfHvTsUaHaYaF\
- backup.exe (1920) C:\Users\Administrator\AppData\Local\Temp\{12C374F3-DFFE-429c-B0DD-C8C980E9FB80}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{12C374F3-DFFE-429c-B0DD-C8C980E9FB80}\
- backup.exe (6888) C:\Users\Administrator\AppData\Local\Temp\hAmKyGlNbRlWzOkC\backup.exe C:\Users\Administrator\AppData\Local\Temp\hAmKyGlNbRlWzOkC\
- backup.exe (5748) C:\Users\Administrator\AppData\Local\Temp\bNuYjSqVwEbPiOtQ\backup.exe C:\Users\Administrator\AppData\Local\Temp\bNuYjSqVwEbPiOtQ\
- backup.exe (5856) C:\Users\Administrator\AppData\Local\Temp\drvmgr\backup.exe C:\Users\Administrator\AppData\Local\Temp\drvmgr\
- backup.exe (4364) C:\Users\Administrator\AppData\Local\Temp\{D5DB27FB-5D30-4db1-8051-6B7A8043A93A}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{D5DB27FB-5D30-4db1-8051-6B7A8043A93A}\
- backup.exe (3268) C:\Users\Administrator\AppData\Local\Temp\{9C7EF6A8-9E7A-4c1d-A2C9-912C5CABE90C}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{9C7EF6A8-9E7A-4c1d-A2C9-912C5CABE90C}\
- backup.exe (3212) C:\Users\Administrator\AppData\Local\Temp\{C568E16B-6E11-46db-89C2-F661E94B4294}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{C568E16B-6E11-46db-89C2-F661E94B4294}\
- backup.exe (1148) C:\Users\Administrator\AppData\Local\Temp\{19BC8D80-7DBA-4eaf-BAA4-7EFDD485A62B}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{19BC8D80-7DBA-4eaf-BAA4-7EFDD485A62B}\
- backup.exe (4016) C:\Users\Administrator\AppData\Local\Temp\{BD3020AF-FD01-489a-B18D-F810D754BCE9}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{BD3020AF-FD01-489a-B18D-F810D754BCE9}\
- data.exe (3272) C:\Users\Administrator\AppData\Local\Temp\{846CC0DF-D1C3-40c4-8D1F-994B51C6A60E}\data.exe C:\Users\Administrator\AppData\Local\Temp\{846CC0DF-D1C3-40c4-8D1F-994B51C6A60E}\
- backup.exe (11472) C:\Users\Administrator\AppData\Local\Temp\yTcYyBnJqEnDeBaG\backup.exe C:\Users\Administrator\AppData\Local\Temp\yTcYyBnJqEnDeBaG\
- backup.exe (920) C:\Users\Administrator\AppData\Local\Temp\{007749AF-B6AC-470e-B04A-917ACBD00367}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{007749AF-B6AC-470e-B04A-917ACBD00367}\
  - backup.exe (1836) \backup.exe \
    - backup.exe (952) C:\360Downloads\backup.exe C:\360Downloads\
      - backup.exe (2476) C:\360Downloads\360驱动大师目录\backup.exe C:\360Downloads\360驱动大师目录\
        
        update.exe (1960) C:\360Downloads\360驱动大师目录\下载保存目录\update.exe C:\360Downloads\360驱动大师目录\下载保存目录\
        
        backup.exe (2424) C:\360Downloads\360驱动大师目录\下载保存目录\SeachDownload\backup.exe C:\360Downloads\360驱动大师目录\下载保存目录\SeachDownload\
    - backup.exe (8088) C:\Users\backup.exe C:\Users\
      - backup.exe (9924) C:\Users\Public\backup.exe C:\Users\Public\
        
        backup.exe (10044) C:\Users\Public\Downloads\backup.exe C:\Users\Public\Downloads\
        
        backup.exe (10660) C:\Users\Public\Pictures\backup.exe C:\Users\Public\Pictures\
        
        backup.exe (11064) "C:\Users\Public\Pictures\Sample Pictures\backup.exe" C:\Users\Public\Pictures\Sample Pictures\
        
        backup.exe (10192) C:\Users\Public\Music\backup.exe C:\Users\Public\Music\
        
        backup.exe (9308) "C:\Users\Public\Music\Sample Music\backup.exe" C:\Users\Public\Music\Sample Music\
        
        backup.exe (10860) C:\Users\Public\Videos\backup.exe C:\Users\Public\Videos\
        
        backup.exe (11144) "C:\Users\Public\Videos\Sample Videos\backup.exe" C:\Users\Public\Videos\Sample Videos\
        
        backup.exe (9192) C:\Users\Public\Documents\backup.exe C:\Users\Public\Documents\
        
        update.exe (10540) "C:\Users\Public\Recorded TV\update.exe" C:\Users\Public\Recorded TV\
        
        backup.exe (10220) "C:\Users\Public\Recorded TV\Sample Media\backup.exe" C:\Users\Public\Recorded TV\Sample Media\
      - backup.exe (7340) C:\Users\Administrator\backup.exe C:\Users\Administrator\
        
        backup.exe (7260) C:\Users\Administrator\Downloads\backup.exe C:\Users\Administrator\Downloads\
        
        backup.exe (7700) C:\Users\Administrator\Contacts\backup.exe C:\Users\Administrator\Contacts\
        
        backup.exe (7596) C:\Users\Administrator\Documents\backup.exe C:\Users\Administrator\Documents\
        
        backup.exe (8064) C:\Users\Administrator\Desktop\backup.exe C:\Users\Administrator\Desktop\
        
        backup.exe (10408) C:\Users\Administrator\Videos\backup.exe C:\Users\Administrator\Videos\
        
        backup.exe (10808) C:\Users\Administrator\Music\backup.exe C:\Users\Administrator\Music\
        
        backup.exe (9996) C:\Users\Administrator\Searches\backup.exe C:\Users\Administrator\Searches\
        
        backup.exe (10508) C:\Users\Administrator\Links\backup.exe C:\Users\Administrator\Links\
        
        backup.exe (11164) C:\Users\Administrator\Pictures\backup.exe C:\Users\Administrator\Pictures\
        
        backup.exe (10228) "C:\Users\Administrator\Saved Games\backup.exe" C:\Users\Administrator\Saved Games\
      - data.exe (10888) C:\Users\tu\data.exe C:\Users\tu\
        
        backup.exe (11848) C:\Users\tu\Documents\backup.exe C:\Users\tu\Documents\
        
        backup.exe (11608) C:\Users\tu\Desktop\backup.exe C:\Users\tu\Desktop\
        
        backup.exe (11364) C:\Users\tu\Contacts\backup.exe C:\Users\tu\Contacts\
        
        backup.exe (12156) C:\Users\tu\Downloads\backup.exe C:\Users\tu\Downloads\
    - System Restore.exe (2080) "C:\exsrjwtsit\System Restore.exe" C:\exsrjwtsit\
      - backup.exe (1448) C:\exsrjwtsit\modules\backup.exe C:\exsrjwtsit\modules\
        
        backup.exe (2448) C:\exsrjwtsit\modules\auxiliary\backup.exe C:\exsrjwtsit\modules\auxiliary\
        
        backup.exe (368) C:\exsrjwtsit\modules\packages\backup.exe C:\exsrjwtsit\modules\packages\
      - backup.exe (2084) C:\exsrjwtsit\lib\backup.exe C:\exsrjwtsit\lib\
        
        backup.exe (2352) C:\exsrjwtsit\lib\api\backup.exe C:\exsrjwtsit\lib\api\
        
        update.exe (1848) C:\exsrjwtsit\lib\core\update.exe C:\exsrjwtsit\lib\core\
        
        backup.exe (2472) C:\exsrjwtsit\lib\common\backup.exe C:\exsrjwtsit\lib\common\
      - backup.exe (2844) C:\exsrjwtsit\bin\backup.exe C:\exsrjwtsit\bin\
    - backup.exe (3820) "C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\
      - backup.exe (8136) "C:\Program Files (x86)\MSBuild\backup.exe" C:\Program Files (x86)\MSBuild\
        
        backup.exe (9136) "C:\Program Files (x86)\MSBuild\Microsoft\backup.exe" C:\Program Files (x86)\MSBuild\Microsoft\
        
        backup.exe (8552) "C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\backup.exe" C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\
        
        backup.exe (9080) "C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\backup.exe" C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\
        
        backup.exe (8276) "C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\backup.exe" C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\
      - backup.exe (12656) "C:\Program Files (x86)\Windows Sidebar\backup.exe" C:\Program Files (x86)\Windows Sidebar\
        
        System Restore.exe (13120) "C:\Program Files (x86)\Windows Sidebar\Gadgets\System Restore.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\
        
        backup.exe (12620) "C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\backup.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\
        
        System Restore.exe (12856) "C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\System Restore.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\
        
        update.exe (2932) "C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\zh-CN\update.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\zh-CN\
        
        backup.exe (13364) "C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\zh-CN\css\backup.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\zh-CN\css\
        
        backup.exe (12684) "C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\backup.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\
        
        update.exe (12740) "C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\zh-CN\update.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\zh-CN\
        
        backup.exe (12436) "C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\zh-CN\css\backup.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\zh-CN\css\
        
        backup.exe (12240) "C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\zh-CN\js\backup.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\zh-CN\js\
        
        backup.exe (13144) "C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\backup.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\
      - backup.exe (10248) "C:\Program Files (x86)\Windows Media Player\backup.exe" C:\Program Files (x86)\Windows Media Player\
        
        backup.exe (11516) "C:\Program Files (x86)\Windows Media Player\Skins\backup.exe" C:\Program Files (x86)\Windows Media Player\Skins\
        
        backup.exe (12188) "C:\Program Files (x86)\Windows Media Player\zh-CN\backup.exe" C:\Program Files (x86)\Windows Media Player\zh-CN\
        
        backup.exe (11840) "C:\Program Files (x86)\Windows Media Player\Visualizations\backup.exe" C:\Program Files (x86)\Windows Media Player\Visualizations\
        
        backup.exe (11300) "C:\Program Files (x86)\Windows Media Player\Network Sharing\backup.exe" C:\Program Files (x86)\Windows Media Player\Network Sharing\
        
        backup.exe (10744) "C:\Program Files (x86)\Windows Media Player\Media Renderer\backup.exe" C:\Program Files (x86)\Windows Media Player\Media Renderer\
      - backup.exe (10748) "C:\Program Files (x86)\Windows Defender\backup.exe" C:\Program Files (x86)\Windows Defender\
        
        backup.exe (11140) "C:\Program Files (x86)\Windows Defender\zh-CN\backup.exe" C:\Program Files (x86)\Windows Defender\zh-CN\
      - backup.exe (5700) "C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\
        
        backup.exe (6708) "C:\Program Files (x86)\Common Files\Services\backup.exe" C:\Program Files (x86)\Common Files\Services\
        
        backup.exe (7152) "C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe" C:\Program Files (x86)\Common Files\SpeechEngines\
        
        backup.exe (6168) "C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\
        
        backup.exe (6768) "C:\Program Files (x86)\Common Files\System\backup.exe" C:\Program Files (x86)\Common Files\System\
        
        backup.exe (7064) "C:\Program Files (x86)\Common Files\System\ado\backup.exe" C:\Program Files (x86)\Common Files\System\ado\
        
        backup.exe (7256) "C:\Program Files (x86)\Common Files\System\ado\en-US\backup.exe" C:\Program Files (x86)\Common Files\System\ado\en-US\
        
        backup.exe (7388) "C:\Program Files (x86)\Common Files\System\ado\zh-CN\backup.exe" C:\Program Files (x86)\Common Files\System\ado\zh-CN\
        
        update.exe (7656) "C:\Program Files (x86)\Common Files\System\zh-CN\update.exe" C:\Program Files (x86)\Common Files\System\zh-CN\
        
        backup.exe (7520) "C:\Program Files (x86)\Common Files\System\en-US\backup.exe" C:\Program Files (x86)\Common Files\System\en-US\
        
        backup.exe (7652) "C:\Program Files (x86)\Common Files\System\msadc\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\
        
        backup.exe (7784) "C:\Program Files (x86)\Common Files\System\msadc\en-US\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\en-US\
        
        backup.exe (7916) "C:\Program Files (x86)\Common Files\System\msadc\zh-CN\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\zh-CN\
        
        backup.exe (8148) "C:\Program Files (x86)\Common Files\System\Ole DB\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\
        
        backup.exe (7720) "C:\Program Files (x86)\Common Files\System\Ole DB\zh-CN\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\zh-CN\
        
        backup.exe (7292) "C:\Program Files (x86)\Common Files\System\Ole DB\en-US\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\en-US\
        
        backup.exe (6016) "C:\Program Files (x86)\Common Files\microsoft shared\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\
        
        backup.exe (5452) "C:\Program Files (x86)\Common Files\microsoft shared\DAO\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\DAO\
        
        backup.exe (6716) "C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\
        
        backup.exe (6844) "C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\en-US\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\en-US\
        
        backup.exe (7004) "C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\zh-CN\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\zh-CN\
        
        backup.exe (6756) "C:\Program Files (x86)\Common Files\microsoft shared\VC\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\VC\
        
        update.exe (7032) "C:\Program Files (x86)\Common Files\microsoft shared\VC\amd64\update.exe" C:\Program Files (x86)\Common Files\microsoft shared\VC\amd64\
        
        backup.exe (6408) "C:\Program Files (x86)\Common Files\microsoft shared\TextConv\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\
        
        backup.exe (6704) "C:\Program Files (x86)\Common Files\microsoft shared\TextConv\en-US\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\en-US\
        
        backup.exe (7156) "C:\Program Files (x86)\Common Files\microsoft shared\Stationery\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Stationery\
        
        data.exe (900) "C:\Program Files (x86)\Common Files\microsoft shared\ink\data.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\
        
        backup.exe (6208) "C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\
        
        backup.exe (6384) "C:\Program Files (x86)\Common Files\microsoft shared\ink\HWRCustomization\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\HWRCustomization\
        
        backup.exe (5228) "C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\
        
        backup.exe (6476) "C:\Program Files (x86)\Common Files\microsoft shared\ink\zh-CN\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\zh-CN\
        
        data.exe (5760) "C:\Program Files (x86)\Common Files\microsoft shared\ink\1.0\data.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\1.0\
        
        backup.exe (6924) "C:\Program Files (x86)\Common Files\microsoft shared\Triedit\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Triedit\
        
        backup.exe (6232) "C:\Program Files (x86)\Common Files\microsoft shared\Triedit\en-US\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Triedit\en-US\
        
        backup.exe (6456) "C:\Program Files (x86)\Common Files\microsoft shared\VGX\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\VGX\
      - backup.exe (12876) "C:\Program Files (x86)\Windows Photo Viewer\backup.exe" C:\Program Files (x86)\Windows Photo Viewer\
        
        backup.exe (13136) "C:\Program Files (x86)\Windows Photo Viewer\zh-CN\backup.exe" C:\Program Files (x86)\Windows Photo Viewer\zh-CN\
      - backup.exe (8040) "C:\Program Files (x86)\Mozilla Firefox\backup.exe" C:\Program Files (x86)\Mozilla Firefox\
        
        backup.exe (8164) "C:\Program Files (x86)\Mozilla Firefox\browser\backup.exe" C:\Program Files (x86)\Mozilla Firefox\browser\
        
        backup.exe (7908) "C:\Program Files (x86)\Mozilla Firefox\browser\VisualElements\backup.exe" C:\Program Files (x86)\Mozilla Firefox\browser\VisualElements\
        
        backup.exe (7736) "C:\Program Files (x86)\Mozilla Firefox\browser\features\backup.exe" C:\Program Files (x86)\Mozilla Firefox\browser\features\
        
        backup.exe (8500) "C:\Program Files (x86)\Mozilla Firefox\fonts\backup.exe" C:\Program Files (x86)\Mozilla Firefox\fonts\
        
        backup.exe (8960) "C:\Program Files (x86)\Mozilla Firefox\uninstall\backup.exe" C:\Program Files (x86)\Mozilla Firefox\uninstall\
        
        backup.exe (7424) "C:\Program Files (x86)\Mozilla Firefox\defaults\backup.exe" C:\Program Files (x86)\Mozilla Firefox\defaults\
        
        backup.exe (8320) "C:\Program Files (x86)\Mozilla Firefox\defaults\pref\backup.exe" C:\Program Files (x86)\Mozilla Firefox\defaults\pref\
        
        backup.exe (8668) "C:\Program Files (x86)\Mozilla Firefox\gmp-clearkey\backup.exe" C:\Program Files (x86)\Mozilla Firefox\gmp-clearkey\
        
        backup.exe (8796) "C:\Program Files (x86)\Mozilla Firefox\gmp-clearkey\0.1\backup.exe" C:\Program Files (x86)\Mozilla Firefox\gmp-clearkey\0.1\
      - backup.exe (3300) "C:\Program Files (x86)\360\backup.exe" C:\Program Files (x86)\360\
        
        backup.exe (3772) "C:\Program Files (x86)\360\360DrvMgr\backup.exe" C:\Program Files (x86)\360\360DrvMgr\
        
        backup.exe (3128) "C:\Program Files (x86)\360\360DrvMgr\feedback\backup.exe" C:\Program Files (x86)\360\360DrvMgr\feedback\
        
        backup.exe (3524) "C:\Program Files (x86)\360\360DrvMgr\Utils\backup.exe" C:\Program Files (x86)\360\360DrvMgr\Utils\
        
        backup.exe (4424) "C:\Program Files (x86)\360\360DrvMgr\Log\backup.exe" C:\Program Files (x86)\360\360DrvMgr\Log\
        
        backup.exe (3840) "C:\Program Files (x86)\360\360DrvMgr\config\backup.exe" C:\Program Files (x86)\360\360DrvMgr\config\
        
        backup.exe (4180) "C:\Program Files (x86)\360\360DrvMgr\config\defaultskin\backup.exe" C:\Program Files (x86)\360\360DrvMgr\config\defaultskin\
        
        backup.exe (4444) "C:\Program Files (x86)\360\360DrvMgr\config\skin\backup.exe" C:\Program Files (x86)\360\360DrvMgr\config\skin\
        
        backup.exe (4676) "C:\Program Files (x86)\360\360DrvMgr\config\skin\tools\backup.exe" C:\Program Files (x86)\360\360DrvMgr\config\skin\tools\
        
        backup.exe (4856) "C:\Program Files (x86)\360\360DrvMgr\endata\backup.exe" C:\Program Files (x86)\360\360DrvMgr\endata\
        
        backup.exe (4948) "C:\Program Files (x86)\360\360DrvMgr\netmon\backup.exe" C:\Program Files (x86)\360\360DrvMgr\netmon\
        
        backup.exe (4456) "C:\Program Files (x86)\360\360DrvMgr\netmon\360sensordrv\backup.exe" C:\Program Files (x86)\360\360DrvMgr\netmon\360sensordrv\
        
        backup.exe (4972) "C:\Program Files (x86)\360\360TptMon\backup.exe" C:\Program Files (x86)\360\360TptMon\
        
        backup.exe (5736) "C:\Program Files (x86)\360\360TptMon\feedback\backup.exe" C:\Program Files (x86)\360\360TptMon\feedback\
        
        System Restore.exe (5296) "C:\Program Files (x86)\360\360TptMon\deepscan\System Restore.exe" C:\Program Files (x86)\360\360TptMon\deepscan\
        
        backup.exe (5796) "C:\Program Files (x86)\360\360TptMon\netmon\backup.exe" C:\Program Files (x86)\360\360TptMon\netmon\
        
        backup.exe (6096) "C:\Program Files (x86)\360\360TptMon\netmon\360sensordrv\backup.exe" C:\Program Files (x86)\360\360TptMon\netmon\360sensordrv\
        
        backup.exe (4608) "C:\Program Files (x86)\360\360TptMon\config\backup.exe" C:\Program Files (x86)\360\360TptMon\config\
        
        backup.exe (5152) "C:\Program Files (x86)\360\360TptMon\config\defaultskin\backup.exe" C:\Program Files (x86)\360\360TptMon\config\defaultskin\
        
        backup.exe (5360) "C:\Program Files (x86)\360\360TptMon\config\newui\backup.exe" C:\Program Files (x86)\360\360TptMon\config\newui\
        
        backup.exe (5584) "C:\Program Files (x86)\360\360TptMon\config\newui\themes\backup.exe" C:\Program Files (x86)\360\360TptMon\config\newui\themes\
        
        backup.exe (5800) "C:\Program Files (x86)\360\360TptMon\config\newui\themes\default\backup.exe" C:\Program Files (x86)\360\360TptMon\config\newui\themes\default\
        
        backup.exe (6020) "C:\Program Files (x86)\360\360TptMon\config\newui\themes\default\tptmon\backup.exe" C:\Program Files (x86)\360\360TptMon\config\newui\themes\default\tptmon\
        
        backup.exe (3800) "C:\Program Files (x86)\360\360TptMon\config\newui\themes\default\Uninstall\backup.exe" C:\Program Files (x86)\360\360TptMon\config\newui\themes\default\Uninstall\
      - backup.exe (9276) "C:\Program Files (x86)\Reference Assemblies\backup.exe" C:\Program Files (x86)\Reference Assemblies\
        
        backup.exe (9580) "C:\Program Files (x86)\Reference Assemblies\Microsoft\backup.exe" C:\Program Files (x86)\Reference Assemblies\Microsoft\
        
        backup.exe (9768) "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\backup.exe" C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\
        
        backup.exe (9512) "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\backup.exe" C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\
        
        backup.exe (10280) "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\zh-CHS\backup.exe" C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\zh-CHS\
        
        backup.exe (8060) "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\backup.exe" C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\
        
        backup.exe (8800) "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\backup.exe" C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\
        
        backup.exe (9948) "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\backup.exe" C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\
        
        backup.exe (9500) "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList\backup.exe" C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList\
        
        backup.exe (10176) "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\backup.exe" C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\
        
        backup.exe (9896) "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\zh-CHS\backup.exe" C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\zh-CHS\
      - backup.exe (12364) "C:\Program Files (x86)\Windows Portable Devices\backup.exe" C:\Program Files (x86)\Windows Portable Devices\
      - backup.exe (9188) "C:\Program Files (x86)\Mozilla Maintenance Service\backup.exe" C:\Program Files (x86)\Mozilla Maintenance Service\
        
        backup.exe (8464) "C:\Program Files (x86)\Mozilla Maintenance Service\logs\backup.exe" C:\Program Files (x86)\Mozilla Maintenance Service\logs\
      - backup.exe (11596) "C:\Program Files (x86)\Windows NT\backup.exe" C:\Program Files (x86)\Windows NT\
        
        backup.exe (11420) "C:\Program Files (x86)\Windows NT\TableTextService\backup.exe" C:\Program Files (x86)\Windows NT\TableTextService\
        
        backup.exe (12588) "C:\Program Files (x86)\Windows NT\TableTextService\zh-CN\backup.exe" C:\Program Files (x86)\Windows NT\TableTextService\zh-CN\
        
        backup.exe (12416) "C:\Program Files (x86)\Windows NT\TableTextService\en-US\backup.exe" C:\Program Files (x86)\Windows NT\TableTextService\en-US\
        
        backup.exe (11488) "C:\Program Files (x86)\Windows NT\Accessories\backup.exe" C:\Program Files (x86)\Windows NT\Accessories\
        
        backup.exe (11268) "C:\Program Files (x86)\Windows NT\Accessories\zh-CN\backup.exe" C:\Program Files (x86)\Windows NT\Accessories\zh-CN\
        
        backup.exe (11764) "C:\Program Files (x86)\Windows NT\Accessories\en-US\backup.exe" C:\Program Files (x86)\Windows NT\Accessories\en-US\
      - backup.exe (8044) "C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\
        
        backup.exe (7780) "C:\Program Files (x86)\Internet Explorer\zh-CN\backup.exe" C:\Program Files (x86)\Internet Explorer\zh-CN\
        
        backup.exe (7196) "C:\Program Files (x86)\Internet Explorer\en-US\backup.exe" C:\Program Files (x86)\Internet Explorer\en-US\
        
        backup.exe (7248) "C:\Program Files (x86)\Internet Explorer\SIGNUP\backup.exe" C:\Program Files (x86)\Internet Explorer\SIGNUP\
      - backup.exe (10680) "C:\Program Files (x86)\Windows Mail\backup.exe" C:\Program Files (x86)\Windows Mail\
        
        backup.exe (11216) "C:\Program Files (x86)\Windows Mail\zh-CN\backup.exe" C:\Program Files (x86)\Windows Mail\zh-CN\
    - backup.exe (2116) C:\PerfLogs\backup.exe C:\PerfLogs\
      - backup.exe (2304) C:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\
    - backup.exe (1404) "C:\Program Files\backup.exe" C:\Program Files\
      - update.exe (816) "C:\Program Files\Common Files\update.exe" C:\Program Files\Common Files\
        
        backup.exe (4536) "C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\
        
        backup.exe (4908) "C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\
        
        System Restore.exe (4940) "C:\Program Files\Common Files\System\ado\System Restore.exe" C:\Program Files\Common Files\System\ado\
        
        backup.exe (4192) "C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\
        
        backup.exe (4476) "C:\Program Files\Common Files\System\ado\zh-CN\backup.exe" C:\Program Files\Common Files\System\ado\zh-CN\
        
        backup.exe (4508) "C:\Program Files\Common Files\System\Ole DB\backup.exe" C:\Program Files\Common Files\System\Ole DB\
        
        backup.exe (5304) "C:\Program Files\Common Files\System\Ole DB\en-US\backup.exe" C:\Program Files\Common Files\System\Ole DB\en-US\
        
        backup.exe (5536) "C:\Program Files\Common Files\System\Ole DB\zh-CN\backup.exe" C:\Program Files\Common Files\System\Ole DB\zh-CN\
        
        backup.exe (4636) "C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\
        
        backup.exe (4664) "C:\Program Files\Common Files\System\msadc\zh-CN\backup.exe" C:\Program Files\Common Files\System\msadc\zh-CN\
        
        backup.exe (4680) "C:\Program Files\Common Files\System\msadc\en-US\backup.exe" C:\Program Files\Common Files\System\msadc\en-US\
        
        backup.exe (5792) "C:\Program Files\Common Files\System\zh-CN\backup.exe" C:\Program Files\Common Files\System\zh-CN\
        
        backup.exe (2980) "C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\
        
        System Restore.exe (4272) "C:\Program Files\Common Files\Microsoft Shared\Triedit\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\
        
        data.exe (4688) "C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\data.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\
        
        backup.exe (4500) "C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VGX\
        
        backup.exe (4868) "C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VC\
        
        System Restore.exe (4144) "C:\Program Files\Common Files\Microsoft Shared\TextConv\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\
        
        backup.exe (4176) "C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\
        
        backup.exe (1592) "C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\
        
        backup.exe (4092) "C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\
        
        backup.exe (3336) "C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\
        
        update.exe (3400) "C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\
        
        backup.exe (2788) "C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\
        
        backup.exe (6092) "C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\
        
        backup.exe (4932) "C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\
        
        backup.exe (5428) "C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\
        
        backup.exe (3248) "C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\
        
        backup.exe (3352) "C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\
        
        backup.exe (4820) "C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\
        
        System Restore.exe (5160) "C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\
        
        backup.exe (4544) "C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\
        
        backup.exe (4068) "C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\
        
        backup.exe (3424) "C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\
        
        backup.exe (3796) "C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\
        
        backup.exe (5236) "C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\
        
        backup.exe (3544) "C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\
        
        backup.exe (3872) "C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\
        
        backup.exe (3160) "C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\
        
        backup.exe (3548) "C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\
        
        backup.exe (6132) "C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\
        
        backup.exe (5504) "C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\
        
        backup.exe (3712) "C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\
        
        backup.exe (3976) "C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\
        
        backup.exe (3668) "C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\
        
        backup.exe (3284) "C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\
        
        backup.exe (3392) "C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\
        
        backup.exe (3868) "C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\
        
        backup.exe (3716) "C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\
        
        backup.exe (3532) "C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\
        
        backup.exe (4048) "C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\
        
        backup.exe (3124) "C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\
        
        backup.exe (3092) "C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\
        
        backup.exe (4216) "C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\
        
        System Restore.exe (5836) "C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\
        
        backup.exe (4252) "C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\
        
        backup.exe (4264) "C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\
        
        backup.exe (5824) "C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\
        
        backup.exe (4388) "C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\
        
        backup.exe (5604) "C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\
        
        backup.exe (5964) "C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\
        
        backup.exe (3096) "C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\
        
        backup.exe (4580) "C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\
        
        backup.exe (5104) "C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\
        
        update.exe (3560) "C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\
        
        backup.exe (3624) "C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\
        
        data.exe (4132) "C:\Program Files\Common Files\Microsoft Shared\MSInfo\data.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\
        
        backup.exe (4384) "C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\
        
        backup.exe (4592) "C:\Program Files\Common Files\Microsoft Shared\MSInfo\zh-CN\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\zh-CN\
        
        backup.exe (4900) "C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\
        
        backup.exe (3428) "C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\
        
        backup.exe (3604) "C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\
        
        backup.exe (4288) "C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\
      - backup.exe (5492) "C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\
        
        backup.exe (5192) "C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\
        
        backup.exe (3620) "C:\Program Files\Internet Explorer\SIGNUP\backup.exe" C:\Program Files\Internet Explorer\SIGNUP\
        
        backup.exe (4036) "C:\Program Files\Internet Explorer\zh-CN\backup.exe" C:\Program Files\Internet Explorer\zh-CN\
      - backup.exe (6796) "C:\Program Files\Reference Assemblies\backup.exe" C:\Program Files\Reference Assemblies\
        
        backup.exe (6972) "C:\Program Files\Reference Assemblies\Microsoft\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\
        
        backup.exe (7148) "C:\Program Files\Reference Assemblies\Microsoft\Framework\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\
        
        backup.exe (6244) "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\
        
        data.exe (6892) "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\zh-CHS\data.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\zh-CHS\
        
        backup.exe (6580) "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\
        
        backup.exe (6420) "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\
        
        update.exe (6688) "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\update.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\
        
        backup.exe (6816) "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\zh-CHS\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\zh-CHS\
      - backup.exe (5840) "C:\Program Files\Windows Defender\backup.exe" C:\Program Files\Windows Defender\
        
        backup.exe (6832) "C:\Program Files\Windows Defender\zh-CN\backup.exe" C:\Program Files\Windows Defender\zh-CN\
      - backup.exe (8760) "C:\Program Files\Windows Sidebar\backup.exe" C:\Program Files\Windows Sidebar\
        
        backup.exe (10928) "C:\Program Files\Windows Sidebar\Shared Gadgets\backup.exe" C:\Program Files\Windows Sidebar\Shared Gadgets\
        
        backup.exe (8936) "C:\Program Files\Windows Sidebar\Gadgets\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\
        
        backup.exe (10836) "C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\
        
        backup.exe (12024) "C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\zh-CN\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\zh-CN\
        
        backup.exe (11876) "C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\zh-CN\js\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\zh-CN\js\
        
        backup.exe (11404) "C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\zh-CN\css\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\zh-CN\css\
        
        backup.exe (11528) "C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\
        
        backup.exe (9112) "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\
        
        backup.exe (9284) "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\zh-CN\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\zh-CN\
        
        backup.exe (9508) "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\zh-CN\css\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\zh-CN\css\
        
        System Restore.exe (9692) "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\zh-CN\js\System Restore.exe" C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\zh-CN\js\
        
        backup.exe (7888) "C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\
        
        backup.exe (11872) "C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\
        
        data.exe (13032) "C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\data.exe" C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\
        
        backup.exe (2572) "C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\
        
        backup.exe (12880) "C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\
        
        backup.exe (12984) "C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\zh-CN\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\zh-CN\
        
        backup.exe (12372) "C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\zh-CN\css\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\zh-CN\css\
        
        backup.exe (12020) "C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\zh-CN\js\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\zh-CN\js\
        
        backup.exe (9912) "C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\
        
        backup.exe (8308) "C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\zh-CN\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\zh-CN\
        
        backup.exe (9524) "C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\zh-CN\css\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\zh-CN\css\
        
        System Restore.exe (10100) "C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\zh-CN\js\System Restore.exe" C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\zh-CN\js\
        
        backup.exe (10124) "C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\
        
        backup.exe (12560) "C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\
        
        System Restore.exe (12824) "C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\System Restore.exe" C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\
        
        backup.exe (13260) "C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\
        
        data.exe (13084) "C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\data.exe" C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\
        
        backup.exe (12700) "C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\zh-CN\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\zh-CN\
        
        backup.exe (13304) "C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\zh-CN\js\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\zh-CN\js\
        
        backup.exe (13064) "C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\zh-CN\css\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\zh-CN\css\
        
        backup.exe (10256) "C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\
        
        backup.exe (10624) "C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\zh-CN\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\zh-CN\
        
        data.exe (10712) "C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\data.exe" C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\
        
        backup.exe (10580) "C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\js\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\js\
        
        backup.exe (10368) "C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\
        
        backup.exe (9148) "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\
        
        backup.exe (8736) "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\zh-CN\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\zh-CN\
        
        backup.exe (8204) "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\zh-CN\css\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\zh-CN\css\
        
        backup.exe (8700) "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\zh-CN\js\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\zh-CN\js\
        
        backup.exe (8404) "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\
        
        backup.exe (9184) "C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\
        
        backup.exe (9364) "C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\zh-CN\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\zh-CN\
        
        backup.exe (10912) "C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\zh-CN\js\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\zh-CN\js\
        
        backup.exe (10548) "C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\zh-CN\css\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\zh-CN\css\
        
        backup.exe (9504) "C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\
        
        backup.exe (8884) "C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\
        
        backup.exe (11324) "C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\
        
        backup.exe (11388) "C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\zh-CN\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\zh-CN\
        
        backup.exe (11896) "C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\zh-CN\css\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\zh-CN\css\
        
        backup.exe (11888) "C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\zh-CN\js\backup.exe" C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\zh-CN\js\
        
        backup.exe (10480) "C:\Program Files\Windows Sidebar\zh-CN\backup.exe" C:\Program Files\Windows Sidebar\zh-CN\
      - backup.exe (7420) "C:\Program Files\Windows Media Player\backup.exe" C:\Program Files\Windows Media Player\
        
        backup.exe (7544) "C:\Program Files\Windows Media Player\Media Renderer\backup.exe" C:\Program Files\Windows Media Player\Media Renderer\
        
        backup.exe (7684) "C:\Program Files\Windows Media Player\Network Sharing\backup.exe" C:\Program Files\Windows Media Player\Network Sharing\
        
        backup.exe (7840) "C:\Program Files\Windows Media Player\Skins\backup.exe" C:\Program Files\Windows Media Player\Skins\
        
        backup.exe (7948) "C:\Program Files\Windows Media Player\Visualizations\backup.exe" C:\Program Files\Windows Media Player\Visualizations\
        
        backup.exe (8140) "C:\Program Files\Windows Media Player\zh-CN\backup.exe" C:\Program Files\Windows Media Player\zh-CN\
      - backup.exe (6992) "C:\Program Files\Windows Journal\backup.exe" C:\Program Files\Windows Journal\
        
        backup.exe (7016) "C:\Program Files\Windows Journal\zh-CN\backup.exe" C:\Program Files\Windows Journal\zh-CN\
        
        backup.exe (4644) "C:\Program Files\Windows Journal\Templates\backup.exe" C:\Program Files\Windows Journal\Templates\
      - backup.exe (7456) "C:\Program Files\Windows NT\backup.exe" C:\Program Files\Windows NT\
        
        backup.exe (8144) "C:\Program Files\Windows NT\TableTextService\backup.exe" C:\Program Files\Windows NT\TableTextService\
        
        backup.exe (7536) "C:\Program Files\Windows NT\TableTextService\en-US\backup.exe" C:\Program Files\Windows NT\TableTextService\en-US\
        
        backup.exe (7540) "C:\Program Files\Windows NT\TableTextService\zh-CN\backup.exe" C:\Program Files\Windows NT\TableTextService\zh-CN\
        
        data.exe (7836) "C:\Program Files\Windows NT\Accessories\data.exe" C:\Program Files\Windows NT\Accessories\
        
        backup.exe (7176) "C:\Program Files\Windows NT\Accessories\en-US\backup.exe" C:\Program Files\Windows NT\Accessories\en-US\
        
        backup.exe (7668) "C:\Program Files\Windows NT\Accessories\zh-CN\backup.exe" C:\Program Files\Windows NT\Accessories\zh-CN\
      - backup.exe (3120) "C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\
        
        backup.exe (3788) "C:\Program Files\DVD Maker\Shared\backup.exe" C:\Program Files\DVD Maker\Shared\
        
        backup.exe (3812) "C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\
        
        backup.exe (5384) "C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\
        
        backup.exe (4488) "C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\
        
        backup.exe (5016) "C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Full\
        
        backup.exe (5560) "C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\
        
        backup.exe (4812) "C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\
        
        data.exe (5500) "C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\data.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\
        
        backup.exe (5812) "C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\
        
        update.exe (4100) "C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\update.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\
        
        backup.exe (4448) "C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\
        
        backup.exe (4416) "C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\
        
        backup.exe (5972) "C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\
        
        backup.exe (6140) "C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\
        
        backup.exe (4756) "C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\
        
        backup.exe (4196) "C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\
        
        backup.exe (5756) "C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\
        
        backup.exe (4220) "C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\
        
        backup.exe (6056) "C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\
        
        System Restore.exe (5320) "C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\System Restore.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\
        
        backup.exe (5144) "C:\Program Files\DVD Maker\Shared\DvdStyles\Push\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Push\
        
        backup.exe (4600) "C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\
        
        update.exe (5588) "C:\Program Files\DVD Maker\zh-CN\update.exe" C:\Program Files\DVD Maker\zh-CN\
      - update.exe (8264) "C:\Program Files\Windows Photo Viewer\update.exe" C:\Program Files\Windows Photo Viewer\
        
        backup.exe (8388) "C:\Program Files\Windows Photo Viewer\zh-CN\backup.exe" C:\Program Files\Windows Photo Viewer\zh-CN\
      - backup.exe (8564) "C:\Program Files\Windows Portable Devices\backup.exe" C:\Program Files\Windows Portable Devices\
      - backup.exe (6512) "C:\Program Files\Windows Mail\backup.exe" C:\Program Files\Windows Mail\
        
        backup.exe (7264) "C:\Program Files\Windows Mail\zh-CN\backup.exe" C:\Program Files\Windows Mail\zh-CN\
      - backup.exe (3116) "C:\Program Files\MSBuild\backup.exe" C:\Program Files\MSBuild\
        
        backup.exe (4752) "C:\Program Files\MSBuild\Microsoft\backup.exe" C:\Program Files\MSBuild\Microsoft\
        
        backup.exe (6268) "C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\backup.exe" C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\
        
        backup.exe (6444) "C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\backup.exe" C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\
        
        backup.exe (6620) "C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\backup.exe" C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\
    - backup.exe (6004) C:\Python27\backup.exe C:\Python27\
      - backup.exe (5340) C:\Python27\include\backup.exe C:\Python27\include\
      - backup.exe (3888) C:\Python27\DLLs\backup.exe C:\Python27\DLLs\
      - backup.exe (7512) C:\Python27\Scripts\backup.exe C:\Python27\Scripts\
      - backup.exe (9456) C:\Python27\Tools\backup.exe C:\Python27\Tools\
        
        backup.exe (11168) C:\Python27\Tools\versioncheck\backup.exe C:\Python27\Tools\versioncheck\
        
        backup.exe (10584) C:\Python27\Tools\i18n\backup.exe C:\Python27\Tools\i18n\
        
        backup.exe (11020) C:\Python27\Tools\pynche\backup.exe C:\Python27\Tools\pynche\
        
        backup.exe (10232) C:\Python27\Tools\pynche\X\backup.exe C:\Python27\Tools\pynche\X\
        
        backup.exe (11104) C:\Python27\Tools\Scripts\backup.exe C:\Python27\Tools\Scripts\
        
        backup.exe (9640) C:\Python27\Tools\webchecker\backup.exe C:\Python27\Tools\webchecker\
      - backup.exe (8068) C:\Python27\libs\backup.exe C:\Python27\libs\
      - backup.exe (7400) C:\Python27\tcl\backup.exe C:\Python27\tcl\
        
        backup.exe (11776) C:\Python27\tcl\tk8.5\backup.exe C:\Python27\tcl\tk8.5\
        
        backup.exe (11584) C:\Python27\tcl\tk8.5\msgs\backup.exe C:\Python27\tcl\tk8.5\msgs\
        
        backup.exe (12112) C:\Python27\tcl\tk8.5\demos\backup.exe C:\Python27\tcl\tk8.5\demos\
        
        backup.exe (10684) C:\Python27\tcl\tk8.5\demos\images\backup.exe C:\Python27\tcl\tk8.5\demos\images\
        
        backup.exe (12060) C:\Python27\tcl\tk8.5\images\backup.exe C:\Python27\tcl\tk8.5\images\
        
        backup.exe (12272) C:\Python27\tcl\tk8.5\ttk\backup.exe C:\Python27\tcl\tk8.5\ttk\
        
        backup.exe (8052) C:\Python27\tcl\reg1.2\backup.exe C:\Python27\tcl\reg1.2\
        
        backup.exe (8436) C:\Python27\tcl\tcl8\backup.exe C:\Python27\tcl\tcl8\
        
        backup.exe (8992) C:\Python27\tcl\tcl8\8.5\backup.exe C:\Python27\tcl\tcl8\8.5\
        
        backup.exe (8580) C:\Python27\tcl\tcl8\8.4\backup.exe C:\Python27\tcl\tcl8\8.4\
        
        backup.exe (8832) C:\Python27\tcl\tcl8\8.4\platform\backup.exe C:\Python27\tcl\tcl8\8.4\platform\
        
        backup.exe (8096) C:\Python27\tcl\dde1.3\backup.exe C:\Python27\tcl\dde1.3\
        
        backup.exe (10828) C:\Python27\tcl\tix8.4.3\backup.exe C:\Python27\tcl\tix8.4.3\
        
        backup.exe (11456) C:\Python27\tcl\tix8.4.3\pref\backup.exe C:\Python27\tcl\tix8.4.3\pref\
        
        backup.exe (11192) C:\Python27\tcl\tix8.4.3\demos\backup.exe C:\Python27\tcl\tix8.4.3\demos\
        
        backup.exe (10052) C:\Python27\tcl\tix8.4.3\demos\samples\backup.exe C:\Python27\tcl\tix8.4.3\demos\samples\
        
        backup.exe (10716) C:\Python27\tcl\tix8.4.3\demos\bitmaps\backup.exe C:\Python27\tcl\tix8.4.3\demos\bitmaps\
        
        backup.exe (10332) C:\Python27\tcl\tix8.4.3\bitmaps\backup.exe C:\Python27\tcl\tix8.4.3\bitmaps\
        
        update.exe (9116) C:\Python27\tcl\tcl8.5\update.exe C:\Python27\tcl\tcl8.5\
        
        backup.exe (8632) C:\Python27\tcl\tcl8.5\http1.0\backup.exe C:\Python27\tcl\tcl8.5\http1.0\
        
        backup.exe (8836) C:\Python27\tcl\tcl8.5\msgs\backup.exe C:\Python27\tcl\tcl8.5\msgs\
        
        backup.exe (7344) C:\Python27\tcl\tcl8.5\encoding\backup.exe C:\Python27\tcl\tcl8.5\encoding\
        
        backup.exe (8916) C:\Python27\tcl\tcl8.5\tzdata\backup.exe C:\Python27\tcl\tcl8.5\tzdata\
        
        backup.exe (8868) C:\Python27\tcl\tcl8.5\tzdata\America\backup.exe C:\Python27\tcl\tcl8.5\tzdata\America\
        
        backup.exe (9004) C:\Python27\tcl\tcl8.5\tzdata\America\Argentina\backup.exe C:\Python27\tcl\tcl8.5\tzdata\America\Argentina\
        
        backup.exe (8672) C:\Python27\tcl\tcl8.5\tzdata\America\Indiana\backup.exe C:\Python27\tcl\tcl8.5\tzdata\America\Indiana\
        
        backup.exe (9012) C:\Python27\tcl\tcl8.5\tzdata\America\North_Dakota\backup.exe C:\Python27\tcl\tcl8.5\tzdata\America\North_Dakota\
        
        backup.exe (8620) C:\Python27\tcl\tcl8.5\tzdata\America\Kentucky\backup.exe C:\Python27\tcl\tcl8.5\tzdata\America\Kentucky\
        
        backup.exe (10060) C:\Python27\tcl\tcl8.5\tzdata\Europe\backup.exe C:\Python27\tcl\tcl8.5\tzdata\Europe\
        
        backup.exe (8924) C:\Python27\tcl\tcl8.5\tzdata\Asia\backup.exe C:\Python27\tcl\tcl8.5\tzdata\Asia\
        
        backup.exe (11240) C:\Python27\tcl\tcl8.5\tzdata\US\backup.exe C:\Python27\tcl\tcl8.5\tzdata\US\
        
        backup.exe (10224) C:\Python27\tcl\tcl8.5\tzdata\Chile\backup.exe C:\Python27\tcl\tcl8.5\tzdata\Chile\
        
        backup.exe (9388) C:\Python27\tcl\tcl8.5\tzdata\Atlantic\backup.exe C:\Python27\tcl\tcl8.5\tzdata\Atlantic\
        
        backup.exe (9804) C:\Python27\tcl\tcl8.5\tzdata\Brazil\backup.exe C:\Python27\tcl\tcl8.5\tzdata\Brazil\
        
        System Restore.exe (9592) "C:\Python27\tcl\tcl8.5\tzdata\Etc\System Restore.exe" C:\Python27\tcl\tcl8.5\tzdata\Etc\
        
        backup.exe (10732) C:\Python27\tcl\tcl8.5\tzdata\SystemV\backup.exe C:\Python27\tcl\tcl8.5\tzdata\SystemV\
        
        backup.exe (8608) C:\Python27\tcl\tcl8.5\tzdata\Antarctica\backup.exe C:\Python27\tcl\tcl8.5\tzdata\Antarctica\
        
        backup.exe (10144) C:\Python27\tcl\tcl8.5\tzdata\Mexico\backup.exe C:\Python27\tcl\tcl8.5\tzdata\Mexico\
        
        backup.exe (9680) C:\Python27\tcl\tcl8.5\tzdata\Indian\backup.exe C:\Python27\tcl\tcl8.5\tzdata\Indian\
        
        backup.exe (9992) C:\Python27\tcl\tcl8.5\tzdata\Canada\backup.exe C:\Python27\tcl\tcl8.5\tzdata\Canada\
        
        backup.exe (9704) C:\Python27\tcl\tcl8.5\tzdata\Pacific\backup.exe C:\Python27\tcl\tcl8.5\tzdata\Pacific\
        
        backup.exe (7824) C:\Python27\tcl\tcl8.5\tzdata\Arctic\backup.exe C:\Python27\tcl\tcl8.5\tzdata\Arctic\
        
        backup.exe (9572) C:\Python27\tcl\tcl8.5\tzdata\Australia\backup.exe C:\Python27\tcl\tcl8.5\tzdata\Australia\
        
        data.exe (8568) C:\Python27\tcl\tcl8.5\tzdata\Africa\data.exe C:\Python27\tcl\tcl8.5\tzdata\Africa\
        
        backup.exe (8448) C:\Python27\tcl\tcl8.5\opt0.4\backup.exe C:\Python27\tcl\tcl8.5\opt0.4\
      - backup.exe (5212) C:\Python27\Lib\backup.exe C:\Python27\Lib\
        
        backup.exe (9060) C:\Python27\Lib\multiprocessing\backup.exe C:\Python27\Lib\multiprocessing\
        
        backup.exe (9180) C:\Python27\Lib\multiprocessing\dummy\backup.exe C:\Python27\Lib\multiprocessing\dummy\
        
        backup.exe (7936) C:\Python27\Lib\lib2to3\backup.exe C:\Python27\Lib\lib2to3\
        
        backup.exe (7740) C:\Python27\Lib\lib2to3\tests\backup.exe C:\Python27\Lib\lib2to3\tests\
        
        backup.exe (7180) C:\Python27\Lib\lib2to3\tests\data\backup.exe C:\Python27\Lib\lib2to3\tests\data\
        
        backup.exe (7876) C:\Python27\Lib\lib2to3\tests\data\fixers\backup.exe C:\Python27\Lib\lib2to3\tests\data\fixers\
        
        backup.exe (8004) C:\Python27\Lib\lib2to3\tests\data\fixers\myfixes\backup.exe C:\Python27\Lib\lib2to3\tests\data\fixers\myfixes\
        
        backup.exe (8112) C:\Python27\Lib\lib2to3\fixes\backup.exe C:\Python27\Lib\lib2to3\fixes\
        
        backup.exe (7380) C:\Python27\Lib\lib2to3\pgen2\backup.exe C:\Python27\Lib\lib2to3\pgen2\
        
        backup.exe (8716) C:\Python27\Lib\logging\backup.exe C:\Python27\Lib\logging\
        
        System Restore.exe (8364) "C:\Python27\Lib\pydoc_data\System Restore.exe" C:\Python27\Lib\pydoc_data\
        
        data.exe (8896) C:\Python27\Lib\msilib\data.exe C:\Python27\Lib\msilib\
        
        backup.exe (8828) C:\Python27\Lib\site-packages\backup.exe C:\Python27\Lib\site-packages\
        
        backup.exe (12976) C:\Python27\Lib\site-packages\setuptools\backup.exe C:\Python27\Lib\site-packages\setuptools\
        
        backup.exe (13232) C:\Python27\Lib\site-packages\setuptools\_vendor\backup.exe C:\Python27\Lib\site-packages\setuptools\_vendor\
        
        backup.exe (12468) C:\Python27\Lib\site-packages\setuptools\_vendor\packaging\backup.exe C:\Python27\Lib\site-packages\setuptools\_vendor\packaging\
        
        backup.exe (12920) C:\Python27\Lib\site-packages\setuptools\command\backup.exe C:\Python27\Lib\site-packages\setuptools\command\
        
        backup.exe (13240) C:\Python27\Lib\site-packages\setuptools\extern\backup.exe C:\Python27\Lib\site-packages\setuptools\extern\
        
        backup.exe (12752) C:\Python27\Lib\site-packages\setuptools-41.2.0.dist-info\backup.exe C:\Python27\Lib\site-packages\setuptools-41.2.0.dist-info\
        
        backup.exe (9168) C:\Python27\Lib\site-packages\pip\backup.exe C:\Python27\Lib\site-packages\pip\
        
        backup.exe (9600) C:\Python27\Lib\site-packages\pip\_vendor\backup.exe C:\Python27\Lib\site-packages\pip\_vendor\
        
        backup.exe (12944) C:\Python27\Lib\site-packages\pip\_vendor\webencodings\backup.exe C:\Python27\Lib\site-packages\pip\_vendor\webencodings\
        
        backup.exe (10960) C:\Python27\Lib\site-packages\pip\_vendor\certifi\backup.exe C:\Python27\Lib\site-packages\pip\_vendor\certifi\
        
        backup.exe (12216) C:\Python27\Lib\site-packages\pip\_vendor\lockfile\backup.exe C:\Python27\Lib\site-packages\pip\_vendor\lockfile\
        
        backup.exe (12768) C:\Python27\Lib\site-packages\pip\_vendor\requests\backup.exe C:\Python27\Lib\site-packages\pip\_vendor\requests\
        
        data.exe (12496) C:\Python27\Lib\site-packages\pip\_vendor\pytoml\data.exe C:\Python27\Lib\site-packages\pip\_vendor\pytoml\
        
        backup.exe (11024) C:\Python27\Lib\site-packages\pip\_vendor\distlib\backup.exe C:\Python27\Lib\site-packages\pip\_vendor\distlib\
        
        System Restore.exe (10844) "C:\Python27\Lib\site-packages\pip\_vendor\distlib\_backport\System Restore.exe" C:\Python27\Lib\site-packages\pip\_vendor\distlib\_backport\
        
        backup.exe (11012) C:\Python27\Lib\site-packages\pip\_vendor\idna\backup.exe C:\Python27\Lib\site-packages\pip\_vendor\idna\
        
        backup.exe (11968) C:\Python27\Lib\site-packages\pip\_vendor\packaging\backup.exe C:\Python27\Lib\site-packages\pip\_vendor\packaging\
        
        backup.exe (10944) C:\Python27\Lib\site-packages\pip\_vendor\colorama\backup.exe C:\Python27\Lib\site-packages\pip\_vendor\colorama\
        
        data.exe (9488) C:\Python27\Lib\site-packages\pip\_vendor\chardet\data.exe C:\Python27\Lib\site-packages\pip\_vendor\chardet\
        
        backup.exe (9788) C:\Python27\Lib\site-packages\pip\_vendor\chardet\cli\backup.exe C:\Python27\Lib\site-packages\pip\_vendor\chardet\cli\
        
        backup.exe (12632) C:\Python27\Lib\site-packages\pip\_vendor\pep517\backup.exe C:\Python27\Lib\site-packages\pip\_vendor\pep517\
        
        backup.exe (13180) C:\Python27\Lib\site-packages\pip\_vendor\progress\backup.exe C:\Python27\Lib\site-packages\pip\_vendor\progress\
        
        backup.exe (9444) C:\Python27\Lib\site-packages\pip\_vendor\cachecontrol\backup.exe C:\Python27\Lib\site-packages\pip\_vendor\cachecontrol\
        
        backup.exe (10592) C:\Python27\Lib\site-packages\pip\_vendor\cachecontrol\caches\backup.exe C:\Python27\Lib\site-packages\pip\_vendor\cachecontrol\caches\
        
        backup.exe (12884) C:\Python27\Lib\site-packages\pip\_vendor\pkg_resources\backup.exe C:\Python27\Lib\site-packages\pip\_vendor\pkg_resources\
        
        backup.exe (10264) C:\Python27\Lib\site-packages\pip\_vendor\html5lib\backup.exe C:\Python27\Lib\site-packages\pip\_vendor\html5lib\
        
        backup.exe (11692) C:\Python27\Lib\site-packages\pip\_vendor\html5lib\treebuilders\backup.exe C:\Python27\Lib\site-packages\pip\_vendor\html5lib\treebuilders\
        
        backup.exe (11552) C:\Python27\Lib\site-packages\pip\_vendor\html5lib\_trie\backup.exe C:\Python27\Lib\site-packages\pip\_vendor\html5lib\_trie\
        
        backup.exe (12280) C:\Python27\Lib\site-packages\pip\_vendor\html5lib\treeadapters\backup.exe C:\Python27\Lib\site-packages\pip\_vendor\html5lib\treeadapters\
        
        backup.exe (12184) C:\Python27\Lib\site-packages\pip\_vendor\html5lib\treewalkers\backup.exe C:\Python27\Lib\site-packages\pip\_vendor\html5lib\treewalkers\
        
        backup.exe (11944) C:\Python27\Lib\site-packages\pip\_vendor\html5lib\filters\backup.exe C:\Python27\Lib\site-packages\pip\_vendor\html5lib\filters\
        
        backup.exe (13292) C:\Python27\Lib\site-packages\pip\_vendor\urllib3\backup.exe C:\Python27\Lib\site-packages\pip\_vendor\urllib3\
        
        backup.exe (12668) C:\Python27\Lib\site-packages\pip\_vendor\urllib3\packages\backup.exe C:\Python27\Lib\site-packages\pip\_vendor\urllib3\packages\
        
        backup.exe (1504) C:\Python27\Lib\site-packages\pip\_vendor\urllib3\packages\ssl_match_hostname\backup.exe C:\Python27\Lib\site-packages\pip\_vendor\urllib3\packages\ssl_match_hostname\
        
        backup.exe (11576) C:\Python27\Lib\site-packages\pip\_vendor\urllib3\packages\backports\backup.exe C:\Python27\Lib\site-packages\pip\_vendor\urllib3\packages\backports\
        
        data.exe (13160) C:\Python27\Lib\site-packages\pip\_vendor\urllib3\packages\rfc3986\data.exe C:\Python27\Lib\site-packages\pip\_vendor\urllib3\packages\rfc3986\
        
        backup.exe (8852) C:\Python27\Lib\site-packages\pip\_vendor\urllib3\util\backup.exe C:\Python27\Lib\site-packages\pip\_vendor\urllib3\util\
        
        backup.exe (12848) C:\Python27\Lib\site-packages\pip\_vendor\urllib3\contrib\backup.exe C:\Python27\Lib\site-packages\pip\_vendor\urllib3\contrib\
        
        backup.exe (12600) C:\Python27\Lib\site-packages\pip\_vendor\urllib3\contrib\_securetransport\backup.exe C:\Python27\Lib\site-packages\pip\_vendor\urllib3\contrib\_securetransport\
        
        backup.exe (12120) C:\Python27\Lib\site-packages\pip\_vendor\msgpack\backup.exe C:\Python27\Lib\site-packages\pip\_vendor\msgpack\
        
        backup.exe (8812) C:\Python27\Lib\site-packages\pip\_internal\backup.exe C:\Python27\Lib\site-packages\pip\_internal\
        
        backup.exe (10196) C:\Python27\Lib\site-packages\pip\_internal\utils\backup.exe C:\Python27\Lib\site-packages\pip\_internal\utils\
        
        backup.exe (10208) C:\Python27\Lib\site-packages\pip\_internal\operations\backup.exe C:\Python27\Lib\site-packages\pip\_internal\operations\
        
        backup.exe (9392) C:\Python27\Lib\site-packages\pip\_internal\req\backup.exe C:\Python27\Lib\site-packages\pip\_internal\req\
        
        update.exe (9824) C:\Python27\Lib\site-packages\pip\_internal\vcs\update.exe C:\Python27\Lib\site-packages\pip\_internal\vcs\
        
        backup.exe (9700) C:\Python27\Lib\site-packages\pip\_internal\distributions\backup.exe C:\Python27\Lib\site-packages\pip\_internal\distributions\
        
        backup.exe (9248) C:\Python27\Lib\site-packages\pip\_internal\cli\backup.exe C:\Python27\Lib\site-packages\pip\_internal\cli\
        
        update.exe (10004) C:\Python27\Lib\site-packages\pip\_internal\models\update.exe C:\Python27\Lib\site-packages\pip\_internal\models\
        
        backup.exe (9472) C:\Python27\Lib\site-packages\pip\_internal\commands\backup.exe C:\Python27\Lib\site-packages\pip\_internal\commands\
        
        backup.exe (8664) C:\Python27\Lib\site-packages\Pillow-6.2.2.dist-info\backup.exe C:\Python27\Lib\site-packages\Pillow-6.2.2.dist-info\
        
        backup.exe (9052) C:\Python27\Lib\site-packages\PIL\backup.exe C:\Python27\Lib\site-packages\PIL\
        
        backup.exe (11716) C:\Python27\Lib\site-packages\pip-19.2.3.dist-info\backup.exe C:\Python27\Lib\site-packages\pip-19.2.3.dist-info\
        
        backup.exe (12056) C:\Python27\Lib\site-packages\pkg_resources\backup.exe C:\Python27\Lib\site-packages\pkg_resources\
        
        backup.exe (12152) C:\Python27\Lib\site-packages\pkg_resources\_vendor\backup.exe C:\Python27\Lib\site-packages\pkg_resources\_vendor\
        
        backup.exe (12328) C:\Python27\Lib\site-packages\pkg_resources\_vendor\packaging\backup.exe C:\Python27\Lib\site-packages\pkg_resources\_vendor\packaging\
        
        backup.exe (12648) C:\Python27\Lib\site-packages\pkg_resources\extern\backup.exe C:\Python27\Lib\site-packages\pkg_resources\extern\
        
        backup.exe (6372) C:\Python27\Lib\ensurepip\backup.exe C:\Python27\Lib\ensurepip\
        
        backup.exe (7076) C:\Python27\Lib\ensurepip\_bundled\backup.exe C:\Python27\Lib\ensurepip\_bundled\
        
        backup.exe (6668) C:\Python27\Lib\ctypes\backup.exe C:\Python27\Lib\ctypes\
        
        backup.exe (6812) C:\Python27\Lib\ctypes\macholib\backup.exe C:\Python27\Lib\ctypes\macholib\
        
        backup.exe (6996) C:\Python27\Lib\ctypes\test\backup.exe C:\Python27\Lib\ctypes\test\
        
        backup.exe (7552) C:\Python27\Lib\importlib\backup.exe C:\Python27\Lib\importlib\
        
        backup.exe (11520) C:\Python27\Lib\test\backup.exe C:\Python27\Lib\test\
        
        backup.exe (11504) C:\Python27\Lib\test\audiodata\backup.exe C:\Python27\Lib\test\audiodata\
        
        System Restore.exe (12576) "C:\Python27\Lib\test\xmltestdata\System Restore.exe" C:\Python27\Lib\test\xmltestdata\
        
        backup.exe (12480) C:\Python27\Lib\test\decimaltestdata\backup.exe C:\Python27\Lib\test\decimaltestdata\
        
        backup.exe (11904) C:\Python27\Lib\test\capath\backup.exe C:\Python27\Lib\test\capath\
        
        backup.exe (11424) C:\Python27\Lib\test\cjkencodings\backup.exe C:\Python27\Lib\test\cjkencodings\
        
        backup.exe (12948) C:\Python27\Lib\test\leakers\backup.exe C:\Python27\Lib\test\leakers\
        
        backup.exe (12736) C:\Python27\Lib\test\imghdrdata\backup.exe C:\Python27\Lib\test\imghdrdata\
        
        backup.exe (12572) C:\Python27\Lib\test\support\backup.exe C:\Python27\Lib\test\support\
        
        backup.exe (12044) C:\Python27\Lib\test\tracedmodules\backup.exe C:\Python27\Lib\test\tracedmodules\
        
        backup.exe (13220) C:\Python27\Lib\test\subprocessdata\backup.exe C:\Python27\Lib\test\subprocessdata\
        
        data.exe (11812) C:\Python27\Lib\test\crashers\data.exe C:\Python27\Lib\test\crashers\
        
        backup.exe (6468) C:\Python27\Lib\compiler\backup.exe C:\Python27\Lib\compiler\
        
        backup.exe (7440) C:\Python27\Lib\lib-tk\backup.exe C:\Python27\Lib\lib-tk\
        
        backup.exe (6544) C:\Python27\Lib\lib-tk\test\backup.exe C:\Python27\Lib\lib-tk\test\
        
        backup.exe (8360) C:\Python27\Lib\lib-tk\test\test_tkinter\backup.exe C:\Python27\Lib\lib-tk\test\test_tkinter\
        
        backup.exe (8540) C:\Python27\Lib\lib-tk\test\test_ttk\backup.exe C:\Python27\Lib\lib-tk\test\test_ttk\
        
        backup.exe (6792) C:\Python27\Lib\email\backup.exe C:\Python27\Lib\email\
        
        backup.exe (6212) C:\Python27\Lib\email\mime\backup.exe C:\Python27\Lib\email\mime\
        
        data.exe (7068) C:\Python27\Lib\email\test\data.exe C:\Python27\Lib\email\test\
        
        backup.exe (6984) C:\Python27\Lib\email\test\data\backup.exe C:\Python27\Lib\email\test\data\
        
        backup.exe (6152) C:\Python27\Lib\curses\backup.exe C:\Python27\Lib\curses\
        
        backup.exe (6840) C:\Python27\Lib\encodings\backup.exe C:\Python27\Lib\encodings\
        
        backup.exe (6536) C:\Python27\Lib\hotshot\backup.exe C:\Python27\Lib\hotshot\
        
        backup.exe (7672) C:\Python27\Lib\json\backup.exe C:\Python27\Lib\json\
        
        backup.exe (7792) C:\Python27\Lib\json\tests\backup.exe C:\Python27\Lib\json\tests\
        
        backup.exe (6472) C:\Python27\Lib\idlelib\backup.exe C:\Python27\Lib\idlelib\
        
        backup.exe (7408) C:\Python27\Lib\idlelib\idle_test\backup.exe C:\Python27\Lib\idlelib\idle_test\
        
        backup.exe (7288) C:\Python27\Lib\idlelib\Icons\backup.exe C:\Python27\Lib\idlelib\Icons\
        
        backup.exe (12888) C:\Python27\Lib\unittest\backup.exe C:\Python27\Lib\unittest\
        
        data.exe (11984) C:\Python27\Lib\sqlite3\data.exe C:\Python27\Lib\sqlite3\
        
        backup.exe (10276) C:\Python27\Lib\sqlite3\test\backup.exe C:\Python27\Lib\sqlite3\test\
        
        backup.exe (5556) C:\Python27\Lib\bsddb\backup.exe C:\Python27\Lib\bsddb\
        
        backup.exe (6332) C:\Python27\Lib\bsddb\test\backup.exe C:\Python27\Lib\bsddb\test\
        
        backup.exe (6336) C:\Python27\Lib\distutils\backup.exe C:\Python27\Lib\distutils\
        
        backup.exe (6936) C:\Python27\Lib\distutils\tests\backup.exe C:\Python27\Lib\distutils\tests\
        
        backup.exe (4624) C:\Python27\Lib\distutils\command\backup.exe C:\Python27\Lib\distutils\command\
      - backup.exe (5380) C:\Python27\Doc\backup.exe C:\Python27\Doc\
    - backup.exe (2028) C:\gcoxh\backup.exe C:\gcoxh\
      - backup.exe (736) C:\gcoxh\modules\backup.exe C:\gcoxh\modules\
        
        backup.exe (2292) C:\gcoxh\modules\packages\backup.exe C:\gcoxh\modules\packages\
        
        backup.exe (2456) C:\gcoxh\modules\auxiliary\backup.exe C:\gcoxh\modules\auxiliary\
      - update.exe (2944) C:\gcoxh\bin\update.exe C:\gcoxh\bin\
      - backup.exe (2544) C:\gcoxh\lib\backup.exe C:\gcoxh\lib\
        
        backup.exe (1860) C:\gcoxh\lib\api\backup.exe C:\gcoxh\lib\api\
        
        backup.exe (2704) C:\gcoxh\lib\common\backup.exe C:\gcoxh\lib\common\
        
        backup.exe (332) C:\gcoxh\lib\core\backup.exe C:\gcoxh\lib\core\
    - System Restore.exe (9424) "C:\Windows\System Restore.exe" C:\Windows\
      - backup.exe (11156) C:\Windows\assembly\backup.exe C:\Windows\assembly\
        
        backup.exe (10788) C:\Windows\assembly\GAC\backup.exe C:\Windows\assembly\GAC\
        
        backup.exe (12872) C:\Windows\assembly\GAC\Microsoft.DirectX.DirectDraw\backup.exe C:\Windows\assembly\GAC\Microsoft.DirectX.DirectDraw\
        
        backup.exe (13496) C:\Windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\
        
        backup.exe (10968) C:\Windows\assembly\GAC\Microsoft.DirectX\backup.exe C:\Windows\assembly\GAC\Microsoft.DirectX\
        
        backup.exe (2724) C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\
        
        backup.exe (11484) C:\Windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\backup.exe C:\Windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\
        
        backup.exe (11792) C:\Windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\
        
        backup.exe (13716) C:\Windows\assembly\GAC\Microsoft.DirectX.DirectSound\backup.exe C:\Windows\assembly\GAC\Microsoft.DirectX.DirectSound\
        
        backup.exe (13628) C:\Windows\assembly\GAC\Microsoft.DirectX.DirectPlay\backup.exe C:\Windows\assembly\GAC\Microsoft.DirectX.DirectPlay\
        
        backup.exe (13672) C:\Windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\
        
        backup.exe (12092) C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3D\backup.exe C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3D\
        
        backup.exe (12016) C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\
        
        backup.exe (11588) C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\backup.exe C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\
        
        backup.exe (12776) C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\
        
        backup.exe (12812) C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\
        
        backup.exe (7644) C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\
        
        backup.exe (13076) C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\
        
        backup.exe (12644) C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\
        
        backup.exe (11396) C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\
        
        backup.exe (13300) C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\
        
        backup.exe (13000) C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\
        
        backup.exe (13060) C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\
        
        backup.exe (12516) C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\
        
        backup.exe (13540) C:\Windows\assembly\GAC\Microsoft.DirectX.DirectInput\backup.exe C:\Windows\assembly\GAC\Microsoft.DirectX.DirectInput\
        
        backup.exe (13584) C:\Windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\
        
        backup.exe (12148) C:\Windows\assembly\GAC\Microsoft.DirectX.Diagnostics\backup.exe C:\Windows\assembly\GAC\Microsoft.DirectX.Diagnostics\
        
        update.exe (11560) C:\Windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\update.exe C:\Windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\
      - backup.exe (10120) C:\Windows\AppCompat\backup.exe C:\Windows\AppCompat\
      - backup.exe (10164) C:\Windows\AppPatch\backup.exe C:\Windows\AppPatch\
        
        backup.exe (10616) C:\Windows\AppPatch\zh-CN\backup.exe C:\Windows\AppPatch\zh-CN\
        
        backup.exe (8496) C:\Windows\AppPatch\Custom\backup.exe C:\Windows\AppPatch\Custom\
        
        backup.exe (10692) C:\Windows\AppPatch\Custom\Custom64\backup.exe C:\Windows\AppPatch\Custom\Custom64\
        
        backup.exe (9844) C:\Windows\AppPatch\AppPatch64\backup.exe C:\Windows\AppPatch\AppPatch64\
        
        backup.exe (11084) C:\Windows\AppPatch\en-US\backup.exe C:\Windows\AppPatch\en-US\
      - backup.exe (9684) C:\Windows\addins\backup.exe C:\Windows\addins\
      - backup.exe (13760) C:\Windows\Branding\backup.exe C:\Windows\Branding\
- backup.exe (10724) C:\Users\Administrator\AppData\Local\Temp\rQjKgAzLsUrWuGkG\backup.exe C:\Users\Administrator\AppData\Local\Temp\rQjKgAzLsUrWuGkG\
- backup.exe (3972) C:\Users\Administrator\AppData\Local\Temp\{B53A1B47-2A63-4b15-A6AD-5DCB21DD41A1}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{B53A1B47-2A63-4b15-A6AD-5DCB21DD41A1}\
- backup.exe (2064) C:\Users\Administrator\AppData\Local\Temp\{3E352DBF-08A1-4ad3-9615-B83822C5F7F8}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{3E352DBF-08A1-4ad3-9615-B83822C5F7F8}\
- backup.exe (10260) C:\Users\Administrator\AppData\Local\Temp\rPtKdCfNjXbIuTxD\backup.exe C:\Users\Administrator\AppData\Local\Temp\rPtKdCfNjXbIuTxD\
- backup.exe (3512) C:\Users\Administrator\AppData\Local\Temp\{90EC67C0-4A22-4638-8F56-D79315E242FD}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{90EC67C0-4A22-4638-8F56-D79315E242FD}\
- data.exe (1600) C:\Users\Administrator\AppData\Local\Temp\{3F1CD59C-5BA3-45ab-9381-3F5315427EA3}\data.exe C:\Users\Administrator\AppData\Local\Temp\{3F1CD59C-5BA3-45ab-9381-3F5315427EA3}\
- System Restore.exe (2228) "C:\Users\Administrator\AppData\Local\Temp\{0A270244-F7C2-4fb3-9656-B20812C44A07}\System Restore.exe" C:\Users\Administrator\AppData\Local\Temp\{0A270244-F7C2-4fb3-9656-B20812C44A07}\
- backup.exe (4748) C:\Users\Administrator\AppData\Local\Temp\{F7A7763E-13FC-4686-9CBF-E2E78241358C}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{F7A7763E-13FC-4686-9CBF-E2E78241358C}\
- backup.exe (5328) C:\Users\Administrator\AppData\Local\Temp\{FD94C708-F85D-46e7-8962-8DFBA743E3FD}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{FD94C708-F85D-46e7-8962-8DFBA743E3FD}\
- backup.exe (4712) C:\Users\Administrator\AppData\Local\Temp\{E9230143-6808-47d8-8E63-66D691FA47A1}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{E9230143-6808-47d8-8E63-66D691FA47A1}\
- backup.exe (1632) C:\Users\Administrator\AppData\Local\Temp\{564C1CFA-FAA2-4da2-BD82-3EC3B692052E}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{564C1CFA-FAA2-4da2-BD82-3EC3B692052E}\
- backup.exe (9972) C:\Users\Administrator\AppData\Local\Temp\rAeCpCcTvNgEjFkZ\backup.exe C:\Users\Administrator\AppData\Local\Temp\rAeCpCcTvNgEjFkZ\
- backup.exe (1056) C:\Users\Administrator\AppData\Local\Temp\{5612CBE7-9CDF-4014-9454-1A3AE75C0CEE}.tmp\backup.exe C:\Users\Administrator\AppData\Local\Temp\{5612CBE7-9CDF-4014-9454-1A3AE75C0CEE}.tmp\
- backup.exe (1260) C:\Users\Administrator\AppData\Local\Temp\{0147F6D5-7F79-423f-902A-445D2C510FBD}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{0147F6D5-7F79-423f-902A-445D2C510FBD}\
- backup.exe (9532) C:\Users\Administrator\AppData\Local\Temp\oVfHsWqRuWpHrVaC\backup.exe C:\Users\Administrator\AppData\Local\Temp\oVfHsWqRuWpHrVaC\
- backup.exe (2492) C:\Users\Administrator\AppData\Local\Temp\{0D4F049D-B901-4409-85A1-7CB64F27B094}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{0D4F049D-B901-4409-85A1-7CB64F27B094}\
- backup.exe (6516) C:\Users\Administrator\AppData\Local\Temp\iFtRwUwDhBnJkStA\backup.exe C:\Users\Administrator\AppData\Local\Temp\iFtRwUwDhBnJkStA\
- backup.exe (4776) C:\Users\Administrator\AppData\Local\Temp\aNpKsEpSsFyBsNxE\backup.exe C:\Users\Administrator\AppData\Local\Temp\aNpKsEpSsFyBsNxE\
- backup.exe (2320) C:\Users\Administrator\AppData\Local\Temp\{72C2E9B0-A8A4-4bc9-B107-024D4C1E835F}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{72C2E9B0-A8A4-4bc9-B107-024D4C1E835F}\
- backup.exe (1012) C:\Users\Administrator\AppData\Local\Temp\{19343FD4-C84F-441e-8A87-99F0E5512B26}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{19343FD4-C84F-441e-8A87-99F0E5512B26}\
- backup.exe (6304) C:\Users\Administrator\AppData\Local\Temp\fWaTiPzZlLqYaTuV\backup.exe C:\Users\Administrator\AppData\Local\Temp\fWaTiPzZlLqYaTuV\
- System Restore.exe (1244) "C:\Users\Administrator\AppData\Local\Temp\{47D92DF5-A65A-4237-AD09-E0C8950A8814}\System Restore.exe" C:\Users\Administrator\AppData\Local\Temp\{47D92DF5-A65A-4237-AD09-E0C8950A8814}\
- backup.exe (3744) C:\Users\Administrator\AppData\Local\Temp\{A61D32F0-B43F-4499-AFCF-6720E50F6DB7}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{A61D32F0-B43F-4499-AFCF-6720E50F6DB7}\
- backup.exe (9028) "C:\Users\Administrator\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.30319\backup.exe" C:\Users\Administrator\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.30319\
- backup.exe (2812) C:\Users\Administrator\AppData\Local\Temp\{B69E14D5-4525-4d04-BD94-25BCD72D7BB8}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{B69E14D5-4525-4d04-BD94-25BCD72D7BB8}\
- backup.exe (9664) C:\Users\Administrator\AppData\Local\Temp\qWvZgLkGqUaWxDwB\backup.exe C:\Users\Administrator\AppData\Local\Temp\qWvZgLkGqUaWxDwB\
- backup.exe (3408) C:\Users\Administrator\AppData\Local\Temp\{9F7CDA2D-AD22-463a-A736-892B3CD10D17}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{9F7CDA2D-AD22-463a-A736-892B3CD10D17}\
- backup.exe (4420) C:\Users\Administrator\AppData\Local\Temp\{E59F9ECD-A475-4797-AA3C-F1C3245BF77F}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{E59F9ECD-A475-4797-AA3C-F1C3245BF77F}\
- backup.exe (11108) C:\Users\Administrator\AppData\Local\Temp\sInAlQbMbCtTiGjU\backup.exe C:\Users\Administrator\AppData\Local\Temp\sInAlQbMbCtTiGjU\
- backup.exe (5636) C:\Users\Administrator\AppData\Local\Temp\eLiXbSsSeLlRrBvQ\backup.exe C:\Users\Administrator\AppData\Local\Temp\eLiXbSsSeLlRrBvQ\
- backup.exe (12032) C:\Users\Administrator\AppData\Local\Temp\yCdTtMzScXiXjSmC\backup.exe C:\Users\Administrator\AppData\Local\Temp\yCdTtMzScXiXjSmC\
- backup.exe (11060) C:\Users\Administrator\AppData\Local\Temp\uRuOtPjJdDrTmWrG\backup.exe C:\Users\Administrator\AppData\Local\Temp\uRuOtPjJdDrTmWrG\
- backup.exe (8696) C:\Users\Administrator\AppData\Local\Temp\Ludashi\backup.exe C:\Users\Administrator\AppData\Local\Temp\Ludashi\
- backup.exe (3864) C:\Users\Administrator\AppData\Local\Temp\{93CEE4E0-D074-4206-85C1-90064655897A}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{93CEE4E0-D074-4206-85C1-90064655897A}\
- backup.exe (2612) C:\Users\Administrator\AppData\Local\Temp\{764DABD4-BF6E-499e-A743-F765D564A72C}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{764DABD4-BF6E-499e-A743-F765D564A72C}\
- backup.exe (9520) C:\Users\Administrator\AppData\Local\Temp\qPfNuJcRgGaGiTuK\backup.exe C:\Users\Administrator\AppData\Local\Temp\qPfNuJcRgGaGiTuK\
- backup.exe (3824) C:\Users\Administrator\AppData\Local\Temp\{AD9B5244-0154-42ca-9A38-9E3249977341}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{AD9B5244-0154-42ca-9A38-9E3249977341}\
- backup.exe (3776) C:\Users\Administrator\AppData\Local\Temp\{9353DF3E-6A9B-4c98-9DEC-C29C75807DD7}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{9353DF3E-6A9B-4c98-9DEC-C29C75807DD7}\
- backup.exe (944) C:\Users\Administrator\AppData\Local\Temp\{49A1437D-A8A9-4717-8EB3-162E14664B77}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{49A1437D-A8A9-4717-8EB3-162E14664B77}\
- backup.exe (3164) C:\Users\Administrator\AppData\Local\Temp\{B8DC779B-6BD8-4d6e-AF53-7E317016E2D0}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{B8DC779B-6BD8-4d6e-AF53-7E317016E2D0}\
- backup.exe (5464) C:\Users\Administrator\AppData\Local\Temp\dJmAoIiCaVhKuItG\backup.exe C:\Users\Administrator\AppData\Local\Temp\dJmAoIiCaVhKuItG\
- System Restore.exe (3952) "C:\Users\Administrator\AppData\Local\Temp\{959867F3-C866-4b8c-B21B-D167C5F7252A}\System Restore.exe" C:\Users\Administrator\AppData\Local\Temp\{959867F3-C866-4b8c-B21B-D167C5F7252A}\
- backup.exe (4232) C:\Users\Administrator\AppData\Local\Temp\{C7C912BE-12C2-49c6-B9BF-ED34AA55A3DB}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{C7C912BE-12C2-49c6-B9BF-ED34AA55A3DB}\
- backup.exe (364) C:\Users\Administrator\AppData\Local\Temp\{4196F526-3015-4828-85DF-60E481F50855}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{4196F526-3015-4828-85DF-60E481F50855}\
- backup.exe (2948) C:\Users\Administrator\AppData\Local\Temp\{55124BC1-9E34-4168-BCAF-D74C568939C1}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{55124BC1-9E34-4168-BCAF-D74C568939C1}\
- data.exe (3656) C:\Users\Administrator\AppData\Local\Temp\{C0177289-8068-4fef-B442-92804D8911FA}\data.exe C:\Users\Administrator\AppData\Local\Temp\{C0177289-8068-4fef-B442-92804D8911FA}\
- backup.exe (7020) C:\Users\Administrator\AppData\Local\Temp\hLfOcYtTfIjZuKaE\backup.exe C:\Users\Administrator\AppData\Local\Temp\hLfOcYtTfIjZuKaE\
- backup.exe (2772) C:\Users\Administrator\AppData\Local\Temp\{6F726E76-B93C-4eff-8E64-9A750294F778}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{6F726E76-B93C-4eff-8E64-9A750294F778}\
- backup.exe (3372) C:\Users\Administrator\AppData\Local\Temp\{86E8AA50-C793-4b24-8DC2-CFC582B9EB6D}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{86E8AA50-C793-4b24-8DC2-CFC582B9EB6D}\
- backup.exe (8324) "C:\Users\Administrator\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.30319\backup.exe" C:\Users\Administrator\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.30319\
- backup.exe (1092) C:\Users\Administrator\AppData\Local\Temp\{4376D035-7C93-4919-8138-3DEDA7EB2E0D}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{4376D035-7C93-4919-8138-3DEDA7EB2E0D}\
- backup.exe (1612) C:\Users\Administrator\AppData\Local\Temp\{7521EE7E-75AA-497f-8429-7B3981184EEA}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{7521EE7E-75AA-497f-8429-7B3981184EEA}\
- backup.exe (3600) C:\Users\Administrator\AppData\Local\Temp\{92044D5B-CF91-4c73-B454-A6AB899C47D8}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{92044D5B-CF91-4c73-B454-A6AB899C47D8}\
- backup.exe (2592) C:\Users\Administrator\AppData\Local\Temp\{1C2B9DA7-AFEC-4854-83D5-5197746130B9}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{1C2B9DA7-AFEC-4854-83D5-5197746130B9}\
- backup.exe (2192) C:\Users\Administrator\AppData\Local\Temp\{602721B5-FC2C-497e-A3B8-23DD99EE01AA}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{602721B5-FC2C-497e-A3B8-23DD99EE01AA}\
- backup.exe (3432) C:\Users\Administrator\AppData\Local\Temp\{8AB73B70-D74D-4cba-B72B-F8F64933D116}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{8AB73B70-D74D-4cba-B72B-F8F64933D116}\
- data.exe (6196) C:\Users\Administrator\AppData\Local\Temp\hQmLdBcOvZeRaOmC\data.exe C:\Users\Administrator\AppData\Local\Temp\hQmLdBcOvZeRaOmC\
- backup.exe (4964) C:\Users\Administrator\AppData\Local\Temp\{ED713694-0E85-433c-A114-73424E5A2A30}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{ED713694-0E85-433c-A114-73424E5A2A30}\
- backup.exe (9740) C:\Users\Administrator\AppData\Local\Temp\oVkNjIrFjTdKuOsR\backup.exe C:\Users\Administrator\AppData\Local\Temp\oVkNjIrFjTdKuOsR\
- backup.exe (4788) C:\Users\Administrator\AppData\Local\Temp\{D03DC86C-5229-4953-B7C7-E93C65278AB6}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{D03DC86C-5229-4953-B7C7-E93C65278AB6}\
- data.exe (5568) C:\Users\Administrator\AppData\Local\Temp\360TptMon\data.exe C:\Users\Administrator\AppData\Local\Temp\360TptMon\
  - backup.exe (5896) C:\Users\Administrator\AppData\Local\Temp\360TptMon\Themes\backup.exe C:\Users\Administrator\AppData\Local\Temp\360TptMon\Themes\
    - backup.exe (6028) C:\Users\Administrator\AppData\Local\Temp\360TptMon\Themes\Setup\backup.exe C:\Users\Administrator\AppData\Local\Temp\360TptMon\Themes\Setup\
- backup.exe (3184) C:\Users\Administrator\AppData\Local\Temp\{77B92CD7-F092-4bca-9799-57C38D821E28}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{77B92CD7-F092-4bca-9799-57C38D821E28}\
- backup.exe (2636) C:\Users\Administrator\AppData\Local\Temp\{64361D58-B165-4d20-8F2D-71F9065558BF}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{64361D58-B165-4d20-8F2D-71F9065558BF}\
- backup.exe (2136) C:\Users\Administrator\AppData\Local\Temp\{3B075E5A-5298-4a00-93CE-E54A3981E2A5}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{3B075E5A-5298-4a00-93CE-E54A3981E2A5}\
- backup.exe (3508) C:\Users\Administrator\AppData\Local\Temp\{A030B110-AE91-41f9-88B2-C820A195F288}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{A030B110-AE91-41f9-88B2-C820A195F288}\
- backup.exe (2032) C:\Users\Administrator\AppData\Local\Temp\{5BB31489-4B0C-41ad-8C12-389A6D59634E}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{5BB31489-4B0C-41ad-8C12-389A6D59634E}\
- backup.exe (11732) C:\Users\Administrator\AppData\Local\Temp\xWlSxOlUcViDpMvU\backup.exe C:\Users\Administrator\AppData\Local\Temp\xWlSxOlUcViDpMvU\
- backup.exe (3628) C:\Users\Administrator\AppData\Local\Temp\{BCF8B4D6-4572-402c-B220-4733EE018F59}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{BCF8B4D6-4572-402c-B220-4733EE018F59}\
- backup.exe (1372) C:\Users\Administrator\AppData\Local\Temp\{32BD1524-7EA1-4b1a-B3EA-4C8A6033C441}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{32BD1524-7EA1-4b1a-B3EA-4C8A6033C441}\
- backup.exe (11932) C:\Users\Administrator\AppData\Local\Temp\zVaGpLdBcPxTtUtX\backup.exe C:\Users\Administrator\AppData\Local\Temp\zVaGpLdBcPxTtUtX\
- backup.exe (11100) C:\Users\Administrator\AppData\Local\Temp\wMkUzKhHeLxEyVnI\backup.exe C:\Users\Administrator\AppData\Local\Temp\wMkUzKhHeLxEyVnI\
- backup.exe (1132) C:\Users\Administrator\AppData\Local\Temp\{4A963C26-88BC-4996-934F-EB1402DD18B6}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{4A963C26-88BC-4996-934F-EB1402DD18B6}\
- backup.exe (9340) C:\Users\Administrator\AppData\Local\Temp\oJzTySoPvVbPmVoH\backup.exe C:\Users\Administrator\AppData\Local\Temp\oJzTySoPvVbPmVoH\
- backup.exe (1176) C:\Users\Administrator\AppData\Local\Temp\{66B06E63-7C88-4aa4-A8EF-095CE43ED12C}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{66B06E63-7C88-4aa4-A8EF-095CE43ED12C}\
- backup.exe (3688) C:\Users\Administrator\AppData\Local\Temp\{93208D86-C9A7-4005-A93D-E1C1B1D5B550}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{93208D86-C9A7-4005-A93D-E1C1B1D5B550}\
- backup.exe (5548) C:\Users\Administrator\AppData\Local\Temp\bDvDzHhWiXfQgQeB\backup.exe C:\Users\Administrator\AppData\Local\Temp\bDvDzHhWiXfQgQeB\
- backup.exe (10200) C:\Users\Administrator\AppData\Local\Temp\qGbLcZhZgCxYeXyR\backup.exe C:\Users\Administrator\AppData\Local\Temp\qGbLcZhZgCxYeXyR\
- backup.exe (5392) C:\Users\Administrator\AppData\Local\Temp\dIrXrIzRxErSaIiN\backup.exe C:\Users\Administrator\AppData\Local\Temp\dIrXrIzRxErSaIiN\
- backup.exe (6024) C:\Users\Administrator\AppData\Local\Temp\eZoZdSfFnYjTmGhB\backup.exe C:\Users\Administrator\AppData\Local\Temp\eZoZdSfFnYjTmGhB\
- backup.exe (8732) C:\Users\Administrator\AppData\Local\Temp\nGtIbScZiToEmFmJ\backup.exe C:\Users\Administrator\AppData\Local\Temp\nGtIbScZiToEmFmJ\
- backup.exe (676) C:\Users\Administrator\AppData\Local\Temp\{703EE0D0-03E0-4208-AD79-209AC865266D}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{703EE0D0-03E0-4208-AD79-209AC865266D}\
- backup.exe (6480) C:\Users\Administrator\AppData\Local\Temp\iJlYzEpRcCcQgVbQ\backup.exe C:\Users\Administrator\AppData\Local\Temp\iJlYzEpRcCcQgVbQ\
- backup.exe (3108) C:\Users\Administrator\AppData\Local\Temp\{980860C8-10E9-4f55-B732-3966ED9751FE}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{980860C8-10E9-4f55-B732-3966ED9751FE}\
- backup.exe (5260) C:\Users\Administrator\AppData\Local\Temp\fPaMrKiVqZkVlYwY\backup.exe C:\Users\Administrator\AppData\Local\Temp\fPaMrKiVqZkVlYwY\
- backup.exe (4040) C:\Users\Administrator\AppData\Local\Temp\{97967038-950B-4637-A08D-2CF414643DC5}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{97967038-950B-4637-A08D-2CF414643DC5}\
- backup.exe (6108) C:\Users\Administrator\AppData\Local\Temp\bYlQcQwMxCtBlIlP\backup.exe C:\Users\Administrator\AppData\Local\Temp\bYlQcQwMxCtBlIlP\
- backup.exe (10668) C:\Users\Administrator\AppData\Local\Temp\uGaHmTkYcGcUvQtE\backup.exe C:\Users\Administrator\AppData\Local\Temp\uGaHmTkYcGcUvQtE\
- backup.exe (2420) C:\Users\Administrator\AppData\Local\Temp\{2ED3FB63-0771-41a4-A6D2-925779B779AF}\backup.exe C:\Users\Administrator\AppData\Local\Temp\{2ED3FB63-0771-41a4-A6D2-925779B779AF}\

0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe, PID: 3028, Parent PID: 2284

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 920, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 1260, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

System Restore.exe, PID: 2228, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 2492, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 1836, Parent PID: 920

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 1920, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 952, Parent PID: 1836

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 2476, Parent PID: 952

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 1012, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 1148, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

update.exe, PID: 1960, Parent PID: 2476

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 2592, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 2424, Parent PID: 1960

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 2836, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

System Restore.exe, PID: 2080, Parent PID: 1836

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 2644, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 2844, Parent PID: 2080

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 2420, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 2084, Parent PID: 2080

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 2352, Parent PID: 2084

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 1372, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 2136, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 2472, Parent PID: 2084

default registry file network process services synchronisation iexplore office pdf

update.exe, PID: 1848, Parent PID: 2084

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 2064, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 1448, Parent PID: 2080

default registry file network process services synchronisation iexplore office pdf

data.exe, PID: 1600, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 2448, Parent PID: 1448

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 364, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 368, Parent PID: 1448

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 1092, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 2028, Parent PID: 1836

default registry file network process services synchronisation iexplore office pdf

System Restore.exe, PID: 1244, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

update.exe, PID: 2944, Parent PID: 2028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 944, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 2544, Parent PID: 2028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 1132, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 1860, Parent PID: 2544

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 2948, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 2704, Parent PID: 2544

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 1056, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 332, Parent PID: 2544

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 1632, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 736, Parent PID: 2028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 2032, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 2456, Parent PID: 736

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 2192, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 2292, Parent PID: 736

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 2636, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 2116, Parent PID: 1836

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 1176, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 2304, Parent PID: 2116

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 2772, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 1404, Parent PID: 1836

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 676, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

update.exe, PID: 816, Parent PID: 1404

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 2320, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 2980, Parent PID: 816

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 1612, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 1592, Parent PID: 2980

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 2612, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 2788, Parent PID: 1592

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 2708, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3096, Parent PID: 1592

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3160, Parent PID: 1592

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3184, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3248, Parent PID: 1592

default registry file network process services synchronisation iexplore office pdf

data.exe, PID: 3272, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3336, Parent PID: 1592

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3372, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3432, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3424, Parent PID: 1592

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3512, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3544, Parent PID: 1592

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3600, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3624, Parent PID: 1592

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3688, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3712, Parent PID: 1592

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3776, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3796, Parent PID: 1592

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3864, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3872, Parent PID: 1592

default registry file network process services synchronisation iexplore office pdf

System Restore.exe, PID: 3952, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3976, Parent PID: 1592

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4040, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4048, Parent PID: 3976

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3108, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3124, Parent PID: 3976

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3268, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3284, Parent PID: 3976

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3392, Parent PID: 3976

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3408, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3532, Parent PID: 3976

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3508, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3668, Parent PID: 3976

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3744, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3824, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3716, Parent PID: 3976

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3972, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3868, Parent PID: 3976

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 2812, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3092, Parent PID: 3976

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3164, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3352, Parent PID: 1592

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3488, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

update.exe, PID: 3400, Parent PID: 1592

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3628, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

update.exe, PID: 3560, Parent PID: 1592

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3820, Parent PID: 1836

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4016, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4068, Parent PID: 1592

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3300, Parent PID: 3820

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3120, Parent PID: 1404

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3772, Parent PID: 3300

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3788, Parent PID: 3120

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3548, Parent PID: 1592

default registry file network process services synchronisation iexplore office pdf

data.exe, PID: 3656, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3428, Parent PID: 816

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3840, Parent PID: 3772

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3812, Parent PID: 3788

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3212, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4092, Parent PID: 1592

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3604, Parent PID: 816

default registry file network process services synchronisation iexplore office pdf

data.exe, PID: 4132, Parent PID: 2980

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4180, Parent PID: 3840

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4232, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4220, Parent PID: 3812

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4288, Parent PID: 3604

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4264, Parent PID: 1592

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4384, Parent PID: 4132

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4444, Parent PID: 3840

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4488, Parent PID: 3812

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4528, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4592, Parent PID: 4132

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4544, Parent PID: 1592

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4676, Parent PID: 4444

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4536, Parent PID: 816

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4756, Parent PID: 3812

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4788, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4820, Parent PID: 1592

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4856, Parent PID: 3772

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4900, Parent PID: 2980

default registry file network process services synchronisation iexplore office pdf

System Restore.exe, PID: 4940, Parent PID: 4536

default registry file network process services synchronisation iexplore office pdf

System Restore.exe, PID: 5048, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5016, Parent PID: 3812

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5104, Parent PID: 1592

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4192, Parent PID: 4940

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3128, Parent PID: 3772

default registry file network process services synchronisation iexplore office pdf

System Restore.exe, PID: 4144, Parent PID: 2980

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4364, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4416, Parent PID: 3812

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4424, Parent PID: 3772

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4580, Parent PID: 1592

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4476, Parent PID: 4940

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4176, Parent PID: 4144

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4812, Parent PID: 3812

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4548, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4216, Parent PID: 1592

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4948, Parent PID: 3772

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4908, Parent PID: 4536

default registry file network process services synchronisation iexplore office pdf

update.exe, PID: 4100, Parent PID: 3812

default registry file network process services synchronisation iexplore office pdf

System Restore.exe, PID: 4272, Parent PID: 2980

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4420, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4456, Parent PID: 4948

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4712, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4196, Parent PID: 3812

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4388, Parent PID: 1592

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4636, Parent PID: 4536

default registry file network process services synchronisation iexplore office pdf

data.exe, PID: 4688, Parent PID: 4272

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3524, Parent PID: 3772

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4680, Parent PID: 4636

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4472, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4448, Parent PID: 3812

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4932, Parent PID: 1592

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4868, Parent PID: 2980

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4972, Parent PID: 3300

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4664, Parent PID: 4636

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4964, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4600, Parent PID: 3812

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4252, Parent PID: 1592

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4500, Parent PID: 2980

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4608, Parent PID: 4972

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4508, Parent PID: 4536

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4748, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5152, Parent PID: 4608

default registry file network process services synchronisation iexplore office pdf

System Restore.exe, PID: 5160, Parent PID: 1592

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5144, Parent PID: 3812

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5304, Parent PID: 4508

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5328, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5360, Parent PID: 4608

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5384, Parent PID: 3812

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5428, Parent PID: 1592

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5560, Parent PID: 3812

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5536, Parent PID: 4508

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5584, Parent PID: 5360

default registry file network process services synchronisation iexplore office pdf

data.exe, PID: 5568, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5604, Parent PID: 1592

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5756, Parent PID: 3812

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5792, Parent PID: 4536

default registry file network process services synchronisation iexplore office pdf

System Restore.exe, PID: 5836, Parent PID: 1592

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5800, Parent PID: 5584

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5896, Parent PID: 5568

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5972, Parent PID: 3812

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6020, Parent PID: 5800

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6028, Parent PID: 5896

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6092, Parent PID: 1592

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6140, Parent PID: 3812

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3800, Parent PID: 5800

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4776, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5236, Parent PID: 1592

default registry file network process services synchronisation iexplore office pdf

System Restore.exe, PID: 5320, Parent PID: 3812

default registry file network process services synchronisation iexplore office pdf

System Restore.exe, PID: 5296, Parent PID: 4972

default registry file network process services synchronisation iexplore office pdf

data.exe, PID: 5500, Parent PID: 3812

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5504, Parent PID: 1592

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5548, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5736, Parent PID: 4972

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5812, Parent PID: 3812

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5748, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5824, Parent PID: 1592

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5796, Parent PID: 4972

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6056, Parent PID: 3812

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6108, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6132, Parent PID: 1592

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6096, Parent PID: 5796

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5392, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5964, Parent PID: 1592

default registry file network process services synchronisation iexplore office pdf

update.exe, PID: 5588, Parent PID: 3120

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5700, Parent PID: 3820

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5464, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5492, Parent PID: 1404

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6004, Parent PID: 1836

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6016, Parent PID: 5700

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5204, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5192, Parent PID: 5492

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3888, Parent PID: 6004

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5452, Parent PID: 6016

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3620, Parent PID: 5492

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5856, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5380, Parent PID: 6004

default registry file network process services synchronisation iexplore office pdf

data.exe, PID: 900, Parent PID: 6016

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4036, Parent PID: 5492

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5636, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5340, Parent PID: 6004

default registry file network process services synchronisation iexplore office pdf

data.exe, PID: 5760, Parent PID: 900

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 3116, Parent PID: 1404

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5212, Parent PID: 6004

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6024, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5228, Parent PID: 900

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4752, Parent PID: 3116

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5260, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5556, Parent PID: 5212

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6208, Parent PID: 900

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6268, Parent PID: 4752

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6304, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6332, Parent PID: 5556

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6384, Parent PID: 900

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6444, Parent PID: 6268

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6484, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6468, Parent PID: 5212

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6476, Parent PID: 900

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6620, Parent PID: 6268

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6640, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6668, Parent PID: 5212

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6716, Parent PID: 6016

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6796, Parent PID: 1404

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6812, Parent PID: 6668

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6844, Parent PID: 6716

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6888, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6972, Parent PID: 6796

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7004, Parent PID: 6716

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6996, Parent PID: 6668

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7020, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7156, Parent PID: 6016

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7148, Parent PID: 6972

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6152, Parent PID: 5212

default registry file network process services synchronisation iexplore office pdf

data.exe, PID: 6196, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6420, Parent PID: 7148

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6516, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6408, Parent PID: 6016

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6336, Parent PID: 5212

default registry file network process services synchronisation iexplore office pdf

update.exe, PID: 6688, Parent PID: 6420

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4624, Parent PID: 6336

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6704, Parent PID: 6408

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6480, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6816, Parent PID: 6420

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6936, Parent PID: 6336

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6924, Parent PID: 6016

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6232, Parent PID: 6924

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6792, Parent PID: 5212

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6244, Parent PID: 7148

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6212, Parent PID: 6792

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6580, Parent PID: 6244

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6756, Parent PID: 6016

default registry file network process services synchronisation iexplore office pdf

data.exe, PID: 6892, Parent PID: 6244

default registry file network process services synchronisation iexplore office pdf

data.exe, PID: 7068, Parent PID: 6792

default registry file network process services synchronisation iexplore office pdf

update.exe, PID: 7032, Parent PID: 6756

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 5840, Parent PID: 1404

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6984, Parent PID: 7068

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6456, Parent PID: 6016

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6840, Parent PID: 5212

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6832, Parent PID: 5840

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6708, Parent PID: 5700

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6372, Parent PID: 5212

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6992, Parent PID: 1404

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7152, Parent PID: 5700

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6168, Parent PID: 7152

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7076, Parent PID: 6372

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 4644, Parent PID: 6992

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6768, Parent PID: 5700

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7016, Parent PID: 6992

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6536, Parent PID: 5212

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7064, Parent PID: 6768

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6472, Parent PID: 5212

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6512, Parent PID: 1404

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7256, Parent PID: 7064

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7288, Parent PID: 6472

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7264, Parent PID: 6512

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7388, Parent PID: 7064

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7420, Parent PID: 1404

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7408, Parent PID: 6472

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7520, Parent PID: 6768

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7544, Parent PID: 7420

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7552, Parent PID: 5212

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7652, Parent PID: 6768

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7672, Parent PID: 5212

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7684, Parent PID: 7420

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7784, Parent PID: 7652

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7792, Parent PID: 7672

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7840, Parent PID: 7420

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7916, Parent PID: 7652

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7936, Parent PID: 5212

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7948, Parent PID: 7420

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8044, Parent PID: 3820

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8088, Parent PID: 1836

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8112, Parent PID: 7936

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8140, Parent PID: 7420

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8148, Parent PID: 6768

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7196, Parent PID: 8044

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7340, Parent PID: 8088

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7380, Parent PID: 7936

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7292, Parent PID: 8148

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7456, Parent PID: 1404

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7248, Parent PID: 8044

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7700, Parent PID: 7340

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7740, Parent PID: 7936

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7780, Parent PID: 8044

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7720, Parent PID: 8148

default registry file network process services synchronisation iexplore office pdf

data.exe, PID: 7836, Parent PID: 7456

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8064, Parent PID: 7340

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8068, Parent PID: 6004

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7176, Parent PID: 7836

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7180, Parent PID: 7740

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8040, Parent PID: 3820

default registry file network process services synchronisation iexplore office pdf

update.exe, PID: 7656, Parent PID: 6768

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7596, Parent PID: 7340

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7512, Parent PID: 6004

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7668, Parent PID: 7836

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7876, Parent PID: 7180

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8164, Parent PID: 8040

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7260, Parent PID: 7340

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7400, Parent PID: 6004

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8004, Parent PID: 7876

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8144, Parent PID: 7456

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7736, Parent PID: 8164

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7536, Parent PID: 8144

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7908, Parent PID: 8164

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7440, Parent PID: 5212

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8096, Parent PID: 7400

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7540, Parent PID: 8144

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7424, Parent PID: 8040

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 6544, Parent PID: 7440

default registry file network process services synchronisation iexplore office pdf

update.exe, PID: 8264, Parent PID: 1404

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8052, Parent PID: 7400

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8320, Parent PID: 7424

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8360, Parent PID: 6544

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8388, Parent PID: 8264

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8436, Parent PID: 7400

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8500, Parent PID: 8040

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8540, Parent PID: 6544

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8580, Parent PID: 8436

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8564, Parent PID: 1404

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8668, Parent PID: 8040

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8716, Parent PID: 5212

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8760, Parent PID: 1404

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8796, Parent PID: 8668

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8832, Parent PID: 8580

default registry file network process services synchronisation iexplore office pdf

data.exe, PID: 8896, Parent PID: 5212

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8936, Parent PID: 8760

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8960, Parent PID: 8040

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8992, Parent PID: 8436

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9060, Parent PID: 5212

default registry file network process services synchronisation iexplore office pdf

update.exe, PID: 9116, Parent PID: 7400

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9148, Parent PID: 8936

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9188, Parent PID: 3820

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9180, Parent PID: 9060

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7344, Parent PID: 9116

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8344, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8404, Parent PID: 9148

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8464, Parent PID: 9188

default registry file network process services synchronisation iexplore office pdf

System Restore.exe, PID: 8364, Parent PID: 5212

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8632, Parent PID: 9116

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8136, Parent PID: 3820

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8736, Parent PID: 9148

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8696, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8828, Parent PID: 5212

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8836, Parent PID: 9116

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9028, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9052, Parent PID: 8828

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9136, Parent PID: 8136

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8204, Parent PID: 8736

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8448, Parent PID: 9116

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8324, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8552, Parent PID: 9136

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8700, Parent PID: 8736

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8664, Parent PID: 8828

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8916, Parent PID: 9116

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9080, Parent PID: 8552

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9168, Parent PID: 8828

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8584, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9112, Parent PID: 8936

default registry file network process services synchronisation iexplore office pdf

data.exe, PID: 8568, Parent PID: 8916

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8868, Parent PID: 8916

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9004, Parent PID: 8868

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8672, Parent PID: 8868

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8620, Parent PID: 8868

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9012, Parent PID: 8868

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8608, Parent PID: 8916

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7824, Parent PID: 8916

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8812, Parent PID: 9168

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8276, Parent PID: 8552

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7888, Parent PID: 9112

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8732, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8924, Parent PID: 8916

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9248, Parent PID: 8812

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9284, Parent PID: 9112

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9276, Parent PID: 3820

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9340, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9388, Parent PID: 8916

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9472, Parent PID: 8812

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9508, Parent PID: 9284

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9532, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9580, Parent PID: 9276

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9572, Parent PID: 8916

default registry file network process services synchronisation iexplore office pdf

System Restore.exe, PID: 9692, Parent PID: 9284

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9740, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9768, Parent PID: 9580

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9804, Parent PID: 8916

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9700, Parent PID: 8812

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9912, Parent PID: 8936

default registry file network process services synchronisation iexplore office pdf

data.exe, PID: 9964, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9948, Parent PID: 9768

default registry file network process services synchronisation iexplore office pdf

update.exe, PID: 10004, Parent PID: 8812

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9992, Parent PID: 8916

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10124, Parent PID: 9912

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10176, Parent PID: 9948

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10200, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10208, Parent PID: 8812

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10224, Parent PID: 8916

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8308, Parent PID: 9912

default registry file network process services synchronisation iexplore office pdf

System Restore.exe, PID: 9424, Parent PID: 1836

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9500, Parent PID: 9948

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9520, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

System Restore.exe, PID: 9592, Parent PID: 8916

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9524, Parent PID: 8308

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9392, Parent PID: 8812

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9684, Parent PID: 9424

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9924, Parent PID: 8088

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9896, Parent PID: 9948

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9808, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10060, Parent PID: 8916

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10196, Parent PID: 8812

default registry file network process services synchronisation iexplore office pdf

System Restore.exe, PID: 10100, Parent PID: 8308

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10120, Parent PID: 9424

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9192, Parent PID: 9924

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9512, Parent PID: 9768

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9664, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9680, Parent PID: 8916

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10044, Parent PID: 9924

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10164, Parent PID: 9424

default registry file network process services synchronisation iexplore office pdf

update.exe, PID: 9824, Parent PID: 8812

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9184, Parent PID: 8936

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8800, Parent PID: 9512

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10144, Parent PID: 8916

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9972, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9600, Parent PID: 9168

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9844, Parent PID: 10164

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9504, Parent PID: 9184

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10192, Parent PID: 9924

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8060, Parent PID: 9512

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9456, Parent PID: 6004

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9364, Parent PID: 9184

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9444, Parent PID: 9600

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9308, Parent PID: 10192

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9704, Parent PID: 8916

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10260, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10280, Parent PID: 9512

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8496, Parent PID: 10164

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10508, Parent PID: 7340

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10548, Parent PID: 9364

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10592, Parent PID: 9444

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10584, Parent PID: 9456

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10660, Parent PID: 9924

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10692, Parent PID: 8496

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10724, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10808, Parent PID: 7340

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10748, Parent PID: 3820

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10732, Parent PID: 8916

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10912, Parent PID: 9364

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10960, Parent PID: 9600

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11020, Parent PID: 9456

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11064, Parent PID: 10660

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11084, Parent PID: 10164

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11108, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11164, Parent PID: 7340

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11140, Parent PID: 10748

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11240, Parent PID: 8916

default registry file network process services synchronisation iexplore office pdf

data.exe, PID: 9488, Parent PID: 9600

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10256, Parent PID: 8936

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10232, Parent PID: 11020

default registry file network process services synchronisation iexplore office pdf

update.exe, PID: 10540, Parent PID: 9924

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10616, Parent PID: 10164

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10680, Parent PID: 3820

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10668, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10228, Parent PID: 7340

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10828, Parent PID: 7400

default registry file network process services synchronisation iexplore office pdf

data.exe, PID: 10712, Parent PID: 10256

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9788, Parent PID: 9488

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11104, Parent PID: 9456

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10220, Parent PID: 10540

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11156, Parent PID: 9424

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11060, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10368, Parent PID: 10256

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9996, Parent PID: 7340

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10332, Parent PID: 10828

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10944, Parent PID: 9600

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11216, Parent PID: 10680

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11168, Parent PID: 9456

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10860, Parent PID: 9924

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10788, Parent PID: 11156

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11192, Parent PID: 10828

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10248, Parent PID: 3820

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11024, Parent PID: 9600

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10580, Parent PID: 10256

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9640, Parent PID: 9456

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11144, Parent PID: 10860

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10408, Parent PID: 7340

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10968, Parent PID: 10788

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10928, Parent PID: 8760

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11100, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10716, Parent PID: 11192

default registry file network process services synchronisation iexplore office pdf

System Restore.exe, PID: 10844, Parent PID: 11024

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10624, Parent PID: 10256

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10744, Parent PID: 10248

default registry file network process services synchronisation iexplore office pdf

data.exe, PID: 10888, Parent PID: 8088

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10480, Parent PID: 8760

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 9932, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 2724, Parent PID: 10968

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10052, Parent PID: 11192

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10836, Parent PID: 8936

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11300, Parent PID: 10248

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10264, Parent PID: 9600

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11364, Parent PID: 10888

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11432, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11456, Parent PID: 10828

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11484, Parent PID: 10788

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11552, Parent PID: 10264

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11516, Parent PID: 10248

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11528, Parent PID: 10836

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11608, Parent PID: 10888

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11732, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11776, Parent PID: 7400

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11792, Parent PID: 11484

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11848, Parent PID: 10888

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11840, Parent PID: 10248

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11944, Parent PID: 10264

default registry file network process services synchronisation iexplore office pdf

data.exe, PID: 11984, Parent PID: 5212

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12024, Parent PID: 10836

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12032, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12112, Parent PID: 11776

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12148, Parent PID: 10788

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12188, Parent PID: 10248

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12156, Parent PID: 10888

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12280, Parent PID: 10264

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10276, Parent PID: 11984

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11404, Parent PID: 12024

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11472, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 10684, Parent PID: 12112

default registry file network process services synchronisation iexplore office pdf

update.exe, PID: 11560, Parent PID: 12148

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11596, Parent PID: 3820

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11692, Parent PID: 10264

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11876, Parent PID: 12024

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11520, Parent PID: 5212

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11932, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12060, Parent PID: 11776

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11488, Parent PID: 11596

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12092, Parent PID: 10788

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12184, Parent PID: 10264

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8884, Parent PID: 8936

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11504, Parent PID: 11520

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11584, Parent PID: 11776

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11012, Parent PID: 9600

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11764, Parent PID: 11488

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12016, Parent PID: 12092

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11324, Parent PID: 8884

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11716, Parent PID: 8828

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12216, Parent PID: 9600

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11904, Parent PID: 11520

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11268, Parent PID: 11488

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11388, Parent PID: 8884

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11588, Parent PID: 10788

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12272, Parent PID: 11776

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12056, Parent PID: 8828

default registry file network process services synchronisation iexplore office pdf

explorer.exe, PID: 1412, Parent PID: 1304

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11424, Parent PID: 11520

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12120, Parent PID: 9600

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11396, Parent PID: 11588

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11896, Parent PID: 11388

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11420, Parent PID: 11596

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12152, Parent PID: 12056

default registry file network process services synchronisation iexplore office pdf

data.exe, PID: 11812, Parent PID: 11520

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 7644, Parent PID: 11588

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11968, Parent PID: 9600

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11888, Parent PID: 11388

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12416, Parent PID: 11420

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12328, Parent PID: 12152

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12480, Parent PID: 11520

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12516, Parent PID: 11588

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12560, Parent PID: 8936

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12588, Parent PID: 11420

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12632, Parent PID: 9600

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12648, Parent PID: 12056

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12736, Parent PID: 11520

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12776, Parent PID: 11588

default registry file network process services synchronisation iexplore office pdf

System Restore.exe, PID: 12824, Parent PID: 12560

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12876, Parent PID: 3820

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12884, Parent PID: 9600

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12976, Parent PID: 8828

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12948, Parent PID: 11520

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 13000, Parent PID: 11588

default registry file network process services synchronisation iexplore office pdf

data.exe, PID: 13084, Parent PID: 12824

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 13136, Parent PID: 12876

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 13180, Parent PID: 9600

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 13232, Parent PID: 12976

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 13220, Parent PID: 11520

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 13300, Parent PID: 11588

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 13260, Parent PID: 12824

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12364, Parent PID: 3820

default registry file network process services synchronisation iexplore office pdf

data.exe, PID: 12496, Parent PID: 9600

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12468, Parent PID: 13232

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12572, Parent PID: 11520

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12644, Parent PID: 11588

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12700, Parent PID: 12560

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12656, Parent PID: 3820

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12768, Parent PID: 9600

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12920, Parent PID: 12976

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12044, Parent PID: 11520

default registry file network process services synchronisation iexplore office pdf

System Restore.exe, PID: 13120, Parent PID: 12656

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 13060, Parent PID: 11588

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 13064, Parent PID: 12700

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 13292, Parent PID: 9600

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 13240, Parent PID: 12976

default registry file network process services synchronisation iexplore office pdf

System Restore.exe, PID: 12576, Parent PID: 11520

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12684, Parent PID: 13120

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 13304, Parent PID: 12700

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12812, Parent PID: 11588

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12848, Parent PID: 13292

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12752, Parent PID: 8828

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12888, Parent PID: 5212

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 13144, Parent PID: 12684

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11872, Parent PID: 8936

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 13076, Parent PID: 11588

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12600, Parent PID: 12848

default registry file network process services synchronisation iexplore office pdf

data.exe, PID: 13032, Parent PID: 11872

default registry file network process services synchronisation iexplore office pdf

update.exe, PID: 12740, Parent PID: 12684

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12872, Parent PID: 10788

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12668, Parent PID: 13292

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12436, Parent PID: 12740

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12880, Parent PID: 13032

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 11576, Parent PID: 12668

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 2572, Parent PID: 13032

default registry file network process services synchronisation iexplore office pdf

data.exe, PID: 13160, Parent PID: 12668

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12240, Parent PID: 12740

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12620, Parent PID: 13120

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 1504, Parent PID: 12668

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12984, Parent PID: 11872

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12372, Parent PID: 12984

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 8852, Parent PID: 13292

default registry file network process services synchronisation iexplore office pdf

System Restore.exe, PID: 12856, Parent PID: 12620

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12944, Parent PID: 9600

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 12020, Parent PID: 12984

default registry file network process services synchronisation iexplore office pdf

update.exe, PID: 2932, Parent PID: 12620

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 13364, Parent PID: 2932

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 13496, Parent PID: 12872

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 13540, Parent PID: 10788

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 13584, Parent PID: 13540

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 13628, Parent PID: 10788

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 13672, Parent PID: 13628

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 13716, Parent PID: 10788

default registry file network process services synchronisation iexplore office pdf

backup.exe, PID: 13760, Parent PID: 9424

default registry file network process services synchronisation iexplore office pdf

Hosts

IP
114.114.114.114
8.8.8.8

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255 A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	53179	224.0.0.252	5355
192.168.56.101	49642	224.0.0.252	5355
192.168.56.101	137	192.168.56.255	137
192.168.56.101	61714	114.114.114.114	53
192.168.56.101	61714	8.8.8.8	53
192.168.56.101	56933	8.8.8.8	53
192.168.56.101	138	192.168.56.255	138
192.168.56.101	58485	114.114.114.114	53
192.168.56.101	58485	8.8.8.8	53
192.168.56.101	57665	114.114.114.114	53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Name	981233c9ed10419f_backup.exe
Filepath	C:\Program Files\Common Files\System\msadc\zh-CN\backup.exe
Size	40.4KB
Processes	4636 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`c6e622affdac30e1ff2888bd3864d870`
SHA1	`d76ae43a68b391700d17f48df07e0f9512adc880`
SHA256	`981233c9ed10419fbb3f0d515b92840c1bf04f99ec168fd092f1b99bbf987853`
CRC32	`456AC900`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	bfcf5ea19c265c24_~DF62CA2459730626CC.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF62CA2459730626CC.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`9238302095a44f9ad85d29fb971e306d`
SHA1	`231c3c85b221a10333a12fddacebf2326dfb2516`
SHA256	`bfcf5ea19c265c24541b860c4aa35c340ae4f45449b192938c66f1b5c38f495b`
CRC32	`59606024`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6662f8d5750a4c9e_system restore.exe
Filepath	C:\Program Files (x86)\Windows Sidebar\Gadgets\System Restore.exe
Size	40.4KB
Processes	12656 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`41933e34d1c7e771712ce531eb4beede`
SHA1	`1ea10a41d97f720aa2b866c698e7eed8dff09a3d`
SHA256	`6662f8d5750a4c9ea6170f9c05f3d84ac2859302e233a2854bd497786aae6605`
CRC32	`21A518FA`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4ceddd4c5efc669f_~DFF2A223100C971308.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFF2A223100C971308.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`71110329e7a6cd441504afcf3ad56726`
SHA1	`93222db89519e4e1a7a14a2c7d1dab7551e093f1`
SHA256	`4ceddd4c5efc669f7dec70ff1a50ef1138e8315d4659d8f1d36631a2a32a6e2c`
CRC32	`D895872D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2a9e921c9519d042_~DFC88A02B47D194E27.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFC88A02B47D194E27.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`0596c2ff3d37c8de54a3c8068328da50`
SHA1	`cb893b832c5fa67cc1d1ffb658b5ab4f480d216c`
SHA256	`2a9e921c9519d042a98d39c6d4ac9f9c6f5ec769a3b9e3ab6f0a4d4046216193`
CRC32	`BE7270B4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	40efadb6528bdba7_backup.exe
Filepath	C:\Python27\Lib\site-packages\pip\_vendor\lockfile\backup.exe
Size	40.4KB
Processes	9600 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`38e96880c12c7d8b77dcf23a10f9f43d`
SHA1	`5b22c6d47b7f644b7c945fce4bee6f77e8e1462a`
SHA256	`40efadb6528bdba705fdc47eddfb32c2f9f2cf898ea3ac940052ecba8535d02e`
CRC32	`BB641AB6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2baff2f1f3151765_backup.exe
Filepath	C:\Python27\Lib\site-packages\pkg_resources\_vendor\backup.exe
Size	40.4KB
Processes	12056 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`d7312eb8e8a8eb2823daad305e723812`
SHA1	`d4f96439e3157f74ae8d80d939da367e88b151b0`
SHA256	`2baff2f1f3151765459cc855dd5602995dfe094571b9ed21c1c8e56023061751`
CRC32	`16BADB76`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0a73a2854b2a8161_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\lSvSbBjLdZgCvLhB\backup.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe) 9188 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`60ad99c18eec4361084b0fb275b584df`
SHA1	`518a20e311ed87cce6ce0eaae98d92716b50e777`
SHA256	`0a73a2854b2a8161658a15b3e71b16a12d17458006c48e2e6bf56bfe880a849b`
CRC32	`BC5EFA04`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7355f6b7dc7c9c39_backup.exe
Filepath	C:\Python27\Lib\ctypes\backup.exe
Size	40.4KB
Processes	5212 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`ac5840bef6dc82cff55e637498d89b5b`
SHA1	`d08c21ba940d057877144f61116e1473f6fb5cd2`
SHA256	`7355f6b7dc7c9c394f29074ae322fbc68cdb130da1491c47e37b892fdfadb612`
CRC32	`B577F04E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4dc4c4a3483db281_backup.exe
Filepath	C:\Program Files (x86)\360\360TptMon\config\newui\themes\default\Uninstall\backup.exe
Size	40.4KB
Processes	5800 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`b2b7a7a2f86d689117567b8e8e2a85f4`
SHA1	`67dccf1a52acdb1fa5d2dfae45471c026868c889`
SHA256	`4dc4c4a3483db281017b433373699e8e278dc6d0915662c2422ce69befcbe596`
CRC32	`83B52CB8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	bbef99567b48681d_~DFA47A9FDD766FE8B2.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFA47A9FDD766FE8B2.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`e4ff963f70c3ed8e59ea985943204bfd`
SHA1	`02856bee1c8714c58cc270c25402352f56120a3c`
SHA256	`bbef99567b48681d1f2468ad976e2a79b52877ba99cc2400c7fe6318a61b5385`
CRC32	`5F38D7E1`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	69b787d39c93735a_~DF716B1BFC05878CF5.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF716B1BFC05878CF5.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`7d245f1dfecd5c6cda237e946edd680e`
SHA1	`af61f3242c888337aed4547e2da9646dab001fea`
SHA256	`69b787d39c93735a4da8b426c635db76fc9f57373d530cae680032502ff3bf5a`
CRC32	`3CA64C4C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	aa10bab0b6825a6a_~DF462B9759DC52DED1.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF462B9759DC52DED1.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`126173f3ad9f5c275152ffd63017af9c`
SHA1	`ae766a7b402e8d04b9f161834b1bffadad99fa2c`
SHA256	`aa10bab0b6825a6a69f7d93570c951b8720aa1d770ae728b29fed37c07912181`
CRC32	`31B54334`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ccc4d9edb0f5c592_~DF0EFDBE5D176E394D.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF0EFDBE5D176E394D.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`0802cb14035da6a418206e2f3b6164bc`
SHA1	`2c1e7ab7a3d56f60e246076cbc2816b354213944`
SHA256	`ccc4d9edb0f5c59254cab91cdf2a538aa94fb368dd3ccc779111aa5eff5e637b`
CRC32	`365BC148`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2756be81754a3e15_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\{8AB73B70-D74D-4cba-B72B-F8F64933D116}\backup.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`eabb037a168a9930c4c7ff4a7ed3b703`
SHA1	`699016a2eecdac8e59c8746dd061c4c7fef24d02`
SHA256	`2756be81754a3e15fa2b960eaa0fed83b84035c7640ab34c5bfbadaba1303b8e`
CRC32	`805D1ED5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	aaded1bfd236451b_~DF0E027AB54D6D8BC1.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF0E027AB54D6D8BC1.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`8a9c3dd6b8d2a6cb0831c74ef05046bd`
SHA1	`ec50e545b30fd9306bdc9ed126de4fa58d1aa0dc`
SHA256	`aaded1bfd236451bb80df5b4a42aa677125e6befd03fc5830b77115eaec537e4`
CRC32	`BE30573B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2a9e921c9519d042_~DF8BDA0CE7F8E583BF.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF8BDA0CE7F8E583BF.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`0596c2ff3d37c8de54a3c8068328da50`
SHA1	`cb893b832c5fa67cc1d1ffb658b5ab4f480d216c`
SHA256	`2a9e921c9519d042a98d39c6d4ac9f9c6f5ec769a3b9e3ab6f0a4d4046216193`
CRC32	`BE7270B4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7e5bd8954e709dc2_backup.exe
Filepath	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\backup.exe
Size	40.4KB
Processes	9580 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`8b2b9bba129af9a58775825f0e0cf68b`
SHA1	`87140ba32bbc58af1b76b85aac57963fd0e029c9`
SHA256	`7e5bd8954e709dc20050ceaf5a686dbfc1af8ba0792f4f1b2f7df6e01390af99`
CRC32	`BFD467E4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	12d1b20af31427d8_system restore.exe
Filepath	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\System Restore.exe
Size	40.4KB
Processes	3812 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`8c59e6995cba5ac35b80bae686f65c81`
SHA1	`ba10e66feab8025146e0155f5649e4ad1f939de9`
SHA256	`12d1b20af31427d83a5452984c9ca512efb1fb89bb7b9e16ecfb048eb6d07055`
CRC32	`AD4767E3`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	06ea94ab3db30ac1_backup.exe
Filepath	C:\Program Files\Internet Explorer\SIGNUP\backup.exe
Size	40.4KB
Processes	5492 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`fe506af2866e4ce53a7b1a6b9f500a76`
SHA1	`52f6cd4758a1aeafd72d71e5636d99f09a2ecde8`
SHA256	`06ea94ab3db30ac1517b6c170662ce14949889c0b1f0d74b15d1ff9ec238644e`
CRC32	`D24E189E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	aae58499ffdff550_backup.exe
Filepath	C:\Program Files (x86)\MSBuild\backup.exe
Size	40.4KB
Processes	3820 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`06d58f3daeec8c7efa0858773330aaa4`
SHA1	`513e5e22af9c8900e7808b533517500d632da94e`
SHA256	`aae58499ffdff5501d29ee6f742cd567d4bef4a6a2833c5faea944526dea0e9d`
CRC32	`EBA1706D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	091482c9d9c7a8ce_~DFFC0055722DF1E3A4.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFFC0055722DF1E3A4.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`e4bca4d90f3dde27a4f912e0600d9a5b`
SHA1	`e11978873027fc32f50a8ee7f5e7b9cae848df14`
SHA256	`091482c9d9c7a8ceea5d4521798badec5d07d5c416aa1725c883009cebfa7099`
CRC32	`AD68103D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	12f1d7859e82d420_backup.exe
Filepath	C:\Program Files (x86)\360\360DrvMgr\feedback\backup.exe
Size	40.4KB
Processes	3772 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`303289f35a2483f7afc243c62f2bcdb4`
SHA1	`f15b42fac21e0f4d56ca97b6c9fba67386101f4d`
SHA256	`12f1d7859e82d4209f53f2959d21c85b45e056d31adc4c897236345ee9185ac2`
CRC32	`81FC974C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0771bbc511e89a8d_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\qPfNuJcRgGaGiTuK\backup.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`60c84e9a30f01bf341377f0baf8d44c7`
SHA1	`1d7fbd26a837945ba37b51b00bbad8fa6f614a9d`
SHA256	`0771bbc511e89a8d101466169639e6f9a1eb0102c01281d19d9550f32d0b64c9`
CRC32	`C58242A0`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	eddc17a739628942_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\{64361D58-B165-4d20-8F2D-71F9065558BF}\backup.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`b6192346e86ea68551d8b3a0a6a38fd2`
SHA1	`efcab6d6b1c16786ae9dc99bb14edc4d38485c3e`
SHA256	`eddc17a73962894298ed531d45a407aa4fa238efb1256ad3c32991bd88a0d37a`
CRC32	`AF326252`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1b1d3a2ea742f9a8_~DFC9E9BA1CEF91DFA9.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFC9E9BA1CEF91DFA9.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`9c559d9430f91af9d6a7a0ab2d193ec7`
SHA1	`bc33e0d2556df04c89e03ce72d4e42e3428eb803`
SHA256	`1b1d3a2ea742f9a8db38921187abecacfcd6a7338d81ca4afdfd8e8f6890f974`
CRC32	`1D36941C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	132bf668dfd7ba3d_backup.exe
Filepath	C:\Python27\Lib\site-packages\pip\_vendor\html5lib\treebuilders\backup.exe
Size	40.4KB
Processes	10264 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`f06846982f6838503ab08f492e845033`
SHA1	`8ef3915ebc3e1a98ef79c4dcd43cbaf62b6eea6a`
SHA256	`132bf668dfd7ba3db4b098b73dec984cc174e41f4e021c01ca0c6648106b8278`
CRC32	`8E1764B3`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	807ff24fa9b00aee_backup.exe
Filepath	C:\Program Files (x86)\Windows Mail\backup.exe
Size	40.4KB
Processes	3820 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`1e2f29767ae466aafa5babbba582aaeb`
SHA1	`bc2ec4c9cbb37e544bd3cad9187d80b181c751c8`
SHA256	`807ff24fa9b00aee4af62105e9ca5fca913cb40cce6f9f8b5d63e24f8e5c1ff8`
CRC32	`8FCAD8AD`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8b760b95a7857427_~DF40D577C99521A437.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF40D577C99521A437.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`980870a57e9401d2e09bf750ea080794`
SHA1	`6e4f6f557b9e90c144ecfc53a8c10649f4e16ae9`
SHA256	`8b760b95a785742771dee67d1f19d5927f6857242049c3fa565829c4d7cf52c3`
CRC32	`EDCA3698`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1e6f6a67daba6349_~DF6FDA4626E7A9A766.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF6FDA4626E7A9A766.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`0335a4e5b82f4177353c7ab067bdc714`
SHA1	`3c680a67b267230f1062e969d909b94d38c1c8b0`
SHA256	`1e6f6a67daba6349249dfd69cfc6c428f4e4a28285795e65032f9c6f73d8a1ea`
CRC32	`0A9366AD`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e8a5783a2872f53a_~DF2AB4C271C815CB4E.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF2AB4C271C815CB4E.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`38af7f943f0938089a9774029a206a2a`
SHA1	`232b7c773d7b81d5fbc46fb1a4058bbd5c4ecd95`
SHA256	`e8a5783a2872f53ad08c4abb158bfce9773d2322a5540d7f37a8a422a2669cbe`
CRC32	`BD4F8FAE`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ad9925870d31040d_~DFA001E1F829FC829E.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFA001E1F829FC829E.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`0c1f77271be19d27d8b882537a267e2f`
SHA1	`a0a7f4265de4ade6e4491a6406e04c02fcfa233a`
SHA256	`ad9925870d31040d81b456a3f42d6c579aed10fefdfc17b8f37b23ca48c2eced`
CRC32	`6AAECF30`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4d421a9b91380d54_~DF97F0F5BBC3CDFC44.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF97F0F5BBC3CDFC44.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`dd2dffbde5a14b5b2c540abba982fe9a`
SHA1	`df83f0a16e303c567f7228e412c107989337b391`
SHA256	`4d421a9b91380d542df4907e82fe2e3b1c2af51fc7b496b5d55d6613227b9e53`
CRC32	`DE80929D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3266fc26e3f2b8a6_~DF95DC0F263491CE21.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF95DC0F263491CE21.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`3fe3e2cd1c77f5764ef4517ba6a58a89`
SHA1	`bbe1cdc50ae21d743402ca849fd9207f82261a49`
SHA256	`3266fc26e3f2b8a6a1490a8431964d2dd93d71582fa2ede84f868d4fc2cfe0d8`
CRC32	`46DBB439`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	15ebf01b3502a081_~DF1BF3C917B5A6ACA2.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF1BF3C917B5A6ACA2.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`6096b2b8bb3a81f65c7958923982efb9`
SHA1	`121fb7d329a947a7107e524b78808690a7a67a55`
SHA256	`15ebf01b3502a0819d2cba373ac26cb7897ff556e8eae118cac385ef661114df`
CRC32	`A362FDC3`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7dc2cb6e4c50f086_~DFC8A62D949C7A9802.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFC8A62D949C7A9802.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`056221db824b22ff11943670ca672342`
SHA1	`857da8df1cfd651f2617bc6e4cc045ac3d2d2d1f`
SHA256	`7dc2cb6e4c50f08692ff42d04c05dc0b30a33b9d3af9bbda97fd036a405f4f2c`
CRC32	`983B4B33`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	09afada530b9a54d_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\{4A963C26-88BC-4996-934F-EB1402DD18B6}\backup.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`19f9068de0576469b8cb8249c71f4f8c`
SHA1	`ed5e2b96523668eb85db1a22c59bfb741e8a6a1a`
SHA256	`09afada530b9a54da61a2d0dd06446c99b0216b715ec74b8338e2f80ef5a9930`
CRC32	`363B33E8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	24f3f821dcdedcef_backup.exe
Filepath	C:\Windows\AppPatch\en-US\backup.exe
Size	40.4KB
Processes	10164 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`37dfd951b5ff13bc4db6759e307f9154`
SHA1	`a25e7b21099cf4f1fc021cd16cd2b7e13fa820a4`
SHA256	`24f3f821dcdedcefe8a6f02980efa25273a2e8384e4d0f4e0e7c12e0db99ce5d`
CRC32	`ED3612AD`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	907d85ee93471e74_~DFD148019F3AE11A21.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFD148019F3AE11A21.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`4fc58c8c55a4e040e86a2f1cb7efb1e6`
SHA1	`23479e7fb4bac6e09fef1eb2c0bbb0b60160a6fc`
SHA256	`907d85ee93471e74239849a709ff5ea34c907a2aaf0f0461766d1958b628d73a`
CRC32	`3E10AE59`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2569aee5aa9ca21e_backup.exe
Filepath	C:\Python27\Lib\site-packages\setuptools\command\backup.exe
Size	40.4KB
Processes	12976 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`18fbec302f7609617dd31d6a2c52fe94`
SHA1	`c4f3076e65aa61b31c3ad47420e98c88564cc667`
SHA256	`2569aee5aa9ca21e9fa0a6ee997d7b629a5ad3b8f0ec6242267c3889a7e6df7a`
CRC32	`F976D06D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	04a06df95ed071fe_~DF6A771D159C693FB2.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF6A771D159C693FB2.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`c2df8cc006da4419f799d125b6eb78b3`
SHA1	`300615a18f5827f0a60408888b4e1dfdd3a7c95f`
SHA256	`04a06df95ed071fe55fce672b7f7fb86a982c3234e8a8c1766d3d6b16da81bc6`
CRC32	`2DD07988`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d6585dc88f646cc7_~DF9EB9F79BAD59E48C.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF9EB9F79BAD59E48C.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`d6ca0a5a3ed22a04bb18d2d3f07f85d0`
SHA1	`d16e395545921fb7c8ee0d93448cb7f5bb378a51`
SHA256	`d6585dc88f646cc76cf4f84f85c3cdabd645d01080689d8e591861da91f59434`
CRC32	`25FB2512`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	69509b477311bc28_~DFF645C6BDF80D073C.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFF645C6BDF80D073C.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`23888367d2ffa8fb893d8cd8e77dd235`
SHA1	`bbe3af6089fb3cc0a825503246cec4315f03782c`
SHA256	`69509b477311bc28625474796b74666d842712fbdf94a24cec9fede68e6b3fb8`
CRC32	`1F0B1B62`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3596276158dd2697_~DF7F0B4E84F09A1F88.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF7F0B4E84F09A1F88.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`7d9c8385d4234417b5ccc5b93a1de95b`
SHA1	`150e4092716b77a20d438de3412904675dbb48ca`
SHA256	`3596276158dd2697a84dd856aecc07d3e287dc5c15de20032127c2907ac2b9ab`
CRC32	`A5FE43A3`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1a8acd00bd01284d_update.exe
Filepath	C:\Program Files (x86)\Common Files\System\zh-CN\update.exe
Size	40.4KB
Processes	6768 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`ef2b042d479227c19bf6a49b3c8e12b4`
SHA1	`a43ff2b4fe55da16728f3678bddbd7910c28705e`
SHA256	`1a8acd00bd01284d153a8a4106d5dc87e6c62882fa7cb4b45a6add68397a6a62`
CRC32	`5F81BF54`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3cc00abb89a0df81_backup.exe
Filepath	C:\Python27\Lib\site-packages\pkg_resources\extern\backup.exe
Size	40.4KB
Processes	12056 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`f06dc8ced7365519036d7babd58bf8e4`
SHA1	`b1d5d72307c8c757d28274f6a9a2e2eea4a44c2c`
SHA256	`3cc00abb89a0df8118f05ade23108af01d17aa7018d9c46367d69a449725d61a`
CRC32	`61BDEBE0`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d8b462ee16b5f66f_~DFB3F35A7DEBA38458.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFB3F35A7DEBA38458.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`c39b69e038bd43be98face96dde27f16`
SHA1	`d504f786ebf1e1b65c728f793f4609ce5fe4f066`
SHA256	`d8b462ee16b5f66f4d5a89864a42b18592be94e701e7b1efbd98fc1c606170f2`
CRC32	`1B51FB69`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ba786cdcb6a643e2_~DFA7C54A013A80A990.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFA7C54A013A80A990.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`78539023a6520ff07b6a0e9b7e96e3b7`
SHA1	`4dd7c4e49e2eb785c509aed3b39f48faa164d004`
SHA256	`ba786cdcb6a643e20702717acebbd70eaf1a246f40d8d2ac7371567263e2ff1e`
CRC32	`808F4C08`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1526ce3aff3e259b_~DF7BE006E59B710153.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF7BE006E59B710153.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`4806f2639e26f490c46bf3da2ff5e1d1`
SHA1	`47e4d70a4ad1464208af8decaaf31a8caa573008`
SHA256	`1526ce3aff3e259b3b35d13b46d9654c17aa241d3fb6ea90dd87ad48dbfbd7e1`
CRC32	`BD76BA6D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e5e8087ff0b573c9_~DFE59093B2CBB266DD.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFE59093B2CBB266DD.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`97b5bb8fd8857545e9389ca40a212eda`
SHA1	`511f188d2e4ca1161e1f220f434e66bd672e2938`
SHA256	`e5e8087ff0b573c94bb9c70cd3e00a40ffc41f6b18791ed503363f721cc3afc0`
CRC32	`9E7B6491`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c6cf355d5ce54a9c_backup.exe
Filepath	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe
Size	40.4KB
Processes	3812 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`4a356b2e0ee755a6a6d56350d771c54a`
SHA1	`3199fe6fbee9818d576e6864c80bb87cd9f2b870`
SHA256	`c6cf355d5ce54a9c7951d617b13365f8ef2929df6f84f5f0a9d92b26cc542549`
CRC32	`204F6A16`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	439e88b052335b41_data.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\{3F1CD59C-5BA3-45ab-9381-3F5315427EA3}\data.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`ea57c92cc4070f3e9cbcd29a37902137`
SHA1	`7555f847d7a38aaee2ab143780cdbbf7db7651ed`
SHA256	`439e88b052335b41a39093281c4b89d1e854dc70189a650ca1e61dbb26e78181`
CRC32	`A85FA64B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	93b424ac09cfbeae_backup.exe
Filepath	C:\Python27\Tools\pynche\X\backup.exe
Size	40.4KB
Processes	11020 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`c3f3b268016756ff8fc0f31b63dea1a2`
SHA1	`97f042ba40da1de8498583020e6c5f3d304ec91e`
SHA256	`93b424ac09cfbeae9b9739dba1c468e0d6f5c40d286c5e45360fc7cc87f9bcd2`
CRC32	`1E1AADE9`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3e315bb2003c6ad8_0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.dat
Filepath	C:\Users\Administrator\AppData\Local\Temp\0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.dat
Size	1001.0B
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	data
MD5	`3a94f5d994adcbae6618c07ce396dacb`
SHA1	`0bff39edf0fd7697c117d455abb15fbe70d1f64d`
SHA256	`3e315bb2003c6ad8a3e9b4d265829ff6479e2ccf0762705e5b0f7a98cb6ea4b0`
CRC32	`5D88DF62`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	219694933d8a1e28_~DFDDADA9ADED32E476.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFDDADA9ADED32E476.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`57d423cf0e21d3ea60d15fb7f312c1ee`
SHA1	`700d2b1ad9b92efbcf9f98dbfae7e92fdde4ef3a`
SHA256	`219694933d8a1e28ed85412894d857d8cb61c3a1cfd046faf6860f863c7951f0`
CRC32	`2D4F6E9E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e9f649d0c15d2a23_backup.exe
Filepath	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\zh-CN\backup.exe
Size	40.4KB
Processes	9148 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`d36791fed45b8a55c51a44ef718985ac`
SHA1	`a4a5b838538f1e0d6742773edf97de8fe136325a`
SHA256	`e9f649d0c15d2a23413039af221e16e4f1c24c9fa5579020d04c0c20646f6240`
CRC32	`2137A0AE`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	cb28694bd51de416_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\zVaGpLdBcPxTtUtX\backup.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`f7e76ff596cfcc181ee23f192fdc2b09`
SHA1	`4113e927f7045d78796072fceef3b26c48bd573f`
SHA256	`cb28694bd51de4163210cf935d905fe0ebb66a0c3d89a6bb99c7e7d4abbecb9c`
CRC32	`A6842E79`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	efaf299f3c8dca88_~DF2F2173B2AA60949C.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF2F2173B2AA60949C.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`cbf7feeb9d852b184bf68ff8fdbaf0ad`
SHA1	`0ba418a5eed9f3810cfdfdba30e543dd2bce4742`
SHA256	`efaf299f3c8dca8879ab57f1a52182184e53603105a363b003bc649e1df86073`
CRC32	`3EEB6A5F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5bd67a466f0a9d26_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\iJlYzEpRcCcQgVbQ\backup.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`df165ed42571240197b41aeb82459a2f`
SHA1	`c09d22307962be8d13f2b6d81fd7a18679b4cbb2`
SHA256	`5bd67a466f0a9d2660a69114cbfda8a73978ee777578fef5ec2c8d150e6a5338`
CRC32	`0A38D739`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ccc2868e0bb158ae_~DF4AF07318F52B347C.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF4AF07318F52B347C.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`f008a0288386ed128b0aa3a6a0354a0f`
SHA1	`5608ea6569bb040d374b42ee50726ec5bd9ac6cb`
SHA256	`ccc2868e0bb158aeffa44871cd2d7a54c1cef368b1446d536294ae24824683fb`
CRC32	`E437E90C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6359af8557e4d091_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\{E3718C7E-DD72-4ca7-BA47-4A7230AD86CC}\backup.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`47dc0f46b5ca3e32c95e7b19853035fc`
SHA1	`ef75a12811f302982cbe37b3332d0d7271e60ced`
SHA256	`6359af8557e4d091d36ba143b6bd75d64b1500a6ab31a1aa3d9ff9dc54e8a47a`
CRC32	`67E533D2`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9e13632d335697ab_~DF99B9F2EAFE1E8F3F.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF99B9F2EAFE1E8F3F.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`68408f6a3ce65395ba8808dc59eba803`
SHA1	`004680dd447cdaae6909b9a6deb394708d0a9453`
SHA256	`9e13632d335697ab80b9408dcc444c5607c64448aefeec6859e7d55c1a774568`
CRC32	`FD89B617`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	affee0338b26a83b_~DFE7D5C05509ED79C6.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFE7D5C05509ED79C6.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`c4954d326923795c8e69b68d7bdc99b5`
SHA1	`875281f1a6ced79a6f142552dd7707a2eacef353`
SHA256	`affee0338b26a83bad7bd94973ee6020628545205404efcd0cdcc60781b99ba4`
CRC32	`ADE32643`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0d84543a160f09e8_~DF826F8BF546396FEB.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF826F8BF546396FEB.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`ce9793d8fc56049b3c60a1ce6351d609`
SHA1	`db673c061169c8be207507b2356b0ab2b1567644`
SHA256	`0d84543a160f09e820a5e670a677ef50a67b461bf84348ec54f8b260974ac7d9`
CRC32	`85F6FDA0`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	aa500aea3e70f1b5_backup.exe
Filepath	C:\Python27\Lib\site-packages\pip\_internal\utils\backup.exe
Size	40.4KB
Processes	8812 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`023e540117e224206b4f7d46071f180e`
SHA1	`385659d9aa43034b15858df7c64f6c9cdaec848b`
SHA256	`aa500aea3e70f1b567a42b7a55e6d533ae02704d44298498a183ae5d7e3ba617`
CRC32	`44405D95`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	bc90678838d231d1_~DF59D89D2650FF106D.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF59D89D2650FF106D.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`7c453179bcc3f527fa7293ec19537978`
SHA1	`171be7849c2b2a466d05d38b0c3b789c2411c265`
SHA256	`bc90678838d231d1590edf4616c14ded35a52ba6617dae64cfc8da59833ec30e`
CRC32	`327F3337`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a96496e792a8add7_~DF05A2719274A08332.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF05A2719274A08332.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`9615339097cd75d7eebc51c33df3d773`
SHA1	`0245bdd4c5e2296a4d7b509ef168c82eb59f218c`
SHA256	`a96496e792a8add7a54d1c1544967d2ab5e8e4102f7f575e543295d66b3af013`
CRC32	`5194671A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3e67c729a026eb10_system restore.exe
Filepath	C:\exsrjwtsit\System Restore.exe
Size	40.4KB
Processes	1836 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`7d0fbdec0193e4367c33f28a0a22db98`
SHA1	`d29d87905d1bccbd691b23bdb482771343c2abe5`
SHA256	`3e67c729a026eb10d0f5f3b0689cc042e0c0253523d05ce4d30caedf8bce05f0`
CRC32	`E17DB246`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	85e939edfce15a80_update.exe
Filepath	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\zh-CN\update.exe
Size	40.4KB
Processes	12620 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`fb5dd6eb2179e9a48c3632de97423124`
SHA1	`c2dc1e40ef5a15396c4c7ec73a233efffef0fb51`
SHA256	`85e939edfce15a8098a1861007628bbe16757fc64671096afe4afc86d100d37e`
CRC32	`4FB6AE46`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1fff340a7419503b_~DF199BC987D7339389.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF199BC987D7339389.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`84f68c07d2da3e3b523217d23b02cb22`
SHA1	`6c05f158cdf2bc3919dfc787d293857946b0fea8`
SHA256	`1fff340a7419503ba5fb8751591d9911151501f9a1343cbdd3f944380e4f71bc`
CRC32	`9343632E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c43449c05f984c80_~DFD45CB1783F871FBC.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFD45CB1783F871FBC.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`51fe67208332048bc6d905a442012e58`
SHA1	`d983ed0a36547ce09c63405d8622885a9e11de9d`
SHA256	`c43449c05f984c808480b2ab7f302e13527d9daef1d83af257d72ecf1a95836f`
CRC32	`C8F5D025`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4c5f96bd1473949c_~DF43968FCBE6A05894.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF43968FCBE6A05894.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`db601da2b816c99a82e065e92e62eef4`
SHA1	`3be2a0257b59e697f8bba542900a24e0534a9a9e`
SHA256	`4c5f96bd1473949c100abe565aa21ab7338bf026a32fde38941795eac9074f4e`
CRC32	`5A9DBE68`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	64b9d43a50e63aad_backup.exe
Filepath	C:\Python27\Lib\site-packages\pip\_vendor\cachecontrol\caches\backup.exe
Size	40.4KB
Processes	9444 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`ca04a2fae4ef8e1ec24eda20708b726e`
SHA1	`7585686442907413b1224d07d0187bdc09aeccc2`
SHA256	`64b9d43a50e63aad99783024bcc9f44d47a698ffa236e799b53a66a34c688211`
CRC32	`03E0052A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e1404ae4b9c00bc4_backup.exe
Filepath	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe
Size	40.4KB
Processes	3976 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`bdd13816504a62fb5090637af638c204`
SHA1	`a9b43a0f025813cdecec4cff1cf21516d67b2062`
SHA256	`e1404ae4b9c00bc45851044be4e464f83983eb4f1954c871bf48893a158b67dd`
CRC32	`60DC6A07`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7d441050602bfd0f_backup.exe
Filepath	C:\Python27\Lib\test\backup.exe
Size	40.4KB
Processes	5212 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`251cf894b16f95718f43e5c71a04787f`
SHA1	`ac84ed7765e15629ba9eb8174ab6b9fd5fff3b92`
SHA256	`7d441050602bfd0fa210387153a43fb4a8fd405c07ac8db28dc38387a7e87e12`
CRC32	`8974149F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	407ce4ee06ac3430_backup.exe
Filepath	C:\Program Files (x86)\Windows NT\backup.exe
Size	40.4KB
Processes	3820 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`fc7e312da011b5c192a036df88c3ed61`
SHA1	`91a8cc36627e8a9bbfcafbef81d2c9a71e54ace6`
SHA256	`407ce4ee06ac343058d677933abbba38766eeff8ee40357cd6e52abdc9cfdd48`
CRC32	`61C4B981`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	62b35df79fd180e8_0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.zip
Filepath	C:\Users\Administrator\AppData\Local\Temp\0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.zip
Size	29.6KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	data
MD5	`ceeaccf6783734efc5b92c7c17bc0f32`
SHA1	`a0ce70d4b026fd2f4a6fa8cb9be999f803fc3d43`
SHA256	`62b35df79fd180e8579a939a162aa09ff6939c60237ba2870de3ea8fd2aa5bf8`
CRC32	`C7E78C0C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	77b19e32b4813e96_backup.exe
Filepath	C:\Python27\Lib\lib-tk\test\test_ttk\backup.exe
Size	40.4KB
Processes	6544 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`a372168a94203740aa82df557bcde45c`
SHA1	`c1228dbcc138d980d318203c8d46a743d1a95e0c`
SHA256	`77b19e32b4813e96b04e9493d97bc00fbcabac410b0d43dc874757b3f18fc4dd`
CRC32	`02311991`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8a93a371520c90ca_~DFDF64CC13AC72F910.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFDF64CC13AC72F910.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`2240fe0f5f6691c2ecf0dcc0a754ab9b`
SHA1	`e8a7c0db089f7f2fdb5b7197dbf2f8ec88b9694e`
SHA256	`8a93a371520c90ca9a42ca0a03124093b5cadbd0a6ad4cfa3f1980f650d70657`
CRC32	`12EE4654`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	518761302d6acccd_~DF7E81D51FC2E45213.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF7E81D51FC2E45213.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`fd4455ba00386799d5057d1fb5f4c2db`
SHA1	`746908faa10aca72f86d0d7fca37b3d83f11a0b6`
SHA256	`518761302d6acccdf3abe4707d0e947ef22b65e6728f0ca852517ae16aeca716`
CRC32	`3B543BEB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ab3e0290b252e800_~DFF3CA19A9EAA9012F.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFF3CA19A9EAA9012F.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`ac414b86b558d002c53b6266cc2b0c3c`
SHA1	`81c88a40d5ea45182b72c06c00fb910976219298`
SHA256	`ab3e0290b252e8000d44dce050b87e794d5e5e544ce71c8499cfab7dbfc151a6`
CRC32	`BBA3662B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0a009cbca6d896db_backup.exe
Filepath	C:\backup.exe
Size	40.4KB
Processes	920 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`ce4414f1bfa3462aea9fea6e211a8152`
SHA1	`cb80c9a4ade7aa68214852202c9c3739f364a832`
SHA256	`0a009cbca6d896db56481a0e04cd089a46531c6fa2fdd30a4eda2b951642568b`
CRC32	`93ABB2E8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	bedeae42ddef5b9b_~DF5E3E07277AE07703.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF5E3E07277AE07703.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`35da636d2bf8fb04a7dce3d429e3fab4`
SHA1	`d2ed356adaf925d6da4355e45075f7032dfbc17c`
SHA256	`bedeae42ddef5b9b0fc909eefd52267cf31a935707ddbd7ff2021eb1d538b174`
CRC32	`2AE48BE9`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b0efa7be74d317c7_~DFFF7FB41FB4FABB9D.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFFF7FB41FB4FABB9D.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`25df9c15c330a808ebeb39bb13025ee6`
SHA1	`e2695aa8cefe0b63016019355293a05999867a54`
SHA256	`b0efa7be74d317c783444ac4dd0f375c554d48eb976c19750ac6542fe25a990a`
CRC32	`A5E4D517`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2f8ec27878657e25_~DF2FBE17C1BD937BD9.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF2FBE17C1BD937BD9.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`1fa05af5db4780a8cfdd1dddc8d1e1d8`
SHA1	`a6be8d7502c8d41c75f2d80156020b9298923e65`
SHA256	`2f8ec27878657e25b316bc67059987714f9da5b38d03adc0710049f34ef7c90b`
CRC32	`933C7640`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9961594c1f9cc00a_~DF8EC4DB91E6923DE4.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF8EC4DB91E6923DE4.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`32e65b24f1d27b9e856e18bd8255cbdb`
SHA1	`b67c0e9bea10eed30a6b20d83c0bc0cc8d3ca1a7`
SHA256	`9961594c1f9cc00a2e976ecc7d80690b612d13ad9733a5053ea4b52c88444929`
CRC32	`9157CAD1`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	24422ba28b4c358b_backup.exe
Filepath	C:\Program Files (x86)\Common Files\microsoft shared\VC\backup.exe
Size	40.4KB
Processes	6016 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`4afe91b9465d9614729964a093ba2041`
SHA1	`f874b72e3ee7d59ec65b5c6f52cdd9266f804d72`
SHA256	`24422ba28b4c358ba4ee5f724dfb80cc7f791b4d6f66c6976d28cbde17757e9e`
CRC32	`BC408584`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	bd82d6fec3530836_~DF73C72AEEDFF43E3D.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF73C72AEEDFF43E3D.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`f00eac039241f4fa7d2720ae2f9c04dd`
SHA1	`ee5066459e4d19bafbf5222a8c929f246912282e`
SHA256	`bd82d6fec3530836757c477e9eccfe38919855350046d70823a19d14f0d50472`
CRC32	`D767D3FB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b5c8711efc18c86f_~DF63B420EBC5C81F56.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF63B420EBC5C81F56.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`692ed0c9eb1d663a420ff42dc349e091`
SHA1	`58407dea7c0ded3529184ea9e8cb3d427fa29811`
SHA256	`b5c8711efc18c86f8e0b1e1c10442b1b1ab85afa0ea2af10f7cf1e39127f34cd`
CRC32	`92220BD6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	fdef1592f0f8bd84_~DF71DB3858E9E094E0.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF71DB3858E9E094E0.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`fffeab73ecd3dd09389576fd6955da9b`
SHA1	`2222a190cfe1375c3b7af616c18b907bee6ce61a`
SHA256	`fdef1592f0f8bd84a3d0a7a504c6a432a6bba71eff2e4ddf3a274603b5d5220c`
CRC32	`92D4A42B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	29290f8185290099_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\oVfHsWqRuWpHrVaC\backup.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`b3b40c16e1767329c50c95a131f1dbea`
SHA1	`3fc8e8f09bef7763e51989facf4fdb41ee3e9c87`
SHA256	`29290f8185290099af5db97737d70b29f68f8a38ec173294317e6b58c1f41274`
CRC32	`5C8B131A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0283864f1967e5bf_backup.exe
Filepath	C:\Python27\Lib\json\backup.exe
Size	40.4KB
Processes	5212 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`aa97cfcad209a3d96d92d45b7a193aae`
SHA1	`c2a5e64420f1129ff8e6768715d7b383429fe636`
SHA256	`0283864f1967e5bf5fb6393db6159fb6823d8533b551ec3aa2740732f25bcceb`
CRC32	`E3C4346D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	81052149d14e33d6_backup.exe
Filepath	C:\Program Files\Windows Journal\zh-CN\backup.exe
Size	40.4KB
Processes	6992 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`10d06026f6fe47cad1c2094db5170973`
SHA1	`00bf133a2e570a8eecec44b507e22820b7ce746b`
SHA256	`81052149d14e33d6022eb4c9ed9c0c9063ec37f68029c7ee3ea4d6eedfaa90ae`
CRC32	`8E63F1B7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	aaaaf446809df289_data.exe
Filepath	C:\Python27\tcl\tcl8.5\tzdata\Africa\data.exe
Size	40.4KB
Processes	8916 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`4ce77a8fba3f9b12d976581749636e89`
SHA1	`7e071f783e0eeedbc032cd9a92b67f94c56f8117`
SHA256	`aaaaf446809df2890cbeef1095981656496bba2770d63a84c8f50b20894534ec`
CRC32	`7A99AF92`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8cb4a6c4b41dad38_~DFA84808FC9BBC6FD5.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFA84808FC9BBC6FD5.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`88b73966af90836e23cf122f451f8c47`
SHA1	`7ef7ffc49d688d7c72e3fa7cbb33da9ad8eb8b93`
SHA256	`8cb4a6c4b41dad38198c311d6a2e6efdbd854c9bfc6542244f940bdcbf182fc4`
CRC32	`C2694A1E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3f5444088b71e4e9_backup.exe
Filepath	C:\Program Files\Common Files\System\backup.exe
Size	40.4KB
Processes	816 (update.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`a21b80911db7af622b1adb821cae1f24`
SHA1	`7845c0150b59156c058a611a46dd1ffdcb53192e`
SHA256	`3f5444088b71e4e962d3237b144c0b9ec761b67c6577bec0aab216f1f047c785`
CRC32	`ACC8D1C5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c37c454fc4ece2a5_~DF867A8EA145585461.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF867A8EA145585461.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`28831856b4748d09d501720bdf68b011`
SHA1	`cd165861d4c465ad35613816521ae70bbf9e6d80`
SHA256	`c37c454fc4ece2a5aeea441c419ecfd180adaefc13d35ddba4e4af45da714aee`
CRC32	`3D1E2D27`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4acb26692ca9d14b_backup.exe
Filepath	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\backup.exe
Size	40.4KB
Processes	8936 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`4f4f84b8cf1b74d98e827acfbfc86997`
SHA1	`c9c31e4cc425f254c5a7b99301ec3d197342174e`
SHA256	`4acb26692ca9d14b6b1443d2e8c33cccacc99c4170be3575fb3db2ebbd40933a`
CRC32	`8FA07D93`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e5b834746d5550c6_~DF527462F6FF520EAD.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF527462F6FF520EAD.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`2d8a91e5f2454090f3be5e7449178082`
SHA1	`79cc38ac3a4f4adac66218fd301c86032152c130`
SHA256	`e5b834746d5550c66ddb226c9c5dfd6f4b67119adae4a0b4544ed1d7aab83175`
CRC32	`DD7CCAA7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e4fa51c08b4c1cd5_~DF82F866B775F1241C.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF82F866B775F1241C.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`c33d54bd6891683fc15fec73a305386f`
SHA1	`a4ca73b6f7b32ac21efca4cf1abcd260626e4a69`
SHA256	`e4fa51c08b4c1cd51335d1eb88afe813532b7042d9240049d0dd9bc483357305`
CRC32	`9A2DC83D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	cc2c998e9c18ba09_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\oJzTySoPvVbPmVoH\backup.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`b24eb4ef0d3d2892201087e682401cc2`
SHA1	`bb52f155a2ea803c6df6d2a61e129b5bb7031113`
SHA256	`cc2c998e9c18ba090f5ff098be08440bf78b9e71287eb32a4bdafcafccad2fa2`
CRC32	`2B8C238C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ea1c8895a9e5ce92_~DF70F9463623A9B099.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF70F9463623A9B099.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`ec7c35d14deab04805e7021e67117010`
SHA1	`1446cb586b454441426a990b9a1cfde7eaea41f7`
SHA256	`ea1c8895a9e5ce92c6252263acef6aef68d429153aae771c77557ff0685e9a4a`
CRC32	`74E2454E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c707cf25a04313ba_update.exe
Filepath	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\update.exe
Size	40.4KB
Processes	6420 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`6ad1963b8a2d0a16b5b83174a410cbe4`
SHA1	`8d43aa5035ccb8e190e5781e1fbdbf415512f5d5`
SHA256	`c707cf25a04313ba72bf9b8b3ebcd59f582b0b2c99dc9a5b3cbee32ca7df50f7`
CRC32	`19BA02DD`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8c76b580b1640589_data.exe
Filepath	C:\Program Files\Common Files\Microsoft Shared\MSInfo\data.exe
Size	40.4KB
Processes	2980 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`1f26e8e61997561bb066557df019d390`
SHA1	`c381686f0a2771189b7070db90d1fe28c4652325`
SHA256	`8c76b580b164058992162c85a8e9019708351eb88fac98a8a0bbcbac5ffd2060`
CRC32	`A3267F5A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1526ce3aff3e259b_~DFABF7393A0236341A.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFABF7393A0236341A.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`4806f2639e26f490c46bf3da2ff5e1d1`
SHA1	`47e4d70a4ad1464208af8decaaf31a8caa573008`
SHA256	`1526ce3aff3e259b3b35d13b46d9654c17aa241d3fb6ea90dd87ad48dbfbd7e1`
CRC32	`BD76BA6D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a2570621b90ef77c_~DFE6537A8FB024440B.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFE6537A8FB024440B.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`f348aff846f34ec4bbc69817f4532be7`
SHA1	`8e4eb6b7bec8e6415798532b3610bb97019c66db`
SHA256	`a2570621b90ef77cc5e50b300bf9eb73077d62a5d9ca0409087635a69244fc63`
CRC32	`4758224E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	91ac032fb6cda687_~DFB368911402D16DED.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFB368911402D16DED.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`9c5cc71eff004cffcfa25345193c93a3`
SHA1	`f39fdaac52911ca8d36b7588fb14141c7931516a`
SHA256	`91ac032fb6cda68708766e344ee6792349f87f5366abe1339a802af93a55288e`
CRC32	`9DA0208C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	04ea25b4d460f4d2_~DF87838CD81BFBC1C8.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF87838CD81BFBC1C8.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`013d456450980052d8659e0453b795d2`
SHA1	`214e617b1e142f11cf77712a98aab6e1baed3b82`
SHA256	`04ea25b4d460f4d2c4ad21d1fc44102157b0811b570718cd78ad5379469f9a65`
CRC32	`2B8A121B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	659594d1a256a6a4_backup.exe
Filepath	C:\Program Files (x86)\Mozilla Firefox\gmp-clearkey\backup.exe
Size	40.4KB
Processes	8040 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`e77cdc13071e068a7527f29cae0cbf09`
SHA1	`0e823f71b2f0a40e445c606cb1e48b9652b2c231`
SHA256	`659594d1a256a6a44dbd3d75ecdba1354284c333a504d8b379af343885f6980b`
CRC32	`21F6C1D9`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e1f95a561dbb6315_backup.exe
Filepath	C:\Python27\Lib\site-packages\pip\_vendor\idna\backup.exe
Size	40.4KB
Processes	9600 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`103b92a2b21a70ba9d87e26c856b651c`
SHA1	`8bf1a5f2cea54d5fb3d302594e62a04999425385`
SHA256	`e1f95a561dbb6315839d949557a22408aa7457601111023fdd422eeafb008de0`
CRC32	`25008F15`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	57803ec3a9eb0753_~DF216EE5A84DB052FF.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF216EE5A84DB052FF.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`8aab42b7dc3123a79bc898b9e9cde333`
SHA1	`fd77afaa4330e9112c893b9156b4b6911f8c6ccc`
SHA256	`57803ec3a9eb07537f29d9bb3aca42d29790f38fa1e3774854d0935d3746f5ba`
CRC32	`B690F9A1`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	95fb4b0b9f7b727d_backup.exe
Filepath	C:\Users\Administrator\Saved Games\backup.exe
Size	40.4KB
Processes	7340 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`50895eefa646fa15af512a5b79851a4e`
SHA1	`dcc495d9146ce6783e092ced9454831f53e3202c`
SHA256	`95fb4b0b9f7b727db92993c9a9991c93c4b6c246958e5f736ed1d6835564be0d`
CRC32	`6BBB1FEE`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	dcf7b42e9b5f4098_backup.exe
Filepath	C:\Program Files (x86)\Common Files\microsoft shared\Triedit\backup.exe
Size	40.4KB
Processes	6016 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`8f65af8f003cd615333381c54e0a0a31`
SHA1	`a9c22d52938b7875454c5a799d7f44addcc8d31b`
SHA256	`dcf7b42e9b5f4098f2656ca0e51df3b690bf3353ae6fa090f32d6370b96de696`
CRC32	`2549D43E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1d406f999258bfae_~DF77449900CCE63F3B.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF77449900CCE63F3B.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`e4e326380b26c8179760823e6d05b146`
SHA1	`022b5528a430e4848d06680fb59b6d61aba42970`
SHA256	`1d406f999258bfae97fac8d6d29c91ed15b92e26a260578e77bda8b8defdb69b`
CRC32	`F72315EC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	34d4e3c50feaa1ff_~DF24F7630EC4B0C808.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF24F7630EC4B0C808.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`828449b5adf76b70f5a4024ac849e821`
SHA1	`e698ce071330e207580e4444c77d31d96324acb2`
SHA256	`34d4e3c50feaa1ffb56b25011b7fa2d6d1e144fac82c71140bce950d1efa5872`
CRC32	`CFD8D34D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	24ed718798b8f0e1_~DF95383995E4EE864F.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF95383995E4EE864F.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`eae39bb9cd54b141a015111bae1f93f5`
SHA1	`97d8aa6265274196dddc6fe8be24445b05afb927`
SHA256	`24ed718798b8f0e160992b67796c21b0f54548dba80e011350cd911fa9871033`
CRC32	`DBB3FCD7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	62afad38373e395e_~DFBAD07F0A011B45D4.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFBAD07F0A011B45D4.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`c93912b514c434e3162a27d45132cc4a`
SHA1	`75615c264d5a42e23e3b46571b18c97b1e3c98c2`
SHA256	`62afad38373e395e38314eab7969e6f48e5108c6cfd2c6dff82b72c34fe1b8b4`
CRC32	`75C9E0FF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	215ca6abe7b0d5fa_backup.exe
Filepath	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\backup.exe
Size	40.4KB
Processes	7152 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`ae71e0d7fa21df9957fea4024a9e7470`
SHA1	`4de187c33691afdb07cd16eb526a3d54f31af715`
SHA256	`215ca6abe7b0d5fa41fdd2448bef6fd0839b84b2fa619393397aa770c9b91cf7`
CRC32	`70D2713C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	99a6a69c9ea9b274_backup.exe
Filepath	C:\Python27\Lib\curses\backup.exe
Size	40.4KB
Processes	5212 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`84f8df33a2bdaeb2cd90aec42a9bcb57`
SHA1	`c78bc237b429e4212045e482e2151674a2f5224b`
SHA256	`99a6a69c9ea9b27439dfe48483be8c94a29324b87f409f16dd9924d67b557c77`
CRC32	`25C8EDDF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	dced1e2dece1bbe1_backup.exe
Filepath	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\backup.exe
Size	40.4KB
Processes	8884 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`8b7a28db591ea111ae5f9730f4004a8e`
SHA1	`9162f2d71685ab95be6704bee415375af0b7fea2`
SHA256	`dced1e2dece1bbe16e2d0cc40b21d76b16181c2ca6612ca6a4e848c6ce29e3ea`
CRC32	`B07D62EE`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a24e85c4d520dfec_~DFC0BCD2DE319236F7.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFC0BCD2DE319236F7.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`55c156746edf6794f13be0a3449c2587`
SHA1	`2893d4f4908dadcb4732ed05877497f436e9d71e`
SHA256	`a24e85c4d520dfecf08c13f02dfa4d3705020406854a43d70a8584a7c4204144`
CRC32	`F14E2A3B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ffb3c6d777f0b302_~DF734DB361936FC748.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF734DB361936FC748.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`8fcdadcc5cbed097e1cfc23cd7e0eeb1`
SHA1	`d7cb935395f1cdbccf948f2c310015fcb29bbc76`
SHA256	`ffb3c6d777f0b302940536cc7ecb9f205b4839ac75f21dcd7612a3218661335c`
CRC32	`5F02282D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4255e3eeb79c4198_~DF1763FB5B071178E2.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF1763FB5B071178E2.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`5b449a126ba54fdc0748cfaa4ecc931a`
SHA1	`5da956c1f798054c21c18fd492d8d8d1eb21cbd2`
SHA256	`4255e3eeb79c41987757b783a3e1634da42acac458baaa742a34ca37e3650876`
CRC32	`8B96ADB9`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	402d7e277e276af9_backup.exe
Filepath	C:\Program Files (x86)\360\360TptMon\config\newui\backup.exe
Size	40.4KB
Processes	4608 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`644af17fd57344f968eaefd8240bc084`
SHA1	`866e8eeb81adf345438ce76b897ee8a54515bf72`
SHA256	`402d7e277e276af90573bcde307efb745733b638711bd94e9eb49c615b640bb5`
CRC32	`1C0E2AD7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	97f296e481c449ed_backup.exe
Filepath	C:\Python27\Lib\site-packages\pkg_resources\_vendor\packaging\backup.exe
Size	40.4KB
Processes	12152 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`44733a8e54568dd471ae887e80012492`
SHA1	`904819c2f2daeb621c30050b69a6edae474909e4`
SHA256	`97f296e481c449ede73ba83dba86f66974f128047218825032bc46118daa5495`
CRC32	`33670514`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	49b33b331b0e0b1e_~DFE26FA517211D8F4C.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFE26FA517211D8F4C.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`a47536867726cd8cbfc7cbcebcf28d71`
SHA1	`e00a54dc620f5d745f37fd278c8d39bcab047082`
SHA256	`49b33b331b0e0b1eecdb20eab0ab24b951b608f3baa3a2a6d4df568318f91f3e`
CRC32	`0E4F3B22`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6ec3e782f31171ea_backup.exe
Filepath	C:\Users\Public\Documents\backup.exe
Size	40.4KB
Processes	9924 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`9ea061895175ef47fe02a442bf0f89e7`
SHA1	`694fe3057ec18632fa28affee898a84adb8f2589`
SHA256	`6ec3e782f31171eac9b7bae55d27d18833495138af181608b362997f0fafcc99`
CRC32	`EE6B8148`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	bb68b2cc9e0044f3_~DF314BCC8634AECF34.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF314BCC8634AECF34.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`62ed0659bc1969885512db2b71a4a9a8`
SHA1	`bafa1fb38c9a1252597e050f9030ce4a81d47c47`
SHA256	`bb68b2cc9e0044f3c9f970aed801ce8b4af04a6a15f09d87be7ca8d627a69e38`
CRC32	`2FB20F66`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c87d5907b958a8da_~DFC013830A49007157.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFC013830A49007157.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`f572cac02337f616e9bb2ef2c8dd7bc9`
SHA1	`79c0d6a2d8cf7f47a37e03b21fe7f38a59e6c070`
SHA256	`c87d5907b958a8da541df2c1a20cff1e4f2f52d862c42ba88bdee63d8532fd74`
CRC32	`F1836F01`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	fb827a91267b464e_~DF63ECD3277CFD9F1A.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF63ECD3277CFD9F1A.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`8ec81abdc98218cd33604a2455e769ac`
SHA1	`46ec4fecc00d5c0e7a6f889f8dc7a58aa5bfc67a`
SHA256	`fb827a91267b464ef0d6c06ce4a31d5af96bb425a32dfea87db94aec22fe5cb2`
CRC32	`BE808CDD`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b53176e53f10d968_backup.exe
Filepath	C:\Program Files\Windows Sidebar\Shared Gadgets\backup.exe
Size	40.4KB
Processes	8760 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`717deee2aa6f861784648a4f0b55bfe3`
SHA1	`ec3a37175e1194151a135d2a9da9f938a4d00b0a`
SHA256	`b53176e53f10d968947b0736cbf9c6e2725244fd2bb773b72780c9366990ddfd`
CRC32	`C860A786`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	22471b6583ccdeae_backup.exe
Filepath	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\backup.exe
Size	40.4KB
Processes	8936 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`66d13eb1cf3aff40bd14182b7654087d`
SHA1	`485d0b574c61b9f8020093408572e2c0681d4470`
SHA256	`22471b6583ccdeae7dd49bc8c8db583232a7f77096446722fa1127b8802bc951`
CRC32	`66C3D8A6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6cac2635eafc5b55_backup.exe
Filepath	C:\Python27\Lib\lib-tk\test\backup.exe
Size	40.4KB
Processes	7440 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`5a5ee54c20824f40313d2441825c0a69`
SHA1	`0feec0369a9f37432eabb747b8ca05a428d5b2b1`
SHA256	`6cac2635eafc5b557378f61724fde0b3a68992ecd28414f96ed346408a99c388`
CRC32	`5C12A3D4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	908c47009c668436_~DFD4F7F64639B2ED44.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFD4F7F64639B2ED44.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`b9c93556fd689b702e6d7252e23b3fa7`
SHA1	`c77da3955dabf987698cffcac69be5ec1377be87`
SHA256	`908c47009c668436528684a124af8ccd36b760e4d3c8d4ae0bc44cfb9fcc3586`
CRC32	`75726C46`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1911848f91904232_~DF11963DBD65D35FA4.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF11963DBD65D35FA4.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`fcdda2ff990cbf3286c96155006e208e`
SHA1	`bcbb4bf163d269e4c1644b1eed16b09b29e626e2`
SHA256	`1911848f9190423297d783d263e522ba989fb54313b53171ae80dfb5e7a6ba6a`
CRC32	`0D77B4C9`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	127ff91cacf412e9_backup.exe
Filepath	C:\Python27\Lib\site-packages\pip\_vendor\backup.exe
Size	40.4KB
Processes	9168 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`5f3a63bdcd7d71ef668c8b071a4c2935`
SHA1	`b0345dd0f9c2a5462107987ed923631ab9502da0`
SHA256	`127ff91cacf412e920df78da615d005f07c351eb53f024a65a32950ecf30d3e8`
CRC32	`882122B9`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	69d95b84f7fbea56_backup.exe
Filepath	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\backup.exe
Size	40.4KB
Processes	8936 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`36347f841ab8eb09c0c0c6ffe7072eb6`
SHA1	`41a08c55a368aadae9827cac2a5bbf68673bf517`
SHA256	`69d95b84f7fbea56bcec88f00860057260a7f7468b7b5de9d48a83aa70b57bd2`
CRC32	`E27D9978`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c0b94dfed7f3e684_backup.exe
Filepath	C:\Program Files (x86)\Internet Explorer\backup.exe
Size	40.4KB
Processes	3820 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`2987b15371c7ab37113843c841abc4b1`
SHA1	`097574100a7ed25435d4f1a8166a2622763a72bd`
SHA256	`c0b94dfed7f3e684e344b4d5c3d82383690c59a16d87eb52d1c5c4fd77311738`
CRC32	`7C73A9E5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	401b81e77d51f97f_backup.exe
Filepath	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe
Size	40.4KB
Processes	1592 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`94fe7293b5537a6be234aaf80248d1ca`
SHA1	`b0baeb21787208f0b64a22c2a3885a856f9a3c06`
SHA256	`401b81e77d51f97f1af65cf2ac424fd229cf33cb48224be657f77cd81e8e0aeb`
CRC32	`80C9FD22`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4e132f550deaeea0_~DFD8CDC0C3168F7DD7.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFD8CDC0C3168F7DD7.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`707cac662af17b0816c6037a1bb776b9`
SHA1	`b310066ec5a1dab5256a6a14d0ba4c1d4ff736de`
SHA256	`4e132f550deaeea08f9513efca28cbe2dad801e2847d0dd11c90e691111b1f0a`
CRC32	`6A091CD6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	532438a273b6ece2_~DF047F45EC9B79BFA0.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF047F45EC9B79BFA0.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`c063cab582699197c2edd0a53a658c44`
SHA1	`aa2162f321e77391689b2ec14876862d7e3613d1`
SHA256	`532438a273b6ece243bf91ffcf4dce07da1e900e44c4d7efacb997edbc3c2b26`
CRC32	`A765C6EF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	12bef18ebe3174b2_~DF29E4AC75B088491C.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF29E4AC75B088491C.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`5e5133e2c9565430e2a5c8c4630dbb91`
SHA1	`6d7668b1cdd3cb7cf7de633406e2fd639cd00d52`
SHA256	`12bef18ebe3174b2586140403d740afff0796bb41d5018928b2b5af7c28b6492`
CRC32	`3EFFC954`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	736452c9a1eb380c_~DF5EF2D3B429EDFA56.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF5EF2D3B429EDFA56.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`4dc90eab5a6e592c6894fd929f795691`
SHA1	`32004b1edaaed30707c04e4874f20fb8e35e7627`
SHA256	`736452c9a1eb380cc8cb44ee44f1aab836d1f7d917f805323940ea727c9a25ab`
CRC32	`002088C7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e8c340dd1a315c6c_backup.exe
Filepath	C:\PerfLogs\Admin\backup.exe
Size	40.4KB
Processes	2116 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`b8c76b36e5bfef1eaf1551d89c3740c0`
SHA1	`d405b575f9751c23424fdc57263b5fe7c99f0f30`
SHA256	`e8c340dd1a315c6c546c04c2de9abefcbb4c8afb33d2423d572012edced944bc`
CRC32	`4AD2D2D1`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a450accb0bb3a81a_backup.exe
Filepath	C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe
Size	40.4KB
Processes	1592 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`4ceca2c8b82004aab00f1c2290622760`
SHA1	`b15d7821d7d2b166cdb6ab62502bd9f60a245966`
SHA256	`a450accb0bb3a81abeba066f9f579e9e77e73acb2965755ec8393fb5eb86efbc`
CRC32	`897FB109`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d5d5e933364e4246_backup.exe
Filepath	C:\Program Files (x86)\Mozilla Firefox\defaults\backup.exe
Size	40.4KB
Processes	8040 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`d9ae39f13fea56a568402bc05c0a927e`
SHA1	`d131dfe0c44ae526cbe921925d3f3700fbf6bd65`
SHA256	`d5d5e933364e4246a28a6043edd806641debb0b8c608e9d86e98a9391f1c8ea6`
CRC32	`B8FF9063`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	75637c6d95c6a87f_backup.exe
Filepath	C:\360Downloads\backup.exe
Size	40.4KB
Processes	1836 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`fc04465787920cd4232b6887177b2130`
SHA1	`974f753ee45720bece9709fbadb72fc9dca60537`
SHA256	`75637c6d95c6a87f559c86c2b83ed08dacd12737e2350fc3d94bd20e8e1951e8`
CRC32	`71C2AFD7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b0cf3d00f642de89_~DFEA9C2578F5D39A1B.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFEA9C2578F5D39A1B.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`5a950f80393c285f1063359379cb388d`
SHA1	`ab0800ba2f274f26779150da253fa76bfed97e84`
SHA256	`b0cf3d00f642de89f553ffa3d81075eaf39a98ae415ae6e35f83dd80ee10c48b`
CRC32	`31F81B17`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	040c1ade336dbe38_backup.exe
Filepath	C:\Users\backup.exe
Size	40.4KB
Processes	1836 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`4f74c460127a3f9463abc2caad2d9b88`
SHA1	`742e56e3ccc940fc667660ac1ade07abfa585802`
SHA256	`040c1ade336dbe381910e29ee8cea6305fab7b6f75bd1904fe3b09bb2246f2f1`
CRC32	`6B187BAA`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3e8922952c6df375_~DFB4485852177010AC.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFB4485852177010AC.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`0af5d86f24b0b00dada937f3d26bab37`
SHA1	`b41bd21b6e8eb3b048d7a267b0d7c6181b32d354`
SHA256	`3e8922952c6df3757e70469c22595695b6b4a3ce868fb178a78a69972770138d`
CRC32	`BEB1AD0D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0b700b245c22b6b2_backup.exe
Filepath	C:\Program Files (x86)\Windows Defender\zh-CN\backup.exe
Size	40.4KB
Processes	10748 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`c2bf54bb50e2f197b15bfd9eba88b8e3`
SHA1	`054e8f18613984fd406c90d995d14f5be4e01993`
SHA256	`0b700b245c22b6b2296e6b2dc877e52d3df9d817de00926e91ddce8c43b9bc49`
CRC32	`CE0D7F24`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	624899b9046461aa_~DF48251A1C461765C8.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF48251A1C461765C8.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`ab0891c3fb9b2a2ea8eaff37c13cdea9`
SHA1	`db553c06f4e22637aff98866c0d4ace5709841d9`
SHA256	`624899b9046461aa50016cb8b23095b5f095ab588421f05611823981c5326da2`
CRC32	`BC312927`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ee9cce9fe58a681a_backup.exe
Filepath	C:\Program Files (x86)\Common Files\microsoft shared\backup.exe
Size	40.4KB
Processes	5700 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`5adfd15d35a5109b49345f5062e7ea10`
SHA1	`f284d7a64f24590185823b54d37cf65c61501a3c`
SHA256	`ee9cce9fe58a681a15976803c99f27397248014c028906fd35a4971d4a84d868`
CRC32	`BA4D455F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	20e2059af828afff_~DFAC77CAB34A1BD31F.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFAC77CAB34A1BD31F.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`53de9ed849365462257b17399d114ae4`
SHA1	`a09425b5fcb6c049dcafc780abd57b155db72dd4`
SHA256	`20e2059af828afff2bfc094a771521b95a0085f0bca2314162f7295b45b7af65`
CRC32	`3BC5861D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	02648249c4597d4a_~DF87D9FEC968C0F6A5.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF87D9FEC968C0F6A5.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`56029364a77802d77d542b8f2bf7d476`
SHA1	`56e2f9c60ad0035c16dee71ebdf52a0f24460881`
SHA256	`02648249c4597d4a35549a62871ea7263a33bde58316256dcb7e8923dfd14283`
CRC32	`686BDA38`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c12051b54f39293a_backup.exe
Filepath	C:\Program Files (x86)\Common Files\System\msadc\backup.exe
Size	40.4KB
Processes	6768 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`a2108ef07364ea77edc17d5592255f71`
SHA1	`6b362b3a7ec85354bfc9473bd39ce318c81d5117`
SHA256	`c12051b54f39293abc030b14ee502c18ad0ec84b814e92208b1fc75a71eb87ef`
CRC32	`B6E21A61`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	740336571999956d_~DFFEB9CCC5F468631F.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFFEB9CCC5F468631F.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`b76d052ff91796f4a0e6f7c6dbc48b2f`
SHA1	`bfbe8c5ce4f1fe35a87b079c2ab818afc3935680`
SHA256	`740336571999956de6bcac8e0a1a0a2143e2299421b151c9316a86f9342bff46`
CRC32	`9E76D12A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	fe1fa9dc1d7c11a1_~DF6E8EA40FDB3D3E6F.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF6E8EA40FDB3D3E6F.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`de7911573a3ceb712a00eaa69162f703`
SHA1	`a8e7bb685ea6004e11b66b3cd5fe47fa7c72410f`
SHA256	`fe1fa9dc1d7c11a1c9e7121ebcaff86c3d1aa0d9e684e6b5e640396de85d2f4d`
CRC32	`10975C74`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3d5538d9c3d69b50_~DF90FAF732EA4FCBAC.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF90FAF732EA4FCBAC.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`54a933fcf9af5a918f3fa019c83b983e`
SHA1	`708eb79a7dcde9c60bd4dc5cd37f28121ca58d1f`
SHA256	`3d5538d9c3d69b50e8325539847defeeaeda02f645fb349540204a6322077dcc`
CRC32	`15C42E0D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	cf5de149abd5fe51_~DFA68FCBDA63598AE8.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFA68FCBDA63598AE8.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`100a7ab6c39ebe391f8d2b4929b16c89`
SHA1	`7fc659f932096395df3afef57b2030c1b313b255`
SHA256	`cf5de149abd5fe51ff33d6fd139aebbc77428c454df060b2bf536667402ab1b4`
CRC32	`2D00B59A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	275fcd9e6fb0efc9_backup.exe
Filepath	C:\Program Files (x86)\360\360TptMon\netmon\backup.exe
Size	40.4KB
Processes	4972 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`142bcd16c82ccce45713b5101c2bac4c`
SHA1	`7b366bb6c45b50d22627a1749a0595e05feb1696`
SHA256	`275fcd9e6fb0efc90e35983005df10abc1195c971a675e30775775ace80d6f67`
CRC32	`832129BC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b51117cc12bfdddf_~DF9060AFB0C56A6147.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF9060AFB0C56A6147.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`a6f43e3c31a1ad09267cd7a04068762b`
SHA1	`f87c1cf8c7d9f4c290312abc4720163e79422a11`
SHA256	`b51117cc12bfdddfd5bef085d8b40b15979024693a4d256856cad76fcbe18ad9`
CRC32	`58639BEA`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	fcad05145ae14efd_~DF010842B6E44BC325.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF010842B6E44BC325.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`5e30285db03bf067e10c3e4e1e697690`
SHA1	`bb82d58857153fc2b779e0b123c40f6ed424873b`
SHA256	`fcad05145ae14efd0f96453b022fea26375343bc7d305d698909ad21bbd27b62`
CRC32	`14D31BDA`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	81be0c5ddb36a824_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\{703EE0D0-03E0-4208-AD79-209AC865266D}\backup.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`31e002fe479731ecdb706c89a0303197`
SHA1	`b518260fbd55eac27f7020db672e7917a72243fa`
SHA256	`81be0c5ddb36a824d1c570da52172ce98de5efca0fbc67a3343073900483d442`
CRC32	`19544F6F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	598464a5c923b56a_~DFBB96F0DFB5CF188C.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFBB96F0DFB5CF188C.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`c1656eea5d148258519b98369c935c65`
SHA1	`8f2c26820dfa686f719d1368dbd20ab353a6ddea`
SHA256	`598464a5c923b56ae91d6746b2ccc7471469bacd4a5c7b9076143414e050db46`
CRC32	`AE6F019C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	afcd75d3c21d1be0_backup.exe
Filepath	C:\Program Files\Reference Assemblies\Microsoft\Framework\backup.exe
Size	40.4KB
Processes	6972 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`337de4bdcf5991faee1dd940b232e11a`
SHA1	`b73fdbf0b45c3800446dbab85cf9afac3e46e541`
SHA256	`afcd75d3c21d1be0444a78bcfe082f313adc56c375cd8a6fad9dee1bec13e88d`
CRC32	`EC31C0E3`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	39d92847fb57f5b8_~DF9FCE1618E81F8AE1.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF9FCE1618E81F8AE1.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`44e57bb3f536d0878e8a28a7652a3f50`
SHA1	`3e8c8e15df43c307f419445fc862b8f4672b6755`
SHA256	`39d92847fb57f5b8397ca67fbfa823afc49348961d42f751e7f05960446757d9`
CRC32	`BC74FA21`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8a7c7c63c4eed686_~DFC0401345F1617EBE.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFC0401345F1617EBE.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`45201ccf07523a59aea1589e94a005d1`
SHA1	`943ab3667644e7afe60a6770c25c6543aa896bab`
SHA256	`8a7c7c63c4eed6868fb9a5f516cf2e3a51c5e5ed11df9d6612f6d5406111dc6d`
CRC32	`5A2B7225`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	bb70b3698b8c95d7_backup.exe
Filepath	C:\Program Files\MSBuild\Microsoft\backup.exe
Size	40.4KB
Processes	3116 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`1cae61ea8d2e9ec7a24b13e27ad84e24`
SHA1	`0e752f547025855d28f721078d6026d7dad79787`
SHA256	`bb70b3698b8c95d7feaf9f4378d8e455479c3365ad91c86231516af4ea0161be`
CRC32	`4B474924`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	bca9c9784c12841a_backup.exe
Filepath	C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe
Size	40.4KB
Processes	4132 (data.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`c9258bf39591ffe0a97c85e7dfaf22c7`
SHA1	`eedf09811bd70a87e9fe756c1500414d9c9aab5d`
SHA256	`bca9c9784c12841a7e943e5eb863901d1adfc061810d8b4ce0b839edccf87e9b`
CRC32	`6D8B91EA`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ff8f35f1f55714c3_backup.exe
Filepath	C:\Program Files (x86)\Common Files\System\ado\zh-CN\backup.exe
Size	40.4KB
Processes	7064 (backup.exe) 7264 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`700aa829699f8a6b8ee339ca423bf331`
SHA1	`bff219223549bad1ca4ac3ccfbef6ef0c7c7bb0d`
SHA256	`ff8f35f1f55714c3ac619972290d8e9c6c3f8687299ea25bab2bf61206e93b55`
CRC32	`B51C894E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	bbadc9cea68214fb_data.exe
Filepath	C:\Program Files (x86)\Common Files\microsoft shared\ink\data.exe
Size	40.4KB
Processes	6016 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`3319d41324fb5cb872f4548af30af895`
SHA1	`c8dd982463515295eeb59242476fed7681fe4e94`
SHA256	`bbadc9cea68214fb3e9338c1c124bb87673d94012c370b874932bd366e2f685e`
CRC32	`2CFF9815`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	392edd7fda0eabbc_~DF92856EF46B44DF6E.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF92856EF46B44DF6E.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`5764437941ce7432644a4bfa8c5ab3f7`
SHA1	`26993bf210c2cf15192ca86fd585926abfeb51fa`
SHA256	`392edd7fda0eabbc20f386a1c358145d78d2c3691c5aa101ae7163b9fa859396`
CRC32	`5F6333D7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	dd0a39df9111c55a_~DFBE408890709546AC.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFBE408890709546AC.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`82c9d366f4b03af66a0bceafa7b2a95b`
SHA1	`890dcbf76d1cbeb7df1eaf5516548c665ebd1855`
SHA256	`dd0a39df9111c55a75b8a2befc0de5173662b4cdf04cbc8e5146c76acc9b40d2`
CRC32	`DA4ACC2A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1ece964ab54945e1_~DF1486AD54ECAF5ED1.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF1486AD54ECAF5ED1.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`9caf81fbabb5cbe9cffc135962463b40`
SHA1	`e6a8c9fa382c7ce21d2bf62fe9c609abe0c9f133`
SHA256	`1ece964ab54945e177ea2bfcb7f0b28c2697cf52c40e25f5702fbc00596f89fe`
CRC32	`53D84111`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ced8e2634f4d284d_backup.exe
Filepath	C:\Python27\Lib\test\subprocessdata\backup.exe
Size	40.4KB
Processes	11520 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`d421e302482a9b477fa7533f2affeb26`
SHA1	`f0c535cb7c67a53a9fa306d9e5dd880dd9ce79da`
SHA256	`ced8e2634f4d284dd1e5ebdfc7143bec8c7c6cb5772004e39e0b19466015bc4c`
CRC32	`C0073DC8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e0d2acbd7a21ab37_backup.exe
Filepath	C:\Program Files (x86)\backup.exe
Size	40.4KB
Processes	1836 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`6febd6f43a0cf0709caf885516397399`
SHA1	`6ac7dbe94e5ad9e9c8cfdb250a0606a6c351c947`
SHA256	`e0d2acbd7a21ab3735747dfbed5a6b976841a5c69ca97109a80b3afb7f05b014`
CRC32	`29AAE3C6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	61961a0c057ae9d8_~DF6DF0285739BBEB19.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF6DF0285739BBEB19.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`6a1ae56981e2559374e088c99c3fe2dd`
SHA1	`2d40d4181cf09a2290bd6b09e4349220b4c7adcf`
SHA256	`61961a0c057ae9d8572b67b8ba529ab7203d070818356a5495730d235569934a`
CRC32	`EADC68E6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	dd5444496b08629a_backup.exe
Filepath	C:\Python27\Lib\idlelib\backup.exe
Size	40.4KB
Processes	5212 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`0f3ecc30e5cb27d12ad3508ef1f6791d`
SHA1	`5e9c99d2c845e9e92319af16a8d597faea0206d0`
SHA256	`dd5444496b08629ade2251b245278a07442dd652a6911e81de1d53a341c1ac1b`
CRC32	`7ACD65D7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6a31732dc29ab116_~DF142752AC1C33C0F6.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF142752AC1C33C0F6.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`87347ec1b355713d91ba54df4d602a9d`
SHA1	`fc68c81a30f1ab64b328553d244e10c48eb2d0f6`
SHA256	`6a31732dc29ab116210b5196d7024bd5245306bfaea5d9a8597c7520d1a7f6d5`
CRC32	`61D35B37`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5622adc34453411b_~DF5C41E8DFD1CCB3B0.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF5C41E8DFD1CCB3B0.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`6a1f5d0c1ee143499c7e1cf0bbf17e1e`
SHA1	`48c5ddcc4cdf145f4ee5e90ef399d84220ab5162`
SHA256	`5622adc34453411be68f70d31873c7cd6a48c9dc38d527df724099cb88756f01`
CRC32	`825ACB94`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	10f1819a67871977_~DF1F63F5D905129F41.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF1F63F5D905129F41.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`3cdfdf14af11076d89650797d045f8f2`
SHA1	`aa6dafbf13d008996da8ad65dbdee29371aea793`
SHA256	`10f1819a67871977ecbe773c243a279bdb3f353ca6de6d9fdd9285723be97e25`
CRC32	`57858B69`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5e601efbc639d217_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\{19BC8D80-7DBA-4eaf-BAA4-7EFDD485A62B}\backup.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`ed7040b0fe38595c88c98474aab4f0dc`
SHA1	`53929cfbfaa9c9f847cdaad32f64947fb527b5f2`
SHA256	`5e601efbc639d217cabe854af18c2557a7951ebe80e09652d16ce926cb078ec5`
CRC32	`A1E9EA60`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4e589a7b390dce6e_~DF770299BEB8B50116.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF770299BEB8B50116.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`a80cf367f401be670d8b8e65158af136`
SHA1	`9b22c50101142914e1bf1e238231becf2caf0f5a`
SHA256	`4e589a7b390dce6e7e25c710af05edfefe6bdfcfb5dc99efacd3cf3544807684`
CRC32	`893948B8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	13ea71ac4ccc224d_~DFB679A97E640EC0D9.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFB679A97E640EC0D9.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`620be6a0b4e1eec57d4ee1cac4d35f53`
SHA1	`70d9a8af21d30ec3b3d27bff2c2e46836f5cbfdc`
SHA256	`13ea71ac4ccc224d42757811af3831327e947b1a14f29be61a9e5990cc422c3c`
CRC32	`F4BA600B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a5981f24d3f54057_backup.exe
Filepath	C:\Python27\Lib\distutils\command\backup.exe
Size	40.4KB
Processes	6336 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`e5da2ea35698cee03692681e8cea5290`
SHA1	`8ce624f86a9e350c294b86fe94cd83b0f2b798f5`
SHA256	`a5981f24d3f5405745f73535791453558419a07886a5354a305eaffae3e55828`
CRC32	`B1C0C8BC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5df79fa5da1bda47_~DF64C0181527CB3FA5.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF64C0181527CB3FA5.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`cc79bcce77403ee472a0643105baebff`
SHA1	`0e8d203a9b1494f8c84052b14eafaaa679833a18`
SHA256	`5df79fa5da1bda47642eaec6fd2b88b3207f513ddb7bc54dd273012a4914e261`
CRC32	`095C4220`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f1c650fbbc3c3732_~DFF3806CEFD62F7A5E.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFF3806CEFD62F7A5E.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`3b8e25715f40ff929f0142cb8589d2fd`
SHA1	`ca3311251399fc0c9e7f3ba725b895729e956a61`
SHA256	`f1c650fbbc3c3732b05f90c466aabfe4064259a77504319f61896400da6bbca3`
CRC32	`F3189527`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d5a7d2c3da0e7696_backup.exe
Filepath	C:\Python27\Lib\lib2to3\fixes\backup.exe
Size	40.4KB
Processes	7936 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`c5dd60b0ee7f5cb57460aa2c8a760af8`
SHA1	`da921274171418a3c4e5296f7979ff3b21182c61`
SHA256	`d5a7d2c3da0e76963db952e9805f7abff27f967507ce1a56086dfa010bc18b33`
CRC32	`28F52BE9`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3ecacbaf8504cc82_~DF5A44E2573E7A3B54.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF5A44E2573E7A3B54.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`a25da8bb564759876a2195e05d721218`
SHA1	`b54ff286b35868487144508ca59009d1646576b0`
SHA256	`3ecacbaf8504cc82a854dce89f8cc9aeeb0474a5c4b77b5d425471a85084699e`
CRC32	`A751B356`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	db4f1e606ba800e9_~DFC4B18EB38C8882BF.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFC4B18EB38C8882BF.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`547b21a7827ef2c3904533f17d7a0d8c`
SHA1	`4673ae36c955f68c8edaf9c426ad329a55863d60`
SHA256	`db4f1e606ba800e92d14a9e267f60b6130388db8b695a1b852230539ff05b672`
CRC32	`41E8C271`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	edcdb6849bfc3302_~DF2F70CEA5D3A287B2.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF2F70CEA5D3A287B2.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`990f558436b1b02c3228f83c1281a6f6`
SHA1	`a842b274d26bd0d75171bd54cfeebe833c4db5fc`
SHA256	`edcdb6849bfc330246590bb4ba600753987ef07ba22c0db6de0889b02b0fcb3b`
CRC32	`F72D6592`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	44f08b71b7d59444_~DF758C82AF8E81183D.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF758C82AF8E81183D.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`84064ea9b44bb6ce03c17d393246d036`
SHA1	`252737044802074119ef8758f1d5354ffe0125d1`
SHA256	`44f08b71b7d59444d370808c129687edaa24cb9bd9637184fd0e9c53602a2464`
CRC32	`A5D315CB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	26723f132722d5ff_backup.exe
Filepath	C:\Python27\Tools\backup.exe
Size	40.4KB
Processes	6004 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`c3cf2c6d03b56ddfb4141402dc4c62b4`
SHA1	`986a34541db75a455c9b42cb6c1a6abd119fab35`
SHA256	`26723f132722d5ff1d01cac413376cb8d6ce85a080bd2319ce546ba665a83253`
CRC32	`62BF0183`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	23112507bb717ebc_~DF2549EA4765510058.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF2549EA4765510058.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`0ddcbd56d8670bc03088353923e51a4b`
SHA1	`1f87d6f0e00eca0480e70a5fd14ceb888a23c0f6`
SHA256	`23112507bb717ebc4eea413a050cdd12510ebe24572b46ab16fb63b5171add18`
CRC32	`88A45D21`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	57803ec3a9eb0753_~DF9075BF6F36D20CCA.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF9075BF6F36D20CCA.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`8aab42b7dc3123a79bc898b9e9cde333`
SHA1	`fd77afaa4330e9112c893b9156b4b6911f8c6ccc`
SHA256	`57803ec3a9eb07537f29d9bb3aca42d29790f38fa1e3774854d0935d3746f5ba`
CRC32	`B690F9A1`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7919fe099e387ef5_~DFC92DCB54873C3F68.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFC92DCB54873C3F68.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`52ed6dc1846a20047501f7789ed1b465`
SHA1	`4f437bfbdee470345d572fab9a167c204d93cf7a`
SHA256	`7919fe099e387ef5f7cdd26415c0fbbfdbdd5ca06093300fffb7edfe3d820b42`
CRC32	`77E8600C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4cc862535ea37b7e_~DF48B365D2E68D904C.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF48B365D2E68D904C.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`11720e723bc1b339b8d08e8aa87517af`
SHA1	`3ea8e5422b4a8ca072332e3048c854cbd6fe92b5`
SHA256	`4cc862535ea37b7efcbd8ad3df41d1db0d174c2ac20779f3367592e41ac454bc`
CRC32	`83AED945`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	87d1684efe7dc902_~DF2C1407EE51BA936C.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF2C1407EE51BA936C.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`206e51e2fc70992eb85869205933e581`
SHA1	`afb612ab38115ffd393ac44447f2b904c48bf9b9`
SHA256	`87d1684efe7dc90257b8e5032ddbbab09c089eee3f9e413146ab25ab98007456`
CRC32	`399C20AB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5e2d571719c99b75_~DFB1E1F126C2E557F2.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFB1E1F126C2E557F2.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`46f03c84fc5bfd5af0f804718ae24dfc`
SHA1	`63ba4edb76b7dc85f95474582ee414fbf9a0db0a`
SHA256	`5e2d571719c99b75ca198e0133081d092b0c5428f9272ce1db0899174e561fce`
CRC32	`B4A30520`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f483cc153cca60e7_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\{B8DC779B-6BD8-4d6e-AF53-7E317016E2D0}\backup.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`006e0ce283610128de3f19b50832ffb4`
SHA1	`0134aaafdaa35ee65b5e498dae2f9a7c0df5ef27`
SHA256	`f483cc153cca60e796664a9ad154ad95d504dd880ad975afe129d8bb3da738e2`
CRC32	`6088F7CB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	95197cce03fdac13_~DF696912B6DF20E90E.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF696912B6DF20E90E.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`f848dc74c6415479f2012173e0000212`
SHA1	`ec920b553a4fcb5028f735c98dcb3ee5d741d2e8`
SHA256	`95197cce03fdac1302eaf06c6950be208b1433cd275f466fb0c9352f41c9eba4`
CRC32	`ECA0A48D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e8a5783a2872f53a_~DF71AD0971DF669267.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF71AD0971DF669267.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`38af7f943f0938089a9774029a206a2a`
SHA1	`232b7c773d7b81d5fbc46fb1a4058bbd5c4ecd95`
SHA256	`e8a5783a2872f53ad08c4abb158bfce9773d2322a5540d7f37a8a422a2669cbe`
CRC32	`BD4F8FAE`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	37aace231068712e_~DF6100B6A6FADF1553.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF6100B6A6FADF1553.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`bf2a8365f6e706eea0ae999b8a22b24b`
SHA1	`d2cf6535135c542c8eadbc3131ecece0cf32fcb6`
SHA256	`37aace231068712e1978ed2d23e77fbca87769ae8e946a4b8c8a0cb195791593`
CRC32	`AAED0B4F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	31620db695a4178a_backup.exe
Filepath	C:\Python27\Lib\site-packages\pip-19.2.3.dist-info\backup.exe
Size	40.4KB
Processes	8828 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`4c872479b27797e1a1a85956a0b853b7`
SHA1	`1a63fa88818d88dae638c177ba1646e6f457e09a`
SHA256	`31620db695a4178a02f9b18eba84aecefa9841632c9a203abecc0d3070caa272`
CRC32	`3917D46C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	344f46bef07551e2_backup.exe
Filepath	C:\Program Files\Windows NT\backup.exe
Size	40.4KB
Processes	1404 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`3e8a41638f2cf5011ef1c7aee8973328`
SHA1	`a8938a335b0c1bf1f809cc3ab649ec8f2d6de167`
SHA256	`344f46bef07551e2fb803aabe879c92a53fbe3abb12e8edc8a22e446d9cba388`
CRC32	`C0B71B3D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ce54cab62357d1a6_backup.exe
Filepath	C:\Program Files (x86)\360\360TptMon\netmon\360sensordrv\backup.exe
Size	40.4KB
Processes	5796 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`ea4046ec1ca52483323bafb1593cc018`
SHA1	`54e6cca45178285b06f34ea5f16b4fb047549e30`
SHA256	`ce54cab62357d1a6e6ce84024247b70257c5b55725c8a18450542fd076168576`
CRC32	`6AAF1CB3`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4119ca5cb59822b8_~DFF2D4E33D542308F0.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFF2D4E33D542308F0.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`f8d574865e370aa674682191fcfa304d`
SHA1	`872b3f5e2a5a392cf44a6d8dc4d847453b4cb359`
SHA256	`4119ca5cb59822b8d04bc35c43871fb38068a0792474541bcfa9141bb2b1d7ed`
CRC32	`7473754C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	241968e5f1463197_~DF65AE9D595D8362A6.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF65AE9D595D8362A6.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`64ef72d6fa063d058e430d152c816ae3`
SHA1	`587d3ac1de5df3a06027df25235378f6853ae7de`
SHA256	`241968e5f146319793ef37d25d32484a7b543adfd47cf0ff8e787efe342bcf80`
CRC32	`269ECDC8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	121da31e7bce0e4d_~DFF357BF8EA08C6D79.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFF357BF8EA08C6D79.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`15f51078b41c8cd10b57a17e384bdce0`
SHA1	`e56b067c998c397e2e499bd856856fcb285b9bf2`
SHA256	`121da31e7bce0e4dcc61d43f4fad90467de4f66f4715c6c2b1c51ba8c158b015`
CRC32	`E5DE1C3B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0db00ed6a916b612_~DF1B2CD105E70E2DA5.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF1B2CD105E70E2DA5.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`0de10b24193c4f15942e1d9a8781f78a`
SHA1	`cc60ff1338882085fa0419e03b7fd59a90fe8856`
SHA256	`0db00ed6a916b612e72838fd9e5291a7d02a89ba08377db7c011aa9d0152fad0`
CRC32	`864BD88F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	634c1492eb7229ed_backup.exe
Filepath	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\backup.exe
Size	40.4KB
Processes	9112 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`27023882f4b76ddfaac955c2381da191`
SHA1	`324a83bc3547126a33dad6865f6bc5ad8ac4ac00`
SHA256	`634c1492eb7229edf330341ab062dc143a55707e4017a00ca2e56e8d677a9d3c`
CRC32	`2CC449BD`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9eaf89eb045cd6f8_~DF0900F7D68862F6EB.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF0900F7D68862F6EB.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`731e39ad7786ef89e345b01e819afaa2`
SHA1	`079aa1db0f7c7afceca164c22acfd3b67955d614`
SHA256	`9eaf89eb045cd6f80bc03a4d0f892ebce8beb99f0849b1ad46617a883ebca649`
CRC32	`D14CB0E4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	23761fab3036e39d_backup.exe
Filepath	C:\Windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\backup.exe
Size	40.4KB
Processes	13628 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`9e61e4d5ede9209a8bed3585e85fb649`
SHA1	`cee6654c5819b4376327e9d0eed5d11bfe84796c`
SHA256	`23761fab3036e39d9ddce3c8f4ae618e0a0268e090fb8b23c6acdacc489c4000`
CRC32	`46D72D34`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d9a8762951b0bf3c_~DF5729D7737C7E5A15.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF5729D7737C7E5A15.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`0e5737b916f31cf84664b42e53db087b`
SHA1	`3d676d1981fb55ac000d191467a5af14d2189995`
SHA256	`d9a8762951b0bf3c9c6e39afc27bf61d115686aa30d2b12251bf839a9fec9f04`
CRC32	`D3488496`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d38997875cdaceb6_~DF043C8B3F381138F2.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF043C8B3F381138F2.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`99509e34a1a71de5a46aed3cad68f3e3`
SHA1	`b09fec9e084a4d2ca9b4b36a14af2247d62e90f9`
SHA256	`d38997875cdaceb6eced7469af7ea5906551a54be5a10e1d980f6cb8dd3282f7`
CRC32	`E56F4541`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f0b1e094c43f8c3b_~DFE3A90F11C2B3424E.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFE3A90F11C2B3424E.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`28951cc97174f088dd1539998a3fa089`
SHA1	`5dc18773f44f3244f91158ee2d89ff8f143122b2`
SHA256	`f0b1e094c43f8c3b00b409926e5addf9b385c6dc5ad98bfbb4fcc6041abb1361`
CRC32	`811763D1`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	90dfb37fff86c143_~DF922BC9E5C8ACBDFA.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF922BC9E5C8ACBDFA.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`a47e604dc55e4591b3730523f21a1203`
SHA1	`2fe4e2f105f324b77850cd145b133a68df1fff00`
SHA256	`90dfb37fff86c143733a42cf59eed80e321729d1941b22b8f9c8b18409dbd787`
CRC32	`44647CB5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8c8a55ddba3df57f_backup.exe
Filepath	C:\Program Files\Windows Defender\backup.exe
Size	40.4KB
Processes	1404 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`62e9b042bb02b9c2f8e3c6d00fc75d5d`
SHA1	`b115049f80ebcab013de6b481a84b3b49eec2938`
SHA256	`8c8a55ddba3df57f1ee169b77cc655065a179ef29b1a9806e8fa1dd298530714`
CRC32	`01D60696`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1dcd668f4859ed15_~DF890BCC8795CB79A6.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF890BCC8795CB79A6.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`5f261e7df4ceb54f3723c76fe55971c0`
SHA1	`78258da1b4e2c31c86d882c95a5769ce89e9bdfe`
SHA256	`1dcd668f4859ed15a17a7965a4dede241c0424ae65591c92673a0141400c094d`
CRC32	`1CD87A69`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1af7aa58ff38133b_~DFF340DCB7F575B237.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFF340DCB7F575B237.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`0449bf71dfa688055fa8fa1d577f4618`
SHA1	`ded539487ce19002c7db60fffa1275de0196362b`
SHA256	`1af7aa58ff38133b16a5ca5a784133ee69a18a767c917d8f8ea00c549a37b5db`
CRC32	`58521460`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a6d543f5721d6494_backup.exe
Filepath	C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe
Size	40.4KB
Processes	2980 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`4d093735504e840a590c562119aaabac`
SHA1	`43db02d126aceaa367f8e6417f7e479d8f842579`
SHA256	`a6d543f5721d649451af44f5820819080fb5be4491aa4becf4564d38105778f3`
CRC32	`5E448620`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0ecbe22c293689c3_backup.exe
Filepath	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe
Size	40.4KB
Processes	1592 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`e98df4bf22e1bf19fd748e29d499313a`
SHA1	`f855805c38d47875d528a9df736f319fe421a9c9`
SHA256	`0ecbe22c293689c3a6fbd0dd2c7c05fbee4694751576827b59d72b6c01b74314`
CRC32	`6EC79C0E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0c41f972b496aed2_backup.exe
Filepath	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\backup.exe
Size	40.4KB
Processes	8936 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`b49b37e5efa73c57494750d087c296af`
SHA1	`33a85fbfa6000863306acbc198687c6291991197`
SHA256	`0c41f972b496aed2f1ce16ca3adaa526775bb54231855bdac38657c7eb60adea`
CRC32	`88CDB98A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	87ab77dc0f2cacdf_~DF917C88D4EBE0392F.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF917C88D4EBE0392F.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`3d60146eff90bf95e9d7edd24255d120`
SHA1	`db68c4d5bb06a9bec54adce5ea6fe3cd605d4478`
SHA256	`87ab77dc0f2cacdfaa250444ae01c277c0cb905a2ddeb1660e9a85e75e71112b`
CRC32	`AD7CAD31`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c4713518d76c38b9_backup.exe
Filepath	C:\Program Files (x86)\360\360TptMon\backup.exe
Size	40.4KB
Processes	3300 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`805062037ce78f04ef617020d11c6c77`
SHA1	`3fc4876b9398ef58662b8bb8b0ab3cbf9e34e057`
SHA256	`c4713518d76c38b94859b53ae8c87627aa342f6c09237aaf2baa44deca3ff422`
CRC32	`AB980F3C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	daca51d76f927f8f_backup.exe
Filepath	C:\Users\Public\backup.exe
Size	40.4KB
Processes	8088 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`d0875e8cbe8a7f2534d86a16eb2715d3`
SHA1	`1e92d4f01f93c91bdd63728c3c89971d578fd55c`
SHA256	`daca51d76f927f8f5b6f6fd2c7c03715bfd564104cec08d1626636968152edb6`
CRC32	`355EA837`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c356f0fbad969469_~DF6AD384B50589CB44.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF6AD384B50589CB44.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`cf597db6752fbbd736bef301f621f777`
SHA1	`3f060383c02c83cee53a9d8e79cce9edeb42cc5f`
SHA256	`c356f0fbad9694691ab0427aa44d3f98513802a044190b4b74a7d1f46021c5c5`
CRC32	`EDDB3819`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7b7a71ec0d91aad0_~DFF8663048E9BC2534.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFF8663048E9BC2534.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`ddf1cdb7688256e9627cbe0f4ccb74a6`
SHA1	`83a72b5c96aea784587c367f6ae766db05dc1464`
SHA256	`7b7a71ec0d91aad041ce0822f111bc25bac938a17c818ac1c625b62708a255d7`
CRC32	`31CB2A7A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ccc4d9edb0f5c592_~DFFA80EDD99FB07120.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFFA80EDD99FB07120.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`0802cb14035da6a418206e2f3b6164bc`
SHA1	`2c1e7ab7a3d56f60e246076cbc2816b354213944`
SHA256	`ccc4d9edb0f5c59254cab91cdf2a538aa94fb368dd3ccc779111aa5eff5e637b`
CRC32	`365BC148`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	25913d73ec0b6037_~DFE67576842A5E05B9.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFE67576842A5E05B9.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`7d7abb5c690a6b4372285c0a4f0623d8`
SHA1	`ad5f68baa95bd85e35c8ac7bc8a44166bcd8c4f4`
SHA256	`25913d73ec0b603738a0ed3caf081c68f6122ca312bc187b3bc329c3ca94d969`
CRC32	`89A59620`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c7597492fbcacf30_~DFA200F44C64E6CC01.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFA200F44C64E6CC01.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`ff7821ef8acecaec816f96e20f32cbca`
SHA1	`c5eb62cc11155c4de156d7c53d51cbb33df17424`
SHA256	`c7597492fbcacf30cdfc7b9eaf093c5a3e2092c9dedbcc7d8f2a80a91513d7c5`
CRC32	`3AFAB2AD`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	28ffd775113bc1ca_~DF74FF42BEE62CF109.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF74FF42BEE62CF109.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`de3f57cf92a3184027149839249cfbfb`
SHA1	`3d2d57278244cac4c70701c1912e2eacddaa5add`
SHA256	`28ffd775113bc1caebf6c9a14d79da173f3c31f4e84fe5ecdd69a682f657e6b7`
CRC32	`90B1FCE6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	abc1e772819de9cc_data.exe
Filepath	C:\Python27\Lib\email\test\data.exe
Size	40.4KB
Processes	6792 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`090756d93f166b28b4938dc619d63f41`
SHA1	`bcd9902a95c86470744e4fde0a3a70e9b253ff4b`
SHA256	`abc1e772819de9ccac82a233f2389d9862bb14f76c083d260b437b9949aa496e`
CRC32	`5E0CC3A7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	63e1ca750a250dcc_backup.exe
Filepath	C:\Program Files\Windows NT\TableTextService\backup.exe
Size	40.4KB
Processes	7456 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`bd89cb7c2651729f1efad899b5f6ad4b`
SHA1	`572ba60d83041ee1b27488974b2ebd07834bf28e`
SHA256	`63e1ca750a250dccadce107f4baf31a5a912c61fef769f3d3657eae71c585cbb`
CRC32	`D13EA795`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	028dd8d3679ffdad_backup.exe
Filepath	C:\Windows\assembly\GAC\Microsoft.DirectX.DirectPlay\backup.exe
Size	40.4KB
Processes	10788 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`015aa3027a36bccc28deb698d16b57c6`
SHA1	`4e0e9c7d80310145fd37de4d7820a908ee4a349a`
SHA256	`028dd8d3679ffdad844c46e5540fdb8b45ad541f191be7aa6057a8963ca89c31`
CRC32	`FDBEC61D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	88207a55fcb2928e_update.exe
Filepath	C:\Program Files (x86)\Common Files\microsoft shared\VC\amd64\update.exe
Size	40.4KB
Processes	6756 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`97b2cbbf404d2b4ba1b620dcbda47a5e`
SHA1	`ae7524b58bd5adad1b563d26706f08e81ef72ba2`
SHA256	`88207a55fcb2928e57e8ad306984ef879c29713ebce2b6be2d85641d16b690e6`
CRC32	`45E85DED`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b363ec4d68391091_~DF7EDCD5B57CA318CA.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF7EDCD5B57CA318CA.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`9b4f28eedd428d0ea34830359a8ae767`
SHA1	`2c374ce0833a03bbc5e1b1ab6614b561279006b7`
SHA256	`b363ec4d683910917cfae4a1c5bac6c53bb7831732154c4b908e4221958163dd`
CRC32	`EBD1FAB4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	260d707900e84ba2_~DF14A1E2BC5A5B651B.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF14A1E2BC5A5B651B.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`6b0e67291f9b9da25517340d09f99337`
SHA1	`4c62a00a07ff2c1329e775e7c81bfee4b958848e`
SHA256	`260d707900e84ba22dbba601c3251750b16a9870a69c00e57aa3d2f1204d9a4b`
CRC32	`A910F699`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	fc909f5e15e2e183_backup.exe
Filepath	C:\Users\Administrator\Pictures\backup.exe
Size	40.4KB
Processes	7340 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`c765cba43cda08b0ec65515fac76cd11`
SHA1	`b4858c1bcc8df3ee9d94b81e30eaf96e2a951dc5`
SHA256	`fc909f5e15e2e18384496453388c1ac55fcb2e6434acfd0bc97d06207caac902`
CRC32	`1CBC2F78`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ce86679639ca08d7_backup.exe
Filepath	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\backup.exe
Size	40.4KB
Processes	12824 (System Restore.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`a208b9c88eb5e0b8892bbb5c338704b4`
SHA1	`7d117a09575bc139e877b984d9e3d3a9c4fce02e`
SHA256	`ce86679639ca08d722346757faa38d7845671cfbb4d4e6095425b2748cee1078`
CRC32	`F9E838DD`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ad93036b8b764faa_~DF3AB7AB6E31561FFB.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF3AB7AB6E31561FFB.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`a10bd3b9eb93ec980ae713078c0d30d1`
SHA1	`3d7387154dfcda0393c0115c0a0fe6527d7fb545`
SHA256	`ad93036b8b764faa2fd33ab26d773e006570d9bbcdd4091ca7f10eed2cfa0d96`
CRC32	`314F05F3`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	144303348172a4ae_~DF6439EE204E15F3B2.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF6439EE204E15F3B2.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`db3b3689dd6568189ebcf5bc00ecf10a`
SHA1	`51336d9b71b0ac548e9b20e125df0a8f73f3903a`
SHA256	`144303348172a4aec21918bc9c849bc38698f51c7daff2397f166ae8ebd4fedc`
CRC32	`76E3DF03`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	166716d3926b8e56_update.exe
Filepath	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\update.exe
Size	40.4KB
Processes	3812 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`05efd8e92a2a39b9028fd56fb49d804b`
SHA1	`cf41cd185f1ffc661fb901c061fdce4d3b2f39dd`
SHA256	`166716d3926b8e56cbcdc7eeec66bae6971591a0765d3a82e3ac3e76fd90341f`
CRC32	`57485A80`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	189a8bac4c40017b_~DF31F479D20256993A.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF31F479D20256993A.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`3585ce3440f00d934e451d41512b7d96`
SHA1	`644ba90a8c66a7217d46c3b4a746f90a18fb6931`
SHA256	`189a8bac4c40017b59ac5e7f92e43af3ef8d63cc77437505495b669a5f729695`
CRC32	`991068EC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	90d285f486267e66_~DF5A44B3970D469AB1.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF5A44B3970D469AB1.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`2748c2f4d816df8321ab464b5d71a56a`
SHA1	`9d2a04009af31795317487db5eb20eaca4c8e522`
SHA256	`90d285f486267e6645f613dd24120581f41b6d04fba5f54fd31f30749855f9ae`
CRC32	`E0346E4B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	886a144288a0623d_~DF48343B3255E19017.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF48343B3255E19017.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`e66ccce3b3a60e10bfbb6ad928422b27`
SHA1	`c4d110404706e6237d1df2a190a1f0c9ddde8ba5`
SHA256	`886a144288a0623ddbe0bcc2783acbbb4e8ffedbab214667c23d7883af1867e6`
CRC32	`242FD312`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1fed5d8525fc607f_backup.exe
Filepath	C:\Python27\Lib\site-packages\pip\_internal\distributions\backup.exe
Size	40.4KB
Processes	8812 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`f1ad06f3f5b10a0a96a282e10e7bf76d`
SHA1	`fd8e0164b5966b0ca00653422cdabfc88529a172`
SHA256	`1fed5d8525fc607fd53ca10d0ee7b9aac224b27e32eaf5b30df28156519b9358`
CRC32	`DD490C2F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	efee6c16d058828a_~DF2C6591784F492A39.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF2C6591784F492A39.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`3c960fb3fa937e000ceb2c852c7474e8`
SHA1	`2ead012e207505986f492e5c688a2ff60e795ce2`
SHA256	`efee6c16d058828a9d9d986fb56bad51a0967066c062087dbe965481e4b07fd3`
CRC32	`E23F9EE8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6e1541435ea29a71_~DF9603BA6C16B68B42.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF9603BA6C16B68B42.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`20f0e5cce4de440f34cd0217dbbd1336`
SHA1	`f539a6b832ba787ddae0787a72546a34f5eb3c93`
SHA256	`6e1541435ea29a7191b4f59f15a85df731821ecdf8f517209acc956fd34cab1d`
CRC32	`64998BC7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	43fbf618945e7c9d_backup.exe
Filepath	C:\Program Files (x86)\Windows NT\Accessories\backup.exe
Size	40.4KB
Processes	11596 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`9e1cec8283d3bdfc7eb6e845f9d9eb18`
SHA1	`5c3b0c93e143740923384f605ef219b4b4c45ad6`
SHA256	`43fbf618945e7c9d6b2b5947cb9137f305c99559ce9e065cea8590149e6ec01d`
CRC32	`554290C7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	021e466e523baeaf_~DF0F254B161DF359C4.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF0F254B161DF359C4.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`4ccf4c36b77b64caef91351a84ddf959`
SHA1	`b828ccd4cea2716f47fc83a0ad88beb389052941`
SHA256	`021e466e523baeaf77b5acfb013f86782c2c4f76db0aa934e802363736d2bed7`
CRC32	`3601BADE`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	17d79d575e481ec6_backup.exe
Filepath	C:\gcoxh\modules\backup.exe
Size	40.4KB
Processes	2028 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`468032d0a53b429b3e04fa954217341a`
SHA1	`e2225f36f8db96787ce3a83a8e06acb938a5a8fb`
SHA256	`17d79d575e481ec6b3a40ee10baf8dbc90c02343b38de3ae2217876097d99635`
CRC32	`3F935C1E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4004fcc54261a054_~DF30A1F6FD93BA7C5F.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF30A1F6FD93BA7C5F.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`cc93511590da367a8ebca2afb7a2cc54`
SHA1	`2d3e42f9a96d330d90ffd8a754411f2a90295ae9`
SHA256	`4004fcc54261a0542359f6421920ff5b8cf520e4dc6c0dbc114818c5eed66579`
CRC32	`BB5D030B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e494ecd59af8e9de_~DFCCC4258D9BA3403B.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFCCC4258D9BA3403B.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`a7766c6b654881b60e17bda574b4838c`
SHA1	`d9f5668abd3bbbae5ecaed7706c272653ff4350b`
SHA256	`e494ecd59af8e9dea34a4eb5a40d6ef676f7254bbb206a3fc1136f90b63fdfdd`
CRC32	`F7461B9F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f1ddee9fcd9a2a8f_~DF90CAACA80E2878DA.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF90CAACA80E2878DA.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`0baf07266a18033548ee8cf48fe30e24`
SHA1	`837a464c0a69f5bf9bf6ba5f197f588981adc447`
SHA256	`f1ddee9fcd9a2a8f23e30e1deb25dac193774e63d0e6eb3e604c6b5ecb3420c0`
CRC32	`24E9A37C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	52dfe042fe98f303_backup.exe
Filepath	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\backup.exe
Size	40.4KB
Processes	9136 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`fbc18045c901f57073c9c5ccd1613ea8`
SHA1	`e0c4c90ae6cdac4c63a1e8a5fe403cf9c04f9737`
SHA256	`52dfe042fe98f303165897d40fa89429ccbf17c54cafc3927f841f9900ef62b1`
CRC32	`3CF5F740`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	510e3202511e4be3_backup.exe
Filepath	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\zh-CN\js\backup.exe
Size	40.4KB
Processes	12740 (update.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`4c273f79db301ed2be66e2178e7b5774`
SHA1	`25b1e55750d096f6434ffa22449e1b5b71ee0eac`
SHA256	`510e3202511e4be3e66ebbedfbddcca3f6177b5df3c506f817cbb87ec24f5e5f`
CRC32	`62B9BA58`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	065866d860687911_~DF15AA7CE03D9BAD36.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF15AA7CE03D9BAD36.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`b4dcfc450be8da75550e394dd46a0a83`
SHA1	`0ad8a6ac76fa0c752417f2bad62e75d716e4bf08`
SHA256	`065866d86068791176f5931de304d0c472da2b41e3576c4eb57c6ebb135fd4d8`
CRC32	`93090332`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e59c4d109b5a5829_backup.exe
Filepath	C:\Program Files\Common Files\System\ado\en-US\backup.exe
Size	40.4KB
Processes	4940 (System Restore.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`a0305d8ff06dffd0430457b1e473b5e4`
SHA1	`59821b5be6bf101b8fab9bdf7e90d73bf1d6a6e9`
SHA256	`e59c4d109b5a58292e409b86226ef1693c94494f2ca4778121ce344db26b2d29`
CRC32	`3350FFCD`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d9a8762951b0bf3c_~DF090F9800AE470361.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF090F9800AE470361.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`0e5737b916f31cf84664b42e53db087b`
SHA1	`3d676d1981fb55ac000d191467a5af14d2189995`
SHA256	`d9a8762951b0bf3c9c6e39afc27bf61d115686aa30d2b12251bf839a9fec9f04`
CRC32	`D3488496`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8f70445acadc8193_~DF27EE6A50C0816081.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF27EE6A50C0816081.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`15d266ee86e9ccdd08f3f147d1745fd1`
SHA1	`c1b3f4707419820c4b3e81432fb99d947f41f5bd`
SHA256	`8f70445acadc81935b2c19151684f01b22750b4725ee8602a9662fe0b78b5dcc`
CRC32	`DEE5162C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	fa955cec9710fbc5_~DFA740977E64E6B086.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFA740977E64E6B086.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`935e173d8133f8b68ef9dc29f36972e4`
SHA1	`1d8722d04630731751fafc0ef48ce46e13af25b8`
SHA256	`fa955cec9710fbc53b1c7d92212796d6ec3c0aa97b83cfcbf84cdf100f34ed8c`
CRC32	`0C1127C8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	93c6aadb4bc59950_backup.exe
Filepath	C:\Python27\Lib\bsddb\test\backup.exe
Size	40.4KB
Processes	5556 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`8839c4e215ecb95a0c7ed85de5f9d80e`
SHA1	`4d7563eb55c5ad262e9abcd19f55f3a1380e2b9f`
SHA256	`93c6aadb4bc59950afeba7b9f6b627b7cfba8b87839ea3d362dddc8135bf14a6`
CRC32	`5CE6C8B1`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	785d096887937d22_~DF7505AFB93EADDA0C.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF7505AFB93EADDA0C.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`bae42ac61b75505d2fd185fe0edbaa29`
SHA1	`80f4fe9024479105b2266d1b9bc340435f75d8a2`
SHA256	`785d096887937d2231d6c1bdcd9cbc2c9bee08535a32dd7da1abc28d638c19ec`
CRC32	`FE09B346`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	33a9980da4cd584d_~DFEFCCC62007E96170.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFEFCCC62007E96170.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`fcba038000c2f4747742afd2eeae256a`
SHA1	`1b164114ebb9d041d0c16abd0109f0302b4b5aff`
SHA256	`33a9980da4cd584d04e73f754e95e4d348a44d26ecb488fd66b8a2dcc6baa188`
CRC32	`B802E6B7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1b3dc291e33ad0d3_~DFB30BAD36C26FFEF9.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFB30BAD36C26FFEF9.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`82c5942459e3796f4af691bb7678b3fc`
SHA1	`84b3af1a98883fea9f82d9a43e8ac42e5d0ecb5f`
SHA256	`1b3dc291e33ad0d3984bae0c67a01b821588673467656d5bc67939736966f868`
CRC32	`4B89590B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	223e3b76773bc568_~DF1DAD3BAF91CD0771.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF1DAD3BAF91CD0771.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`c78d529692767521e2c2311dccdef282`
SHA1	`0480480b64355d19e30a4de6f784179585200d77`
SHA256	`223e3b76773bc568cc0792f5fd01beb289533939a6672f631a038baa25966b82`
CRC32	`A0FF10E3`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ca8c2cda820d83f4_~DFAF5FE135D68F955E.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFAF5FE135D68F955E.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`bd2bf62b2c31622d631af0a757be945a`
SHA1	`db15521f4d7b16df57e652943c4b31062247fcdf`
SHA256	`ca8c2cda820d83f4c79f2077ba27368a661a3fcec5ae2def7dac2a4aaad82a72`
CRC32	`9AFD4AA7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	28ffd775113bc1ca_~DFA520C5E3BC6D51EE.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFA520C5E3BC6D51EE.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`de3f57cf92a3184027149839249cfbfb`
SHA1	`3d2d57278244cac4c70701c1912e2eacddaa5add`
SHA256	`28ffd775113bc1caebf6c9a14d79da173f3c31f4e84fe5ecdd69a682f657e6b7`
CRC32	`90B1FCE6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	dc9a473c543e9087_~DF5C7FD8D19D8B1BDE.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF5C7FD8D19D8B1BDE.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`aa268c5fcc8491eafabd20ab9adadada`
SHA1	`e1fb4c6f6ea95214c773dcfac35167de950d9254`
SHA256	`dc9a473c543e908762e6b6917532962cd439e1515a2bebd0a96c9e4bde50d57d`
CRC32	`121EC86C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ab8a563af2a6afce_~DF0C56D303B94660BF.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF0C56D303B94660BF.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`95f3d2e0eb796c22d7c46d3947e937e2`
SHA1	`16f456a9b12afb0d9d9aa82ec42fc18a84910595`
SHA256	`ab8a563af2a6afce2084682a4bb7acfc9d8594f0a82da486bdc88c492585d85d`
CRC32	`D2E3AB4E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	799b97d55de0d975_~DF700753549041C162.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF700753549041C162.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`d3bc8628eece75ab17c141abde165063`
SHA1	`73e5de0341a08394ea6fe3a4acdd2ca234eb2bc0`
SHA256	`799b97d55de0d975b13881ec9d85bb2a6d34cdfdc9f3717fd1d9f180012dceaf`
CRC32	`188ED5A3`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	fa980610c0c2b7fd_~DF314B6768CC1F21AA.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF314B6768CC1F21AA.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`733b33c0686ce6c5483c5c18293de9a2`
SHA1	`c0e8b4676ca2cfda8f04e1e425d503393194f4c4`
SHA256	`fa980610c0c2b7fdd5cf0d6366250daf432829a937c293db52d0f370dc2919c5`
CRC32	`CB2C3B7B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	84ccefe879f784e0_~DF879CE06C2C711151.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF879CE06C2C711151.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`6cb094cf610fe6e38a20f8700cf0e55e`
SHA1	`21958f6e9798a4fec86665572fd7d0854f0d03f9`
SHA256	`84ccefe879f784e07d6c957345143da948fa053d3d2f472cfe580a02c562b561`
CRC32	`4EEAEA68`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	465efbc8c2d777e7_backup.exe
Filepath	C:\Python27\tcl\tcl8.5\tzdata\Europe\backup.exe
Size	40.4KB
Processes	9524 (backup.exe) 8916 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`a7c6e5783764caf97577155b1605468c`
SHA1	`991b362fc411b46b08209a2647e50e0756587b8f`
SHA256	`465efbc8c2d777e765fc11321348764595f53b23a0768ea1282ae66c515748f4`
CRC32	`E4FD3A31`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	688c5989cde3deb8_backup.exe
Filepath	C:\Program Files (x86)\Mozilla Firefox\defaults\pref\backup.exe
Size	40.4KB
Processes	7424 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`9b08524e8f4a2acd040b6048bd167a7b`
SHA1	`acf8d917b2e2e2ddc3d14b68dcb6a97d6997953d`
SHA256	`688c5989cde3deb8d7aad61d8f1e27955ee68db4916b3acfb25c851bbd7ee1e2`
CRC32	`1665A415`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9384b886824804f5_~DF0DFB0A9AD526B95D.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF0DFB0A9AD526B95D.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`0cf0e7b76de3b484f1ae9b72ed5f2b87`
SHA1	`688dc35b7801f8822b8105a3eceac3627e3bb823`
SHA256	`9384b886824804f53bc3b818d3e288f8874efcb6c562406f7f7be79dbacb37fd`
CRC32	`7A54E532`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	bb3bd25fa90182f1_~DF69C9A7032BE1BF26.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF69C9A7032BE1BF26.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`7232b2b57bd48968c1bd679b01f05317`
SHA1	`f135ff08e971f76ea0dfd7870b1e047f3129d50a`
SHA256	`bb3bd25fa90182f199bc272f3036863c69cb970afd4757a066f5146bcc116bb0`
CRC32	`AD6FF2C1`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3ecacbaf8504cc82_~DF30490657DA826B38.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF30490657DA826B38.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`a25da8bb564759876a2195e05d721218`
SHA1	`b54ff286b35868487144508ca59009d1646576b0`
SHA256	`3ecacbaf8504cc82a854dce89f8cc9aeeb0474a5c4b77b5d425471a85084699e`
CRC32	`A751B356`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b3159216a1c7ec94_backup.exe
Filepath	C:\Python27\Lib\site-packages\PIL\backup.exe
Size	40.4KB
Processes	8828 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`3881256ae1529256dbdf94c0513fad6a`
SHA1	`e9f42f6a3ead5975f1772560ef9f8d3d4e2c6e34`
SHA256	`b3159216a1c7ec944383d6875c22b1a0401e44a08157593ad2ff9ea6040edb7b`
CRC32	`B3721D80`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7bbbc34e6a7ff23f_~DF6467C6C58E4AF2FB.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF6467C6C58E4AF2FB.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`ba5ce75beb6b81e0e6c6b8f4a3fe6f11`
SHA1	`df2fde010f3a65da7f426b22f70978edcebd5437`
SHA256	`7bbbc34e6a7ff23fdf5d57b363807657cfd023020802e6d3628a454eee6ba83e`
CRC32	`E865AD71`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d57e9a05eb39338b_backup.exe
Filepath	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe
Size	40.4KB
Processes	1592 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`b1ea9aad6bcc3a0af9903572b846eb82`
SHA1	`be2f9dd615d5dde74ef7609b45bdbc0d8472df16`
SHA256	`d57e9a05eb39338b44b21a302f5178810d45f4a6e4f75e4d26896e2fcdc8f9f2`
CRC32	`601C143C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	848bc1014646938b_~DF414E55A367CE1836.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF414E55A367CE1836.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`5921cd0ac5dc8bc48dbb99580d7dc4fa`
SHA1	`b43ced8ce6a580694c8aca03ae70aa593de30743`
SHA256	`848bc1014646938bc2724089f0e7b3a1732b8bd7d124c6ff3cbf95fd30e357f2`
CRC32	`627D1F13`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	81c87bf7c76b499c_~DF0DE3CA001E036390.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF0DE3CA001E036390.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`d02c4a1598de9417a06fb316e88e842b`
SHA1	`ee5bcaf990f5a45304128fcb753da56972b818fb`
SHA256	`81c87bf7c76b499c4894ce2aa425b27fa4245a428aa5d26bc49d53ae268577be`
CRC32	`B7CCD41A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f1b98ce1dbbe2dd3_backup.exe
Filepath	C:\Windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\backup.exe
Size	40.4KB
Processes	11484 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`f2fdc3f149e266095c6c21c9f15a19dc`
SHA1	`8be8d994e335b24b283b4e6e254c8618485f5913`
SHA256	`f1b98ce1dbbe2dd3bbea93af590ec95f836e281dcec4b29686251f0861fb59ae`
CRC32	`30DAAE1F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	39db7f995eaa28b3_~DF22E0192BDBBFF008.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF22E0192BDBBFF008.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`547d7432b5a726e2989bedb5164d1afd`
SHA1	`5a1f9510e9707844f828fbbe4e0a0f4c2425b92d`
SHA256	`39db7f995eaa28b38ebd97dba0702b529e14c109215a4868fb10966b93909e16`
CRC32	`9248E188`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0bd3e780f181da85_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\xOqBdIxBuToKsKrC\backup.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`c22603d99aa3345e16e4cc2fa45f038f`
SHA1	`a1a2d15884654606c6135f3d775c4265195804ff`
SHA256	`0bd3e780f181da85a7fd062122c5637c64507ed58dac6e3bea092deb430cfb22`
CRC32	`D1831EEF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4616c79c637fbb05_~DFD7B3E357BCB30DAE.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFD7B3E357BCB30DAE.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`a8c13529b0dacbacc763a011fa7823ae`
SHA1	`ccf8e7c552922ff98539c6f87e278f60e6b0ecc9`
SHA256	`4616c79c637fbb056fc262919a37632ee3897fc298c5fd3660b17b82f5d342c8`
CRC32	`A8614AE8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	749f45e4af03c920_~DF914923D99D6B8A04.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF914923D99D6B8A04.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`169f1aaaefbca5e9841a781403746eba`
SHA1	`aa18a8e9f00c0034bb03184ab2d801894c102bfe`
SHA256	`749f45e4af03c9201a1c97671d16b43782e9e27a328aee31f625c231e758c1d5`
CRC32	`5D1BAFB5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	964f26e49f7460ee_backup.exe
Filepath	C:\Program Files (x86)\Windows NT\TableTextService\backup.exe
Size	40.4KB
Processes	11596 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`a80984551eef920fdb648278e2f6a15f`
SHA1	`15413a4a0df9b84effb990a7ebe3c98069ca5390`
SHA256	`964f26e49f7460ee29e976b4de7049f6b9095f5d40259d08a3ab406388c34c31`
CRC32	`CB260564`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b5c8711efc18c86f_~DF30C28C67E7D1C754.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF30C28C67E7D1C754.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`692ed0c9eb1d663a420ff42dc349e091`
SHA1	`58407dea7c0ded3529184ea9e8cb3d427fa29811`
SHA256	`b5c8711efc18c86f8e0b1e1c10442b1b1ab85afa0ea2af10f7cf1e39127f34cd`
CRC32	`92220BD6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9fd974d0e0908814_backup.exe
Filepath	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\zh-CN\css\backup.exe
Size	40.4KB
Processes	11388 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`04add7e2b5c02998aebb2c2946aeded4`
SHA1	`b05f36d6e778f7dbf382939a5d2791534c684817`
SHA256	`9fd974d0e09088147a7f9ff7a7f8894c952b9c072d3aa5e141664cb081eaf2e6`
CRC32	`3D0DBE6C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	fbdb7cfc9728bad2_~DF845A013F5E387451.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF845A013F5E387451.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`b9ca5bec562665233e753163ec7202f5`
SHA1	`7f09088272ecea44b4cecd69b8fad2a401e74927`
SHA256	`fbdb7cfc9728bad281d9f5b868b3dd8865deb2d9892be67282a0b6997c93544c`
CRC32	`899D5923`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	33c59d4cd6547c92_~DF0C13C3C77F868FB7.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF0C13C3C77F868FB7.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`a98a1a26665e9f05da6e449ff6ebd74f`
SHA1	`e27233671c577e8cb9cdbfab5f7653d9003b302b`
SHA256	`33c59d4cd6547c92804baf32561c7d877f12ae5b1df012d2f0f39eed3c55d92f`
CRC32	`BF4F3533`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3d729367e5a3244a_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\{1C2B9DA7-AFEC-4854-83D5-5197746130B9}\backup.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`e8d7da70333478f4f774acc61b5c9c98`
SHA1	`08f789611e7e9881dfabf9b7533544b355ee2462`
SHA256	`3d729367e5a3244a83c37405575fa45577cf9cf8694ce6a3b88186a1ab0a4ceb`
CRC32	`3156F7F1`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	121da31e7bce0e4d_~DF9FA8DF2708DC805B.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF9FA8DF2708DC805B.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`15f51078b41c8cd10b57a17e384bdce0`
SHA1	`e56b067c998c397e2e499bd856856fcb285b9bf2`
SHA256	`121da31e7bce0e4dcc61d43f4fad90467de4f66f4715c6c2b1c51ba8c158b015`
CRC32	`E5DE1C3B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	91cf85c7f2e139b5_backup.exe
Filepath	C:\Python27\backup.exe
Size	40.4KB
Processes	1836 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`cab484253f7652bbed99e0641ea6aa35`
SHA1	`578c5262e1f54c40442c519c7f10682e039478e6`
SHA256	`91cf85c7f2e139b5a081c807925f297a776680cb130e723605cc1eaafd0296e2`
CRC32	`A4A2EE33`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c242dcaff656519c_~DF2048C776EF9A7A81.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF2048C776EF9A7A81.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`04975dcdebbd87703a5ce153e274978d`
SHA1	`967ee2e3de4820d44af31263ca7ce2023dd151a4`
SHA256	`c242dcaff656519c00911792ee1005d0956a063394dfa645486c46e5e9f43b90`
CRC32	`8C1A008C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b475bdf4361c330a_backup.exe
Filepath	C:\Users\Public\Pictures\Sample Pictures\backup.exe
Size	40.4KB
Processes	10660 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`45bd93cd84e7e8f2cd029247dee4a926`
SHA1	`cb2ce280a343b0587a432749f2cc95a56d4f97a3`
SHA256	`b475bdf4361c330a6aac5e667e400da0b86cd5726719e56f4c6dc0231625e822`
CRC32	`E8C91431`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	86a9fdc449070d2f_~DF5811147795514225.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF5811147795514225.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`bb5319147aa9c8379d43ad8c4314ced6`
SHA1	`828b8f569345ae1bef05b1edc0d0275612fd8385`
SHA256	`86a9fdc449070d2f071a50971b04c7f831f2fa6c51a53781295cca61ae885e4b`
CRC32	`2DB0AD5D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3b671c1c060f71b6_backup.exe
Filepath	C:\Program Files\Common Files\System\Ole DB\zh-CN\backup.exe
Size	40.4KB
Processes	4508 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`a160b74c302762b2374056e372d3b531`
SHA1	`92a8bd53b1f8ac7c8d1b17536fb822f28fc1e391`
SHA256	`3b671c1c060f71b63ce7b0a7b09b803acc9bd9d653b28944a7b19bd50b34f53f`
CRC32	`DDA1F28D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	41814ec771669255_~DF321865E108779A92.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF321865E108779A92.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`50a37009d66c889e81aecf6f9b0793c8`
SHA1	`35b858deaaceabda6f4485f95e58bae8a75c5a8f`
SHA256	`41814ec77166925509c66f7df4619d79edfc7693f8524cb48ecbaad1e505d13b`
CRC32	`2FECCF17`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c7d016577cec5446_backup.exe
Filepath	C:\Program Files\Windows Sidebar\Gadgets\backup.exe
Size	40.4KB
Processes	8760 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`62d5f723c179e8988fa8b4545560ae13`
SHA1	`7677dc7bf37dc66cfb624d5c41587f6b3f123deb`
SHA256	`c7d016577cec5446706888ae739ab0f429e7ad249bd0152f0f32892abb635714`
CRC32	`3CB412D7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4004fcc54261a054_~DF1D87A4C332D1004B.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF1D87A4C332D1004B.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`cc93511590da367a8ebca2afb7a2cc54`
SHA1	`2d3e42f9a96d330d90ffd8a754411f2a90295ae9`
SHA256	`4004fcc54261a0542359f6421920ff5b8cf520e4dc6c0dbc114818c5eed66579`
CRC32	`BB5D030B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8859dcdd0610a831_~DF13E0885F6F82EB69.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF13E0885F6F82EB69.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`fe9bfed114f33f0c6425ed8b3f1e8c25`
SHA1	`54f2623e2df9458c2584739ad845073f63b8a011`
SHA256	`8859dcdd0610a831351e31a254a35da4a93e417bf0da9c0262e57e2b332cdccf`
CRC32	`FAD8167B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	dc2894187566aa12_backup.exe
Filepath	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\backup.exe
Size	40.4KB
Processes	8552 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`80c928b826d0082f51c774e35513cb85`
SHA1	`abf4ea6470380adf8a9091d6fdc13f2f2d7880e4`
SHA256	`dc2894187566aa12b1c8b0e3399fd5e63290f9fed9634a808cdef3116c751bd1`
CRC32	`EBA5BE14`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	27c8db497a94ecae_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\{C7C912BE-12C2-49c6-B9BF-ED34AA55A3DB}\backup.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`fbc9803269bfed89177162c4e66a7923`
SHA1	`861aad53fe50984b87d8d3a99a3afd49fe879943`
SHA256	`27c8db497a94ecae48ff469953b360aef6bd02177b44f07451be9166b38c7345`
CRC32	`8E8696E7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6496563ab471c73e_~DF68470FCFCEC55362.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF68470FCFCEC55362.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`67a43a53b62d81276fb005343f9d48c1`
SHA1	`e3cba801aaea81f3cfcb3df652f99e54720a753f`
SHA256	`6496563ab471c73e6c7eaae4c43ca7fb075088199512aba22414bf0ef40ca561`
CRC32	`2B1CE86B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0e90dd1875c3c879_backup.exe
Filepath	C:\Python27\tcl\tcl8.5\tzdata\Brazil\backup.exe
Size	40.4KB
Processes	8916 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`75b03fd5d125d85b8eede8e99a090e63`
SHA1	`4ada8f26560ab7ce4c254d8d369bb4bed08ce780`
SHA256	`0e90dd1875c3c87949a98b6be605d4f8634a26d8fbaa875098bae1fff956b8b9`
CRC32	`7DF46B8B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6f597ecde9ec6076_backup.exe
Filepath	C:\Program Files (x86)\360\360TptMon\config\newui\themes\default\tptmon\backup.exe
Size	40.4KB
Processes	5800 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`c920bfdbb99c4d320dac706c55b4d12b`
SHA1	`f38e39af5ca699666b677a6a3076c11eb1fc12d8`
SHA256	`6f597ecde9ec6076276027cf77c7119e087583451f5fac02261a0286b67329fd`
CRC32	`F4B21C2E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0822d0cc762def16_~DF3BBB0B75EF462876.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF3BBB0B75EF462876.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`7d0ede4b766aa65a8c97b042e539c88d`
SHA1	`c6abe35d95a8267c17233f6d81b712f22401f8d4`
SHA256	`0822d0cc762def166f01b70b32316d42fdfbd94ba3a53767430ffcf4c8434dbd`
CRC32	`4235F856`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	dd0a39df9111c55a_~DF1C08C2E1232164A5.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF1C08C2E1232164A5.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`82c9d366f4b03af66a0bceafa7b2a95b`
SHA1	`890dcbf76d1cbeb7df1eaf5516548c665ebd1855`
SHA256	`dd0a39df9111c55a75b8a2befc0de5173662b4cdf04cbc8e5146c76acc9b40d2`
CRC32	`DA4ACC2A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4b9296c801ee0e5e_~DF7220999944F73B8C.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF7220999944F73B8C.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`2d2abc4d36fcae74f3e9cefd6c0e0b25`
SHA1	`d5f3313d3c87b05d507d4c7269557861be9dd7f6`
SHA256	`4b9296c801ee0e5e1589e456ecddc2bbc01800895a43b0da30a17a34ebb0ade6`
CRC32	`7BEE9CCB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2bc5b50bc5d101f6_~DF63127E2A05E84840.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF63127E2A05E84840.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`8381e9f56111857a48bb89d4134ad114`
SHA1	`d0a517487c6b192dfb2505dd1053ef574e281abe`
SHA256	`2bc5b50bc5d101f67e2ad433d583fddaf0cdb5c2828545320d90eb90a8be8dfa`
CRC32	`E1D208C7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8d48715b81bd0df3_backup.exe
Filepath	C:\exsrjwtsit\lib\common\backup.exe
Size	40.4KB
Processes	2084 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`26f706930b5e28eefa3af17526d6815d`
SHA1	`43df4c6aed302d6486621fd7e2a1b22c46bc9bcf`
SHA256	`8d48715b81bd0df395c3c2462dd33b85f1c078f0073c070387e88e866217cf3a`
CRC32	`FAE84653`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5aa9f8dbebfe53b5_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\sInAlQbMbCtTiGjU\backup.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`a4f79f1662ece784c67d80a462fd9057`
SHA1	`6ec03759262f17de77ba5b635a38eaafe199bfb1`
SHA256	`5aa9f8dbebfe53b594a3aa80da3e8383ae16dca973ade28cd9cf64be0694d474`
CRC32	`3F8D7FC3`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	02b1b46c6874dda1_backup.exe
Filepath	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\backup.exe
Size	40.4KB
Processes	7148 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`9ff63fe0f048df3e6c39684995d1f87b`
SHA1	`695ca4d9c3dc97097bdc50b5a82cfe6bac95cb40`
SHA256	`02b1b46c6874dda1ce1c6f5147f7163a2cc59c9290a25e644abca3171f35d553`
CRC32	`87EC24CF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4c982d5c66e980f0_system restore.exe
Filepath	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\zh-CN\js\System Restore.exe
Size	40.4KB
Processes	8308 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`068e8401f43ea9faf993261a19e3c2e0`
SHA1	`c12b6036ca8a9b58ddbc0b2524f0c8f116eae6ee`
SHA256	`4c982d5c66e980f025e3bba78fe3ef56d202659eca1e0cbd95ac41be3ba2addf`
CRC32	`0E0E4853`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5400551acd3a3181_backup.exe
Filepath	C:\Python27\tcl\backup.exe
Size	40.4KB
Processes	6004 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`8908729db90a5a52e2cc14ada24f67e4`
SHA1	`c4d33f11675074026ce10c93afb732db27788463`
SHA256	`5400551acd3a318195eb28ea477e4b31e9fc09d91b07e5ba674231239ba2dae2`
CRC32	`826AE89D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8787dd475670af4f_backup.exe
Filepath	C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe
Size	40.4KB
Processes	1592 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`3ea5041d6ab85777e37c28f8ad3ccbf8`
SHA1	`a9bed96a46f3c39eedf5213a895fe6111a7af9b9`
SHA256	`8787dd475670af4f81f687a03d017730061b24ba8311128b3e19c94980ed7b2f`
CRC32	`19C0AC98`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c87d5907b958a8da_~DFE2F27C86EAC3BEE2.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFE2F27C86EAC3BEE2.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`f572cac02337f616e9bb2ef2c8dd7bc9`
SHA1	`79c0d6a2d8cf7f47a37e03b21fe7f38a59e6c070`
SHA256	`c87d5907b958a8da541df2c1a20cff1e4f2f52d862c42ba88bdee63d8532fd74`
CRC32	`F1836F01`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b5d5ce34299e6a85_backup.exe
Filepath	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\backup.exe
Size	40.4KB
Processes	9148 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`f6ee1990533e232121df7e695259635f`
SHA1	`44cd139e91ae903da48b3a46344147c5eb8de4a2`
SHA256	`b5d5ce34299e6a85905c0394ff7d081dbea770baf1c16b4645564b3000d9129c`
CRC32	`B188BD3F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	28a4b570303837cb_~DFFEEE40EC22A33CA8.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFFEEE40EC22A33CA8.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`c1de2b8423f93bc42f4a51645d9d3589`
SHA1	`a28c2af3db075a245344f8e4b4e2a844a5042bc2`
SHA256	`28a4b570303837cbd6acd6cce186752e4d9febb79c3b7c633b1bcfab1cf482fd`
CRC32	`C29A6C16`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9d895db1042583ee_backup.exe
Filepath	C:\gcoxh\backup.exe
Size	40.4KB
Processes	1836 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`84088b7464c7a9d7c8d746562877e9d9`
SHA1	`06ce7e26081a02ffa89520082c950166983d5d05`
SHA256	`9d895db1042583ee450e2592a9654d42271edaa8cfe6cea1202f37e7c9153d0c`
CRC32	`E610765F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	eb03254488a8658a_backup.exe
Filepath	C:\Program Files\Windows Media Player\zh-CN\backup.exe
Size	40.4KB
Processes	7420 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`e085c51b11069a560f78f15624934267`
SHA1	`9edc5d773c368a2ab0d50922eac8544025964f1c`
SHA256	`eb03254488a8658aa3c23ee686b05849efac2b7ae20a138120b776fe5d4f9245`
CRC32	`3E96C04B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b35d17c16c3f0a8a_~DFDB8F5647D1D0843F.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFDB8F5647D1D0843F.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`43bcfced998e347e1bb8ce48e43d2773`
SHA1	`71277f430578c6426c070991793cc9af6f1ba640`
SHA256	`b35d17c16c3f0a8ad5e270577e80f5578d7d3473b6335d4a8d0c2203c23bcffd`
CRC32	`21CD1FF5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5c93aa54c4bef70c_backup.exe
Filepath	C:\exsrjwtsit\modules\backup.exe
Size	40.4KB
Processes	2080 (System Restore.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`b4e78cc2d8fdaf046417abfc978f0a66`
SHA1	`9e6941e92158b83adae92312e63218315e9dc030`
SHA256	`5c93aa54c4bef70ccec12b3fdd5c6494ec6cb443873b4064c84fb7ac8164f01c`
CRC32	`48F0004D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	66b6a0a14e5f1e41_~DF0DCEC13061F728EF.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF0DCEC13061F728EF.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`6ac6acc931ccd7ce32cd364c750e920f`
SHA1	`a656986d58cf484b39c85a8c00d4be3a15a35538`
SHA256	`66b6a0a14e5f1e41d87287f9fc5db3399ac3d905cd74a386e5bfab5c8be5bb88`
CRC32	`FC4D1D53`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	eeae0ccd5666cd48_~DF984FE9C54E923E1B.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF984FE9C54E923E1B.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`e06e82c9ae20f0fefffea640ea64c35d`
SHA1	`2fb7a73eb07c33444ca48cd5867a96a6bb905938`
SHA256	`eeae0ccd5666cd48c2f75e651ebf2883318225410de64178b589ec11e29c8ac2`
CRC32	`852957C8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1aaffed046ef4eb4_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\{7723B3EA-D1C9-4dec-A024-176C96A8CD60}\backup.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`743d3d3d57c0ea0e76a8db7bfb5bef48`
SHA1	`ef4244ccfd78728ba80760bb3de7814e60336d0e`
SHA256	`1aaffed046ef4eb48134b7393228b5a6673edda53abf858db946789bdaf255d5`
CRC32	`6E537FF9`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1ece964ab54945e1_~DF2848BC3391EBCD12.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF2848BC3391EBCD12.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`9caf81fbabb5cbe9cffc135962463b40`
SHA1	`e6a8c9fa382c7ce21d2bf62fe9c609abe0c9f133`
SHA256	`1ece964ab54945e177ea2bfcb7f0b28c2697cf52c40e25f5702fbc00596f89fe`
CRC32	`53D84111`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	17408fb6453fb100_~DF938D0B30407009E0.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF938D0B30407009E0.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`98917910e5a64d166e270a4bf3d06ccc`
SHA1	`d94b221aeeb3cce668173c7383807959121ba97d`
SHA256	`17408fb6453fb1009f43287a883c20bb969101fc598af647c2f75238d2efcb00`
CRC32	`83F9A3DF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e2dedba5af8b9b23_backup.exe
Filepath	C:\Program Files (x86)\Reference Assemblies\backup.exe
Size	40.4KB
Processes	3820 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`d1fa93d57610b83019ff67076ad683a4`
SHA1	`0ca7bd3f23eeafbc3843c6ee30b9d9b74e7c1c81`
SHA256	`e2dedba5af8b9b2360026ae4fcc3b21df4a1e01c86fbba5c36909c9f8e3f0fe9`
CRC32	`ECCCB474`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2a3bc2fbf0f0c37c_backup.exe
Filepath	C:\Python27\tcl\tcl8.5\tzdata\America\Kentucky\backup.exe
Size	40.4KB
Processes	8868 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`7c06e2777cfb5ff44f343542bd91bf2f`
SHA1	`5c81fd2b2c3145189d92de4d08422c236c4b9c6e`
SHA256	`2a3bc2fbf0f0c37c4cbd561853bbc225e1c3be2fa7bcdc0e9d0ab301d43bc4b2`
CRC32	`A412D799`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f3f84c472c56e3f9_~DF6EBCE1F7BAF7514A.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF6EBCE1F7BAF7514A.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`fc3919f758bdaa86e7bfe278382fd13d`
SHA1	`9a80aa477772b4208ca7ee8091049675481ae79b`
SHA256	`f3f84c472c56e3f9790885d00bf2a357c2d7584b9cfc7b89dedac84e71e7d440`
CRC32	`A8B7446C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	801d5d227871bfc6_~DFB39050E5AED93623.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFB39050E5AED93623.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`7ff7261415a428dcd80170c66dfa6d65`
SHA1	`a8e666e95fdef4fc24fc32ca01f2c966501c5e40`
SHA256	`801d5d227871bfc68f0c7e5635db11c3edc390fa54b1ef8c132bdc6bb00faf99`
CRC32	`5DEE210F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	125966d7a4ee0d88_~DFE16EA5FF5913978A.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFE16EA5FF5913978A.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`ac2ffe16e1d6830a32cc2591384035d9`
SHA1	`17005ab8777de872d72cb96fe1f9a3c8aba29a43`
SHA256	`125966d7a4ee0d88c20890364ac0781c22153b6a1bf79da7a7c4e0331facdbc4`
CRC32	`EC2534E2`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8f70445acadc8193_~DF0FEF47EB094C4E19.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF0FEF47EB094C4E19.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`15d266ee86e9ccdd08f3f147d1745fd1`
SHA1	`c1b3f4707419820c4b3e81432fb99d947f41f5bd`
SHA256	`8f70445acadc81935b2c19151684f01b22750b4725ee8602a9662fe0b78b5dcc`
CRC32	`DEE5162C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d33ffabea768277d_backup.exe
Filepath	C:\Program Files (x86)\Windows Media Player\zh-CN\backup.exe
Size	40.4KB
Processes	10248 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`4594c7f01d74c6f6107eb25848d797b7`
SHA1	`c8fd05feb07061227c5ba16f3a9be93c6ad7bdbe`
SHA256	`d33ffabea768277d21dc954e99a61a5ae3ccbaa327e76ca37659a81220d15294`
CRC32	`56C644A9`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a74a0d29e92aca80_~DF3E0C444FE707557F.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF3E0C444FE707557F.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`1b88c86781a4aab132d22b57b3b275b5`
SHA1	`5ce1fb5bd269b3065c5a7e07b9c64973d77fd232`
SHA256	`a74a0d29e92aca80a37411c414249d43a0d7f73c19e8197827d8e88d1fd24bf4`
CRC32	`92911D87`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1e6f6a67daba6349_~DF6B43D088E4EDFB41.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF6B43D088E4EDFB41.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`0335a4e5b82f4177353c7ab067bdc714`
SHA1	`3c680a67b267230f1062e969d909b94d38c1c8b0`
SHA256	`1e6f6a67daba6349249dfd69cfc6c428f4e4a28285795e65032f9c6f73d8a1ea`
CRC32	`0A9366AD`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	acd9083ba0dc4bb7_~DF7DA3CB98DA254791.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF7DA3CB98DA254791.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`d147279c296a48ab324b12ab36889be7`
SHA1	`9eb9681b9110d6173af2d69b6a4ff4f6f73ce627`
SHA256	`acd9083ba0dc4bb7f40c359eb680bbd73d6cd23a71e76e95fe9dd12c1609ad31`
CRC32	`BECC6435`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	34b89fc139d72e71_backup.exe
Filepath	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\backup.exe
Size	40.4KB
Processes	6016 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`b0b080b5606fd5c1f608106478a691ba`
SHA1	`fe594453d421d3a043e882de2332aac33f8a7108`
SHA256	`34b89fc139d72e71b60725bad12e44d022690b7bb66c9cfaf8e322cf6b7dfbac`
CRC32	`C2F1F939`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b33249dd9dd6f892_backup.exe
Filepath	C:\Python27\tcl\tcl8\8.4\backup.exe
Size	40.4KB
Processes	8436 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`351482f5da4c7bd652bbc0dbfc01ce96`
SHA1	`22297f7cc5dbfee3fe7bebd3d35b215fcf3d65aa`
SHA256	`b33249dd9dd6f892109a1fb33263638532924fa3a8447d9efd2f7ef759607364`
CRC32	`B8D5DFDB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	63fc02e6f153a36d_~DF3C9623589E36F2E8.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF3C9623589E36F2E8.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`a2af97dd246b32b554a34ebf8dbcaf76`
SHA1	`e6c0dfbf1ca3412fbbab02cfe834d711c2a8ef7e`
SHA256	`63fc02e6f153a36d239f31d9c83b04e23f8f005063d0eaea5a38699b94e43df1`
CRC32	`F2E60E4B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3cba435f78449ba0_backup.exe
Filepath	C:\Program Files\DVD Maker\backup.exe
Size	40.4KB
Processes	1404 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`f45e33d3f745535c0e0c29c560d175ff`
SHA1	`a594d101fa10828d7f7a3bb605d5c07d21fe861f`
SHA256	`3cba435f78449ba0c74eaa35d3cd793be322c3bd5b00d2a3880ca0e9faa461de`
CRC32	`1C6116F2`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f3451c815f5a0e02_~DF31DB6B4B4E81910B.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF31DB6B4B4E81910B.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`1f6b152f6f4ad90f532d5528069cb6d1`
SHA1	`a5294b0b7468220222a514c6e3cd851e4ecf46e0`
SHA256	`f3451c815f5a0e029e42c9ed08eee65753ccbfa3eaf9cb1f0755aba1bf1b47e3`
CRC32	`1593494C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b521529b93537936_backup.exe
Filepath	C:\Program Files (x86)\360\360DrvMgr\backup.exe
Size	40.4KB
Processes	3300 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`d010791b0a08be9272707cff4e0dad88`
SHA1	`0a3a3b5e8702100328e979b94b1524fabbbd1674`
SHA256	`b521529b93537936322cf70e39c394cc88339f2e2a3b7d35153ce7bf5b30c149`
CRC32	`56FAF646`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	055721194dbd252d_~DF796C72477A51E0B7.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF796C72477A51E0B7.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`cc44705fca6972f7607bb9a9eeb1b8c6`
SHA1	`401bc34d68fc79a1349ef4eb0c71c8c7a9376356`
SHA256	`055721194dbd252df94b60fdf3c1529322f2ee1b6c17515a8fe5a0981da043c0`
CRC32	`6405E1E8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0d646591389134a7_~DF199232B974E94FB6.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF199232B974E94FB6.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`a05071638d8511d3b996914d3df56eec`
SHA1	`32eac1fbb2a3b75f7b821de0e499cee95a7d84fe`
SHA256	`0d646591389134a7d2286751e6d8eab7611e3b5f76da99ad9927e9f5adeb1f22`
CRC32	`CB32EB7C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ec56998d7da34013_~DF5390E51F943ED167.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF5390E51F943ED167.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`f706c6d3690a3a35076c81abadc043fe`
SHA1	`cd59d781f57b9037e9c5124a534a8f9efc724282`
SHA256	`ec56998d7da340139885f666768cc1f99dad085da35bc844b771dd9337dcbb52`
CRC32	`F3EC80E3`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c2bd6d975bc08ea6_~DF218820B4E84CA13F.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF218820B4E84CA13F.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`0b44a6f539d50a72aa1afba65958328a`
SHA1	`364b5fe87cee01850dad299fb788c1d580c2b7eb`
SHA256	`c2bd6d975bc08ea61fe6e3c8d487bfa3d76ff6f98535f53cc97c380d5bc1c738`
CRC32	`A9964CF8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3d5538d9c3d69b50_~DF17A9F8B9E35754BB.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF17A9F8B9E35754BB.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`54a933fcf9af5a918f3fa019c83b983e`
SHA1	`708eb79a7dcde9c60bd4dc5cd37f28121ca58d1f`
SHA256	`3d5538d9c3d69b50e8325539847defeeaeda02f645fb349540204a6322077dcc`
CRC32	`15C42E0D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5796f42832a38cd6_backup.exe
Filepath	C:\Program Files\Common Files\Services\backup.exe
Size	40.4KB
Processes	816 (update.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`1de407f3ff34ffd415556f14c94a5518`
SHA1	`1e0d44682895ac297ebd514ef3d31a9c96b953a7`
SHA256	`5796f42832a38cd6e3f179fe5679860682e332ad20e2b13d8ce2180d141218ba`
CRC32	`32AC4466`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5e2772035a5b2ac5_system restore.exe
Filepath	C:\Python27\Lib\pydoc_data\System Restore.exe
Size	40.4KB
Processes	5212 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`e6b8b98dca68931e7bb083db6d85b5ee`
SHA1	`7e3d32e7d0b8e31f5ee4845c5deccba32a71eaf4`
SHA256	`5e2772035a5b2ac5975f51422cd5cd5efe350f8ea75fa38d101851bfb5f1e22a`
CRC32	`0311DD73`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	76fdedc126a59b26_~DF1ED97B2AC03B24E7.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF1ED97B2AC03B24E7.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`32be046d78ec1937e95547f60dfe0309`
SHA1	`6c4228a80b012d0bebe8072ff338cd85945feb27`
SHA256	`76fdedc126a59b2616d1257d3f3e2136dbf3c68eafec6b69e141f432257dc060`
CRC32	`4082779A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	37fa2cd4fe4e72ee_~DFE83F9CC5C91F33A6.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFE83F9CC5C91F33A6.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`918b295d5476d44b2ac4f857bd9d8ae0`
SHA1	`c3db138b023cedcb053fe7bb5363bf210f96a114`
SHA256	`37fa2cd4fe4e72ee0ae3becc229f03b5cb12a516490bb182e3942e85e3406d21`
CRC32	`2084443D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ccc4d9edb0f5c592_~DF1707C98C2061AFE5.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF1707C98C2061AFE5.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`0802cb14035da6a418206e2f3b6164bc`
SHA1	`2c1e7ab7a3d56f60e246076cbc2816b354213944`
SHA256	`ccc4d9edb0f5c59254cab91cdf2a538aa94fb368dd3ccc779111aa5eff5e637b`
CRC32	`365BC148`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	db6f232326428c33_backup.exe
Filepath	C:\Python27\tcl\tix8.4.3\demos\samples\backup.exe
Size	40.4KB
Processes	11192 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`68707507bcfb1d454895ee72172a3976`
SHA1	`7e6245b30854403628f82671f7741871d34ce025`
SHA256	`db6f232326428c33192bbc50e1a10b1094b2415f5be2471579177870aa05ada9`
CRC32	`0D69F694`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f9db2bb9675168aa_backup.exe
Filepath	C:\Program Files (x86)\Mozilla Maintenance Service\backup.exe
Size	40.4KB
Processes	9060 (backup.exe) 3820 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`67bf19950d4a5e2975bd9f454260ffb7`
SHA1	`4f71ba8a67460396e0bbb37134d0b527bda67b76`
SHA256	`f9db2bb9675168aaad041da79172a79a817ecb030dc01adb4610ad41b0f20f6b`
CRC32	`7B1E6DFC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ec2d6e268a9e1885_~DF13F9A90E19C9BEE7.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF13F9A90E19C9BEE7.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`ca14596906aa68d6e7f22e74824317ca`
SHA1	`08f10743eac51bb5e3a798017c8126444c9e87d4`
SHA256	`ec2d6e268a9e1885fa7c457ef6d76b29faf5aee3184afbca5f974f62e94565e3`
CRC32	`F23503A5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3c8d79461575de5f_~DFAF6F215D7509BBC8.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFAF6F215D7509BBC8.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`0ece6634569872fdabc746e6cbd28ffe`
SHA1	`7f382e22d04db8834bd534263f0d98674af363fc`
SHA256	`3c8d79461575de5f371c0b05873c26c6405df0b17b4f133b5bcb60ad7dab3218`
CRC32	`47A1699E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	729014026cdf9159_~DFD5BA6DD47892A25E.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFD5BA6DD47892A25E.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`b3b6b6fe399f920eec13ebb630519c96`
SHA1	`fe6f31810ce63906982d06c12f0dd508da0a83f4`
SHA256	`729014026cdf91595a00ec1fefed7ee62cadb0347c013d8e7760a2d8f329c24b`
CRC32	`87F6309F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ab64e3d60180a55b_~DF60B6AA4740F2D2E0.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF60B6AA4740F2D2E0.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`7b015a69b13863acc357af7f4e6373d7`
SHA1	`84e43b413a426558c81aa3289d39408f84789d3d`
SHA256	`ab64e3d60180a55ba7faa84598b71980269caac9a992747fbcacbaf0dbf8d4ea`
CRC32	`1CB5EA2C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	dbe2c48abb9fd9ef_backup.exe
Filepath	C:\Python27\Lib\site-packages\pip\_vendor\urllib3\contrib\backup.exe
Size	40.4KB
Processes	13292 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`e2f2d468246e245bbd25243401c58255`
SHA1	`c37bf933ec65191819fb29a74f8370937d57269f`
SHA256	`dbe2c48abb9fd9ef072aeaf8663453a8591e258856f4f3cdc7df88f09865ca24`
CRC32	`F97438E0`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	02e7c408456e08b3_~DF82AB3D1391CF13F3.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF82AB3D1391CF13F3.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`da8937f8b9b120c53cb0a8c9c92e2280`
SHA1	`55748438affec49084588bb328b1c17333eb9f80`
SHA256	`02e7c408456e08b3c40f11c56f23e72877366a9b0e2b2e4401e19e748202eaf9`
CRC32	`CE453BB4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6c2db0eae9660e05_~DF0156260ADE585A83.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF0156260ADE585A83.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`a5c374ae914a83f409ef705cba4da717`
SHA1	`684a2e80c6a4673291afd3783f9004ca8d8658f4`
SHA256	`6c2db0eae9660e055987cdfaee6f95ae01e52990f5fb43372e603ee19e57ebb1`
CRC32	`FD5DA0BB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6220e3f813d100fa_backup.exe
Filepath	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\backup.exe
Size	40.4KB
Processes	10836 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`32bbec28498399ad174486d56cfe2dab`
SHA1	`c053ee56b2a959b654256e61356df63a999dab72`
SHA256	`6220e3f813d100fa76567f41d59f98d8ba9430c0703849142568fdf6376b7a47`
CRC32	`C6B8384F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	872849e9ebebc174_backup.exe
Filepath	C:\Program Files\Windows Defender\zh-CN\backup.exe
Size	40.4KB
Processes	5840 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`040c5897395afccd96a0bf47281aed19`
SHA1	`648bb8e7f4defd05ec6c605e2bd64d236c5618f3`
SHA256	`872849e9ebebc174426dfe5f4ede2e71430456874e580fe955a748e43d230000`
CRC32	`3EAA72A4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	484bdf5f7b09d6b3_backup.exe
Filepath	C:\Program Files (x86)\Common Files\backup.exe
Size	40.4KB
Processes	3820 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`8a588de497964418e123d626380b7abd`
SHA1	`25bbe568e9252a17cdb69819828eba230fa0b39d`
SHA256	`484bdf5f7b09d6b39ad0d7717c2c0146bad93d4c4dcf3662a9b07e9c8c7c89fc`
CRC32	`C4CE0CEA`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	46d51001a5a65cd7_~DF47B00B3B94454A4D.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF47B00B3B94454A4D.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`beb305e6ab994f3bb566bd3d321c0a67`
SHA1	`b99741d3967d8df2ec67340662de192c15cc96df`
SHA256	`46d51001a5a65cd79fed0894635807e8e67f92a7f765e75eb91bc941a54f7d0c`
CRC32	`DF50BAC9`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5d94e13909676743_~DF05E02DA98D44A5D4.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF05E02DA98D44A5D4.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`33009953a46df41362264e8b1e0f4141`
SHA1	`3b51d6887b24437fe3cba66886baa8496318a4d7`
SHA256	`5d94e13909676743cc8600bfc4a8c31beb892b561999f397fc59bd69a54ee14e`
CRC32	`2FEBFC61`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4179c73491f259fd_~DF3AAFD7CC12B6BA9D.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF3AAFD7CC12B6BA9D.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`a601e27ef3c30ae579074cc5d0bd5603`
SHA1	`c8bd464838564c5aac0386f74768388170de6ee6`
SHA256	`4179c73491f259fd30ad136b72e7ae0e5e24a1de0b7ab9183a4b2f00105259b7`
CRC32	`40E8ED0D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	00dcbda7deed53d0_backup.exe
Filepath	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe
Size	40.4KB
Processes	3976 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`11a14c47c85493dd7698eef4af223539`
SHA1	`d5a85ddc7fa3f4cf4fb8643fd680ee6114b74a18`
SHA256	`00dcbda7deed53d0b83d12e2ea0a02457068d9991f344fe79f106eeb2460d559`
CRC32	`17DB5A91`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c2d81015e2df1ab4_data.exe
Filepath	C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\data.exe
Size	40.4KB
Processes	4272 (System Restore.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`86b1fdb12fbcfa563e33dadc036f3a69`
SHA1	`bc62c300ef5b66e166748720c331503be8d36ec8`
SHA256	`c2d81015e2df1ab49fb9362c049f5fb89f120e0f8d2cbf7cc962ed1f1e76eb84`
CRC32	`E36324B4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2d8e8dc6bb5e3273_update.exe
Filepath	C:\Program Files\DVD Maker\zh-CN\update.exe
Size	40.4KB
Processes	3120 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`8d14b93e91841a0a2809104323a08972`
SHA1	`48fee6d57f92e8e49450f05a3082679c07becbdb`
SHA256	`2d8e8dc6bb5e32737ba3059944e86897b94464b1e80d8caa13984d4a00dcd013`
CRC32	`B233CC45`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	52f9dd60e658d18b_backup.exe
Filepath	C:\Windows\Branding\backup.exe
Size	40.4KB
Processes	9424 (System Restore.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`590cf0a04fdf79fe1662f6d042318a28`
SHA1	`3174a5c1b0ad487be09e804df8f3b971521e2707`
SHA256	`52f9dd60e658d18b8f77bf1d1f0ed2472f8e776c10cc982a402eed6d34b16208`
CRC32	`505BDF8F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	03d4a7ef0a37b639_~DF876CA8179928BB3C.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF876CA8179928BB3C.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`800c36a1eb8c30f0e7679926325f844b`
SHA1	`6e8f3e245d2fe46f10b5494060a44bdbf68bc5c0`
SHA256	`03d4a7ef0a37b639fb5ec2e1c29355a4d04c5b1cb4b4c2d90a2c60857c96585a`
CRC32	`10B3EB8B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c5ccc0dfb6b0f3f3_~DFCFBE29BB22A3BCE0.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFCFBE29BB22A3BCE0.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`daba063440296180cf03f13486c60184`
SHA1	`a4fa20cbebf351b4212201c6c54f514529f6bb99`
SHA256	`c5ccc0dfb6b0f3f3f53f13a74c7b456b1f3c843bcc19afd6b8ec30488b8de3f3`
CRC32	`F5C8C44A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	92e59aa322257142_backup.exe
Filepath	C:\Python27\Lib\lib2to3\backup.exe
Size	40.4KB
Processes	5212 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`08a8fbabe497ff4d14918d2cc4289836`
SHA1	`6b72912d9da20e887ec39af5e3fadebf60167df6`
SHA256	`92e59aa322257142b1e6e2948a0117ed01921cd857a30cf351307433c0400549`
CRC32	`94C304FB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2ce55f4fa266dd15_backup.exe
Filepath	C:\Windows\assembly\GAC\Microsoft.DirectX\backup.exe
Size	40.4KB
Processes	10788 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`1adc483a06002b694c0f362558cd5d5c`
SHA1	`8d40f78cdc6777d2f7e2bd8f2e601138faf165c9`
SHA256	`2ce55f4fa266dd15dcc0ebac9323685fb45d7fa0e8f78e71a4827d33a7117019`
CRC32	`1D6B2F03`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	12dfa8dcd2950b5f_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\rPtKdCfNjXbIuTxD\backup.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`6a1510c4d7def918d74702d0947b4cf1`
SHA1	`0e0e91d1c176514468230492e61d9b325ee5bb2a`
SHA256	`12dfa8dcd2950b5ffb2dff8701a1a69e05e46d62a35c4061ae38af86fc4b9e74`
CRC32	`B2857236`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	02502320094f35ed_backup.exe
Filepath	C:\Python27\tcl\dde1.3\backup.exe
Size	40.4KB
Processes	7400 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`d0edf72d802640d2607038fd2d8f86ae`
SHA1	`aedddb022f9df1067f647956284126b95113e2ae`
SHA256	`02502320094f35ed39d7f2e6be91b88f8533ccb3e88dd549d42e904cd5388a21`
CRC32	`5B8DFA07`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	613b28dbb93e2757_~DF9BEBB79C66257A49.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF9BEBB79C66257A49.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`006259b0aa9837cc0e78b44f0d6f002d`
SHA1	`c3ce0613856eb08cdf1bf73d459b9a6d56981a24`
SHA256	`613b28dbb93e275783a44138238fa7ae2848f0452a0728d437fce3dedc9eb992`
CRC32	`7154AE11`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	123843759e33db7c_~DF76E38039F017EBD9.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF76E38039F017EBD9.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`0114ff2e48da06b7fac5528011ef6f34`
SHA1	`88309fa653a6c0ee471776fc4aac5821aa211088`
SHA256	`123843759e33db7cccd216c4b4dd9dc8e26182269df94d2522d99395cbf1b9b6`
CRC32	`42E09E91`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	25b2b7d715349038_backup.exe
Filepath	C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe
Size	40.4KB
Processes	2980 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`466fd30f38d79b02cf9f33a359d4db98`
SHA1	`19567363ee2825aea3533800c7b32238edc74e81`
SHA256	`25b2b7d715349038703fd7bed6a47f67eeea96357f954b24c9a1dd951949bf8a`
CRC32	`43F39644`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a24e85c4d520dfec_~DF0427C6CD35625A3B.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF0427C6CD35625A3B.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`55c156746edf6794f13be0a3449c2587`
SHA1	`2893d4f4908dadcb4732ed05877497f436e9d71e`
SHA256	`a24e85c4d520dfecf08c13f02dfa4d3705020406854a43d70a8584a7c4204144`
CRC32	`F14E2A3B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	176ee331f057155d_~DFE208227AB331E617.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFE208227AB331E617.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`a25cead60006ddef8ddeda87e3e63045`
SHA1	`179ea4768bf62f25b853756534b8e44d35d2cd28`
SHA256	`176ee331f057155defb1721ca6461e7263220dd0441f60247986b15009da3081`
CRC32	`531234B5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c38d93142579d08a_backup.exe
Filepath	C:\Program Files\Common Files\System\Ole DB\en-US\backup.exe
Size	40.4KB
Processes	4508 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`649743e30db7a5c2b4a2bfb5537ada71`
SHA1	`6341e71f669dd2aeff4fdbc5e4bba27287b2cd5b`
SHA256	`c38d93142579d08a497f6f6535a58eb5d1f2c18db726edfd62b9a76fa0bcc895`
CRC32	`44A8A337`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	95db6cea4dbbe851_~DFFD9ECEA71BDDAC7E.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFFD9ECEA71BDDAC7E.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`04e709d7106f89a0c5d6c5bf1b8f20f6`
SHA1	`d1e2e32484d6f2cdb50056466aef97f6067d5fe8`
SHA256	`95db6cea4dbbe851e7543421078d7c2d089204c4caeeb00869cdf222d2ed85ee`
CRC32	`1CF07B0E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1d66491f9db6a446_backup.exe
Filepath	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\backup.exe
Size	40.4KB
Processes	9912 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`14fe6634acf22cf7e9638766567a78b7`
SHA1	`c37ff389bc17b963f3c311f684e8fcf6c1e1bdfe`
SHA256	`1d66491f9db6a44626e63e0a5fdf610218d008a7290f17e1cef23d716a31be57`
CRC32	`5CCAD1F7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	629ce57bffd5377a_~DF0862688A0AB8EDA6.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF0862688A0AB8EDA6.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`94ee0b22dd7eb7f8291f45d6215e495b`
SHA1	`87502e7bd2f0b49e33065e2b2ee99464a276d266`
SHA256	`629ce57bffd5377ad906e43455d6228af4b7231506e3c76c32556005b69036dd`
CRC32	`61990A2E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	292ca95c1ef7c985_~DF9E12C25ED08A35B2.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF9E12C25ED08A35B2.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`1917e34651629044aac873aebf4859a2`
SHA1	`3923f6da9b9250de9c175ad14e2f4888da7a1fd0`
SHA256	`292ca95c1ef7c98513b62e8b91f5d60efc7d9f6234d7eb144621098fe6ad79b0`
CRC32	`AD7A3C9D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7f38d54d43b11155_~DF049BE7C2CCF380C2.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF049BE7C2CCF380C2.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`d36b6416ffeaff186b738b82a53db5eb`
SHA1	`c6e02c822d3090456d40a0c97f3a4a92bb06b8fb`
SHA256	`7f38d54d43b111554c2193c83312aac557a00be1179bde56fac3e3909168c17e`
CRC32	`09A08CF4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8739c76e681f9009_temp.zip~RF4f8e16.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\temp.zip~RF4f8e16.TMP
Size	22.0B
Type	Zip archive data (empty)
MD5	`76cdb2bad9582d23c1f6f4d868218d6c`
SHA1	`b04f3ee8f5e43fa3b162981b50bb72fe1acabb33`
SHA256	`8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85`
CRC32	`D7CBC50E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2742c7de234d6bbb_~DF92E0B8C67888A0DA.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF92E0B8C67888A0DA.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`f86ac764fcf1cb3fe3ba364637f784c9`
SHA1	`507ad75a39f946107c1b0bda3aa36a482980ece9`
SHA256	`2742c7de234d6bbb8e9c816ec77289fa343c276ee69280f443b50ab0046f20dd`
CRC32	`7B52009E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0da733e1eb508150_~DFBEED47C9666C4148.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFBEED47C9666C4148.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`9a3fd9e53d4cc89e68e3ccc4d779ec52`
SHA1	`7a55eb353bcd67530058d0480b497803445f0c88`
SHA256	`0da733e1eb5081501cae81b1a7ca1f3078b4de90de38250f40b4663cab8ab928`
CRC32	`4FC2FDE3`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	298b4035708a251b_~DF7B5A5A53AC9929D3.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF7B5A5A53AC9929D3.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`e539b30e0a47c0d276cf84b60ad30ced`
SHA1	`11377f26d229d0462e84364517a0588f409b6235`
SHA256	`298b4035708a251b6212c644b25c877d6e101c5971d39135c85f92188f775161`
CRC32	`6A1B22B4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	bab0f49856cb0d82_~DF442C09299EB478ED.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF442C09299EB478ED.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`c5876a2a12220465090bb2eec90e9d66`
SHA1	`8beeefbdf1321d4c852e9622b2101cb57726cc15`
SHA256	`bab0f49856cb0d82cfce9e4eb2adafd9174758a454d66bf53955b11956255dc0`
CRC32	`C0BB3D88`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	bcb2f51a4ace1d26_backup.exe
Filepath	C:\Program Files (x86)\Mozilla Firefox\backup.exe
Size	40.4KB
Processes	3820 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`2cc468652a05a04c0e99fdc5f2175ffc`
SHA1	`f5d9d958156dad2b47f3cbc8f6283255b6f838fa`
SHA256	`bcb2f51a4ace1d262cb0c2f42a08653d0d5bff404c2228a04651d4c8f91c3d2b`
CRC32	`E2173C46`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ee2c1f757548c484_~DF5DE2A751790053A9.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF5DE2A751790053A9.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`81d4edf124bec7ce641938f98bcc4c75`
SHA1	`bd5c1e8412b594ae08a67283d21949ee29f7102e`
SHA256	`ee2c1f757548c484e2c70e9521eed481c8f3bb455b8a724b7c625becd36c8a32`
CRC32	`BD7F3AFE`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e4b5f893e4243c9b_backup.exe
Filepath	C:\Program Files (x86)\Mozilla Firefox\browser\VisualElements\backup.exe
Size	40.4KB
Processes	8164 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`deb3a0cb6d90a6295176da6c937b34dd`
SHA1	`f28b01505dd0d2e753d6e7c2d8529c97b42e59d0`
SHA256	`e4b5f893e4243c9be2a049ab60ff2c2d87a05265c60e5e93650f210232f4ee65`
CRC32	`8F6CF5AF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9db519e20f4e7175_~DFF581D462368C9C10.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFF581D462368C9C10.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`0d0bce9c844d394ea1d0517cd1d31df6`
SHA1	`b8e8d8c14cd37f14910680d54aeca83d5caaade3`
SHA256	`9db519e20f4e71750d9c0ae7344927d4776c8d2612799d0c97cf06ce749e1ddb`
CRC32	`63B3E86D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5628ae65420f770a_~DF87507D669FBF1D40.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF87507D669FBF1D40.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`eee5f5bd86b5d43ecb58de970eb44cfd`
SHA1	`0ad911c44538b454f1de226f7fd4e025a69f6230`
SHA256	`5628ae65420f770adbca9526d8735c75363ce0950ffeb542419fb000659de9ec`
CRC32	`51AAC8F7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	abac8c3b7045078e_~DF2D9BBAFFE567E105.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF2D9BBAFFE567E105.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`3ad01a7a1cbe9d0ba494a92b76f393a3`
SHA1	`8cf5dae2c8d84eeefd25dd669701ebbc24ba8df6`
SHA256	`abac8c3b7045078e76ef896a6c4a00afbcab6c74bf5effdfc9f2a9d694322c3e`
CRC32	`87E24984`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ef513fa802aa401d_~DFA84C9512FE21D773.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFA84C9512FE21D773.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`95ef9d3155b78be94a75cbc7282d8de4`
SHA1	`187715ae08852792f396a9178dca8fbca4a24058`
SHA256	`ef513fa802aa401dc892cd72442154e3f928e6c7a35117a724bfffeb9184dfaa`
CRC32	`A5B8D3B4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	596f383a07dede6b_~DF6D27B0DA22EE86EC.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF6D27B0DA22EE86EC.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`2ea5a9915af183914833f2b32d445ab7`
SHA1	`9114c5d76349c9599cb3606119f61d8399be0d55`
SHA256	`596f383a07dede6b796de991b924da3085ba2ea15e75ef99c32d8e6b8263210e`
CRC32	`6C1D870B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	578c6f2f7996afb3_~DF34A304E90835EFCE.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF34A304E90835EFCE.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`74a42808de15b4490398d224a2a2c33d`
SHA1	`ebb57b8a4407eaee77f524273216d2a2f40009c9`
SHA256	`578c6f2f7996afb3d83c05127e0a0e096d105629709b6cebff382ff340af9834`
CRC32	`E4BBC48A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	de5227fe80588da6_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\drvmgr\backup.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`efb84b661823728a7a6ad356d73f267e`
SHA1	`97361076f12de26c8b4b4df78c3485cc918fa0ff`
SHA256	`de5227fe80588da6c7aa0b1ed82b8c783f30a7a67c5d3dcd86cc0a1ad43f8b0f`
CRC32	`7489AB84`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c0f12b28131a0cc4_~DF8646300BC70054AD.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF8646300BC70054AD.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`93d689dc55d34c022a3b4be03a57ccea`
SHA1	`96bd147b113a72e18fa791dfa343a40c15cdf305`
SHA256	`c0f12b28131a0cc4dacf9e243902110d64ab429698989d3a28a29f1d18d292ac`
CRC32	`4F35B26E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	602c314de6c7b577_backup.exe
Filepath	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\zh-CN\js\backup.exe
Size	40.4KB
Processes	12024 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`ca9fee6354257c5bf5c31996de36cb97`
SHA1	`024f6f28cebd9363efcfdcdc6192b18bfd38c5e2`
SHA256	`602c314de6c7b5773ecfe25250a4fb39d7aaa414a5a41e6be1aea19921831449`
CRC32	`9A847ECD`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	250b964cfb294ec2_~DF0FE0B25AD5E9AF20.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF0FE0B25AD5E9AF20.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`576cda0525cf17cf79b8cfe2d9d78122`
SHA1	`0242b63cb018eb2548cae512073fcdd9bcb69958`
SHA256	`250b964cfb294ec2beb3e7541282d067c8fb0c46f277fffa4bfe924dffe7c8f8`
CRC32	`67701E20`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a9abbba51e8c8ada_~DF6F1B81A37A186EF6.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF6F1B81A37A186EF6.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`d83f9d7786da7869fde9d240b12ee817`
SHA1	`944f8a52f95799b9174b92cedaacbfaa7c07b9f5`
SHA256	`a9abbba51e8c8ada4281ca02cd89a369fe89c048f5bf1b3cf4f74031f20c1e61`
CRC32	`9BDE59F3`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d5316e2acec3f914_~DF4825B7E2118BBBBC.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF4825B7E2118BBBBC.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`6a10f34aebad35e2a4f0925c5f76b9e5`
SHA1	`c262c5c684d7884149c35587776dd1f16cea16db`
SHA256	`d5316e2acec3f914c290cf4f13a6ddd6eb1231af3ab14fef41942d892ee0d6b1`
CRC32	`64C6598B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	07c0ee696408cd98_~DF66AF945D24AC649A.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF66AF945D24AC649A.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`2b36828bed473b90e871c261426c5fd6`
SHA1	`698a1723df9351b286290139431604feb20d9904`
SHA256	`07c0ee696408cd983c600d6650ff3274d0abbb1eedd7689a03e71bfc89727e2d`
CRC32	`912AA98A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	292f180b2a1f00e3_~DF9910251E1BB2B906.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF9910251E1BB2B906.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`b6af0bb13855b5da006f50135bb2de78`
SHA1	`e87c5cd66e27f9ec99a39f6d20627274f9833da2`
SHA256	`292f180b2a1f00e3bb44f9316400fcaa8cad9193d9f9f1a87a16ba62dc8b0c17`
CRC32	`D09E8F3B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	06e2ef63a298977c_~DF7134F43945C86290.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF7134F43945C86290.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`1f5c4dd35009823b7908adb4d58ac5cb`
SHA1	`5cc4817c0c24eddde6d5349979efbfe41e3320fb`
SHA256	`06e2ef63a298977c37cfdfb6cfe875ca52c6a7ef976d2c65e4e3a2f35a2dca10`
CRC32	`672DB962`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d811ba69c369a3f9_~DF152382C87440E171.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF152382C87440E171.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`0698912db7a417ae70fcdb610365dd9d`
SHA1	`2cf0da67e08509481f33b1e9e2e8f423a9d3b77d`
SHA256	`d811ba69c369a3f9d95a670dad8fbd6e1f4ab090fa17dba77381450935d5306b`
CRC32	`21D99470`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	efee6c16d058828a_~DFFCD744112726F817.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFFCD744112726F817.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`3c960fb3fa937e000ceb2c852c7474e8`
SHA1	`2ead012e207505986f492e5c688a2ff60e795ce2`
SHA256	`efee6c16d058828a9d9d986fb56bad51a0967066c062087dbe965481e4b07fd3`
CRC32	`E23F9EE8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b9416cb6875408f5_backup.exe
Filepath	C:\Program Files (x86)\360\360DrvMgr\Log\backup.exe
Size	40.4KB
Processes	3772 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`39d57ee595b4f589f5fc5889948bec60`
SHA1	`6f5d953b4b275ea87b54b56da51b2541bd2c7bd8`
SHA256	`b9416cb6875408f512a558f4d6ba47ae33b320367747bf57abdccd3e1e1781ea`
CRC32	`F6FBA7DA`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	10e36c0987b9ee3e_backup.exe
Filepath	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe
Size	40.4KB
Processes	3976 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`290dab0f61fdff4f343810445684f240`
SHA1	`e0f5dc1d9051dcc447a8f064416a90ef0ccf14af`
SHA256	`10e36c0987b9ee3e8ae459f6b8c706f9ef0c780382195ed318196eb18d1b76b8`
CRC32	`F0637796`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8611de038f4ba184_~DF7030B1B0BE35E144.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF7030B1B0BE35E144.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`8a16cad7a3b6006a59c102cefbdfca78`
SHA1	`9e8399316444ae4ede6625515bb33d74bb37ee62`
SHA256	`8611de038f4ba184f1e528cbd6b30383a72cc73884e56b41839e958b4e42fb5c`
CRC32	`115ACF36`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7916935c9ed9371e_~DFEB7C853AA2A15FA5.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFEB7C853AA2A15FA5.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`8a135b7b659413a76416da3108d76cec`
SHA1	`30e9240796edce10a07a83bea0d47f055024e814`
SHA256	`7916935c9ed9371e8d22c9b4c0bd10b9fca3410e389bcf16c2f070ab1ab7b5a8`
CRC32	`501010C3`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a014aa7862db7e1d_~DF10A60BFCF1A269BF.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF10A60BFCF1A269BF.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`fab919ccd4db92e4ed25121a86911764`
SHA1	`31388747b0acac0b6cd92dab35331f3cc1ab15d5`
SHA256	`a014aa7862db7e1d261fcba7c6a64f8689a42c21b412f1442c24ae202770f19f`
CRC32	`178BD794`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a3a57732e9a324d2_system restore.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\{D0BE5024-B2C9-4283-A654-CF5C0A8AD3AC}\System Restore.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`898d28733ee41c549e848be334f5794e`
SHA1	`7cfdc2642a04cc78cc138509fe25b051ba5ab5cb`
SHA256	`a3a57732e9a324d29f828fdc0aa7e6e1d2a1710564ac01b5ddb2d950a9d41776`
CRC32	`10E20344`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	fe403739eb2c0e9e_backup.exe
Filepath	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList\backup.exe
Size	40.4KB
Processes	9948 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`ccf687f265ea6d381fc6e41a1e771c6b`
SHA1	`836bc7dca0077f77384a496f0b356c9b0cde81d5`
SHA256	`fe403739eb2c0e9e2fdbaad58da107c35feda348d1e05b84524d7192cec1f40c`
CRC32	`642BC484`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d2b89b162f4c484e_~DF10ED97FFD1414F70.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF10ED97FFD1414F70.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`10cfbbfde1f3692e965d2f6f57e6852e`
SHA1	`e8e10ac96ab5bcf296becad400be7b4eefd840bf`
SHA256	`d2b89b162f4c484eb3dd054791137c4ea0b16c313d9b39342f3324f2268f261d`
CRC32	`A4C06D8F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1ae09d7209297d4e_backup.exe
Filepath	C:\Users\tu\Desktop\backup.exe
Size	40.4KB
Processes	10888 (data.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`c648b3ab82c5e6473d8d7c933e05d026`
SHA1	`1c06a31aafd068bb0795f4bb146a291fcf22df91`
SHA256	`1ae09d7209297d4e454335e95d6911308be1403340dddfc465657c7df8810847`
CRC32	`EF568713`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	62f888c2a8a93c38_data.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\Low\data.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`c80fd5a14c09dbbef492bae541633045`
SHA1	`72e7ddad8ded6d998d092a7954f3f11c9f205387`
SHA256	`62f888c2a8a93c38360061c34af205618fa6bed7ceb783a10383722021e8515a`
CRC32	`7D3FE7AF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6794f47dc6477eab_~DF7411D61A55372C58.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF7411D61A55372C58.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`5f6846106a5b65fa9702b201ade450e6`
SHA1	`4c954c1b761d0d32563c692915baa4e50d6b37d8`
SHA256	`6794f47dc6477eabb8edaa9eed2580f00a2b40ebc4ab02fa655e694542158de9`
CRC32	`7ACCABA5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d72d2a2a48a95617_~DF4C898AED5D2C0293.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF4C898AED5D2C0293.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`144f17fd861d87058bcf54c1df94061f`
SHA1	`bbc756bcef5417ec55edcbec615fd4048e9280ed`
SHA256	`d72d2a2a48a956179032726654b55d986020ace783cdfb38efe0d0e6226e07fd`
CRC32	`D7433086`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	bfcaf13b714416a9_system restore.exe
Filepath	C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\System Restore.exe
Size	40.4KB
Processes	1592 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`44492a2f5e31eeb6f658b67e2b4387d7`
SHA1	`22a0540331ed8a2052d008b5aa3e98b71e92c8a4`
SHA256	`bfcaf13b714416a9465d278d9d4cb12610abb2f6717114928d3efafae43d1710`
CRC32	`0477BCFC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	142114f2a0d89e86_backup.exe
Filepath	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\backup.exe
Size	40.4KB
Processes	13120 (System Restore.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`9363db911214d426172eec98ed65f0e5`
SHA1	`82f76413af9c98a8fd9b628def094ba1f68f1735`
SHA256	`142114f2a0d89e86e0286724d2cf979065327f8ec63c06cb426614cd54e25448`
CRC32	`4832176A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	97040e8f00f95cf9_backup.exe
Filepath	C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe
Size	40.4KB
Processes	1592 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`7a585f3335028001b99b64b0611b508b`
SHA1	`d846cca85b553674a4a2abecf6a5643adf9a739b`
SHA256	`97040e8f00f95cf9a5b38665c32ff194c1b3ce4d50030e1926761213d37fc24a`
CRC32	`F0A309AD`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	99902b4509081e89_backup.exe
Filepath	C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe
Size	40.4KB
Processes	4144 (System Restore.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`7849be2767a402559f5aa979c708d0a8`
SHA1	`34104fc77bfeb3d2d16d1359147249812703aba5`
SHA256	`99902b4509081e89981feae62b7947e04b73c2b5afb460f05dbb15e826e04c6d`
CRC32	`81A7225A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9866d245aa46aab1_backup.exe
Filepath	C:\exsrjwtsit\modules\packages\backup.exe
Size	40.4KB
Processes	1448 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`c55dc3d714b9ab71811f93856ce92f99`
SHA1	`319099ebdff6cc526ecb73615f4fb6317c59b10f`
SHA256	`9866d245aa46aab1b3007a985c643c365b5682c19d414e353cb82388877ebd2e`
CRC32	`8E6BA2AB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5aa0d04a7d6e84f1_backup.exe
Filepath	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe
Size	40.4KB
Processes	3812 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`ac083ebd8913b42dba83dde91dc95ec2`
SHA1	`d3041523ef8df8d252762ce93611c796370ec89b`
SHA256	`5aa0d04a7d6e84f15458d5935f5acef0764e1cce968af0cbcd7ae5467be2bbbd`
CRC32	`BE2BFFB5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	06e2ef63a298977c_~DFF3DCA8226FCA5529.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFF3DCA8226FCA5529.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`1f5c4dd35009823b7908adb4d58ac5cb`
SHA1	`5cc4817c0c24eddde6d5349979efbfe41e3320fb`
SHA256	`06e2ef63a298977c37cfdfb6cfe875ca52c6a7ef976d2c65e4e3a2f35a2dca10`
CRC32	`672DB962`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	cc0c390bfafea93c_~DFBA9D0F4B62FCBADF.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFBA9D0F4B62FCBADF.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`1dfc403239f525def2d8890c1fb236b3`
SHA1	`49bbc48fa9f301457bac52dc923f0fb0c60547b8`
SHA256	`cc0c390bfafea93cc6bdca4b91ac4063f468d47e7344e8812d7805ca43bed5e8`
CRC32	`66F94374`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9a9bb4ad4026066c_~DFB40BEB4E1A23D62E.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFB40BEB4E1A23D62E.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`2f2fbbcd64ea3d37325e18ead5ac0cde`
SHA1	`7d539c972404946e1b67ed0f0851902d0025456d`
SHA256	`9a9bb4ad4026066cf79e93ac3e66e7825a44e4355269f264a87dd1a6661818c7`
CRC32	`28F7770F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9bf6e3da26f31eb0_~DFE7633D51994C9E77.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFE7633D51994C9E77.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`3421fd8bdbbbf155716f262d206f5b27`
SHA1	`806a1f90ec6b0e2abf25ec4246b4bb82637e6d88`
SHA256	`9bf6e3da26f31eb003ac0aa27870c0d70689e073e53208966ce5c6940a6419bb`
CRC32	`C0B49B3B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c46d9a2603bc5459_~DF7CCC759514B6E499.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF7CCC759514B6E499.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`75900f0b6069a8b85dd1e5f7f3528e31`
SHA1	`8fab7c169ee0425d7a7666fc7743bf5a56bc76c8`
SHA256	`c46d9a2603bc5459d5dd56c340116e1427fd3cfacd6af51373b92ba1b04953c1`
CRC32	`75B78E09`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2a3544a58091db42_backup.exe
Filepath	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\backup.exe
Size	40.4KB
Processes	4752 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`2f11d07f6fdd6c1a837efafbb6a5c020`
SHA1	`6848408824958e635d5ea91a37c9b52f7800287d`
SHA256	`2a3544a58091db4237d8923a12716a54819d8063962b27f26aea12946d7cdab8`
CRC32	`708BD4B3`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8c812c415409116c_backup.exe
Filepath	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe
Size	40.4KB
Processes	3812 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`c44356bbc6b204ee19fcc20440683f4a`
SHA1	`7191be88a2a3256cbab47ff4749d11adaa970ff2`
SHA256	`8c812c415409116c456f3f2f1ef606405c46d658e4966d8455357c5e2cccf48f`
CRC32	`434906CF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8f70445acadc8193_~DFC5F5BFD3E4D09775.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFC5F5BFD3E4D09775.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`15d266ee86e9ccdd08f3f147d1745fd1`
SHA1	`c1b3f4707419820c4b3e81432fb99d947f41f5bd`
SHA256	`8f70445acadc81935b2c19151684f01b22750b4725ee8602a9662fe0b78b5dcc`
CRC32	`DEE5162C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	90a5c6667ff95d2a_~DFE5099E6E25CE7411.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFE5099E6E25CE7411.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`08dea6829c2f93492bae7e19089aa3be`
SHA1	`ac458d7bd7106d61bcb178b2b667f139bd9faf09`
SHA256	`90a5c6667ff95d2a813c2b179fc29b406709f5b5697f88669fbbf439b29e8cec`
CRC32	`FD3EC609`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	88d1174445cf440b_~DFACE378212AFED280.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFACE378212AFED280.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`3e17a1595cbf0de37475631d0026ebc7`
SHA1	`7a1818d49246b1413fed50c6b23fb7bb26278c85`
SHA256	`88d1174445cf440b9eb42c1788d92b60b27dd73b5191b1d6c35a574cc1e88ffe`
CRC32	`7BF3042E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ef6134bacf150328_backup.exe
Filepath	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\zh-CN\js\backup.exe
Size	40.4KB
Processes	12700 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`4d2e6cf9aaaf0b2abfa8abfc57a04205`
SHA1	`fae1bec3b25e13fc3ccc36cb60c3c23f6ad25d19`
SHA256	`ef6134bacf1503280575517ae79232642c70b17abf902f86adcae0325c588828`
CRC32	`60E16967`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	446c9b961e4838b2_~DF148D27BE86356526.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF148D27BE86356526.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`98959b7b1e18b8fb42bd94b7d637f9fd`
SHA1	`46db486e87a85972f8dfdbd5c624b147e5ac90da`
SHA256	`446c9b961e4838b26de023c8b20a374f6b30525fc90e5de0c1d2d905324a01c0`
CRC32	`B0C6B088`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e15cc38df24f819e_backup.exe
Filepath	C:\Python27\tcl\tcl8.5\tzdata\Antarctica\backup.exe
Size	40.4KB
Processes	8916 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`084bce49234d57a779fcab14b1aa009a`
SHA1	`cd3a5815e6cce785448b83639bfb1e51270d4489`
SHA256	`e15cc38df24f819e7e0c4da719309b17728821c7a97465f48dcdd4ebde8a68b3`
CRC32	`9497CEBE`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1c75f6286531b909_~DF0AC0A5D65499BA13.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF0AC0A5D65499BA13.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`af3b693366aa33ad9f0f1a12068f87ef`
SHA1	`45389927f5328e7f73bddf0bbc9551063c77d981`
SHA256	`1c75f6286531b90987893300ee899c62be669644cc1abf7ed97b0693cd9d268b`
CRC32	`2EBBB216`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ee7ffb145ab4b901_~DF2BE29AE7E82BA041.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF2BE29AE7E82BA041.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`529a1a439ff7ca23d9379ed170f35bee`
SHA1	`1fdbe01d8ca79973d6edf355ef21f118355f65fc`
SHA256	`ee7ffb145ab4b901b82067c908371852031c484247ce2e4eea8fd93f273c5c27`
CRC32	`AA6E68B3`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8f96bb61a24d2447_~DFE53ECF9AAB36648D.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFE53ECF9AAB36648D.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`08daa956d6254d86033ad2c943cc39cb`
SHA1	`f2db3588645277117022757ba843d92f2f986391`
SHA256	`8f96bb61a24d24471187abc6eeba021bde2040f16f37aa030203e8c88c023ce7`
CRC32	`8216C834`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d4839a79908a9cf3_~DF10BD9D343B5B517F.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF10BD9D343B5B517F.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`abb0de0aaff02bd189f172b3e917b93c`
SHA1	`460ce811e46d6a2228273f9db8c3dd268922effe`
SHA256	`d4839a79908a9cf3130501026b4ef9e25d36ea20dbc1593e8fc8c5617716cb51`
CRC32	`8F9A79E5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2f8ec27878657e25_~DF082CB3F114F1CCE0.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF082CB3F114F1CCE0.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`1fa05af5db4780a8cfdd1dddc8d1e1d8`
SHA1	`a6be8d7502c8d41c75f2d80156020b9298923e65`
SHA256	`2f8ec27878657e25b316bc67059987714f9da5b38d03adc0710049f34ef7c90b`
CRC32	`933C7640`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b56a39683ffd0de5_~DF56EFDC0E15B2B31C.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF56EFDC0E15B2B31C.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`8b0f61007e64949cfafbba814cbe9bd8`
SHA1	`b3557d6e089b515a5b464931b30dbcc65f9a04a5`
SHA256	`b56a39683ffd0de58c0ece167915d76e451421a237458573715443bb69ff07f0`
CRC32	`EB3EB2D2`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	60cbe6758830ee5f_~DF94ECA8D97F378149.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF94ECA8D97F378149.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`3ad7a4ba62926a36dff1f87c5b42c1ff`
SHA1	`bca94909e985af4e24eefe4616492e6d2ff4242e`
SHA256	`60cbe6758830ee5fa4703e55bfb14d06aed7c20c6f39080839bbcdb4bc4a140c`
CRC32	`877E5BC3`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	723e0f9678877696_~DF92244AEAFB0C56E6.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF92244AEAFB0C56E6.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`0067c6eb6759326aa15e720b667ab5a4`
SHA1	`bbcb81788f31e7a08e504dc556b12ab719999efa`
SHA256	`723e0f9678877696fab3ac4585e18c19a70e8abc2be04b32243c4a22a7d43875`
CRC32	`99260EBA`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1dbdb9b05865ed78_backup.exe
Filepath	C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe
Size	40.4KB
Processes	3788 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`0248a566c52884a600c5ca26eabb3736`
SHA1	`e6913f3ad49f2543d03b30b9d867dc84a2c47e24`
SHA256	`1dbdb9b05865ed780512da0ef8d5ef3806b4d45b17c00b938bffa63dd4efca73`
CRC32	`E5C3881A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d84713dc5d72695e_backup.exe
Filepath	C:\Python27\Lib\idlelib\Icons\backup.exe
Size	40.4KB
Processes	6472 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`503d0f0dec5dd8d272d6fc89a509ade1`
SHA1	`fbd458d2f807be979e74d7ebad71e384c0348ee2`
SHA256	`d84713dc5d72695e33e16e395737b4a6a70f02f1d1687fc2202c106b107f3b12`
CRC32	`C57F9EAB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b0efa7be74d317c7_~DF3E5474956C0A8E63.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF3E5474956C0A8E63.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`25df9c15c330a808ebeb39bb13025ee6`
SHA1	`e2695aa8cefe0b63016019355293a05999867a54`
SHA256	`b0efa7be74d317c783444ac4dd0f375c554d48eb976c19750ac6542fe25a990a`
CRC32	`A5E4D517`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c102cdbc789a5174_backup.exe
Filepath	C:\Python27\Lib\json\tests\backup.exe
Size	40.4KB
Processes	7672 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`641e2b763a84c491354e9716c315e609`
SHA1	`252f055e0080f85dfdc35f1dc98f37fe6e2d69b6`
SHA256	`c102cdbc789a51744d5bf6cfb5482ffb3737e37f77a963785b29b8f593082c6d`
CRC32	`293741DE`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a33453e0a91b0883_backup.exe
Filepath	C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\backup.exe
Size	40.4KB
Processes	11588 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`f2850e289851b9cb6556984ea5e0bf9b`
SHA1	`c2443040a71073fa756d5b7a8ed58585b76dc38c`
SHA256	`a33453e0a91b08836bcba6e066fb938a449d59a8bd700d5f4ef0cf56e83a39d6`
CRC32	`AA33470E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	940602da332d9fdd_~DF03977CEEEA939B23.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF03977CEEEA939B23.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`16b7336ff1637418769de78cc27afc1a`
SHA1	`ffeaf0eb832a7f6a661bfa4689668adcc5443024`
SHA256	`940602da332d9fddc655a5d35d41b9c53e58db135e54d6de8715dcb57b3b7194`
CRC32	`5C4BB5A7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	86ff4dc6c74dd61d_backup.exe
Filepath	C:\Python27\tcl\tcl8.5\tzdata\SystemV\backup.exe
Size	40.4KB
Processes	8916 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`fe5c42d710a0ba21fead19e0b99f45b0`
SHA1	`7bf633ee0b32396b6c7cb649f0b3aa99b40d1c5d`
SHA256	`86ff4dc6c74dd61de01ed07e8704e01c354f4a83354a8bcccbb3336da48168f3`
CRC32	`1EF20752`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c37c454fc4ece2a5_~DF5A2F3CC9330D4508.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF5A2F3CC9330D4508.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`28831856b4748d09d501720bdf68b011`
SHA1	`cd165861d4c465ad35613816521ae70bbf9e6d80`
SHA256	`c37c454fc4ece2a5aeea441c419ecfd180adaefc13d35ddba4e4af45da714aee`
CRC32	`3D1E2D27`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d66bf8b0281793c9_backup.exe
Filepath	C:\Python27\Lib\sqlite3\test\backup.exe
Size	40.4KB
Processes	11984 (data.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`b665aaeefeeab5a59f89c0c4142df0f7`
SHA1	`40f5ccb521d6b31060aca2f65ef881964b6118c7`
SHA256	`d66bf8b0281793c9885d5e3327bb312e76ad6dff59a7406312999e577a48f05b`
CRC32	`28A6F2CA`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	cce941ea9a2f4209_backup.exe
Filepath	C:\Users\Administrator\Desktop\backup.exe
Size	40.4KB
Processes	7340 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`41ff65d9e99e8cb78adcab2e9ba637ee`
SHA1	`2e34742e94456397440470cecee39562c9484c37`
SHA256	`cce941ea9a2f42095947051876b8fc26352fb25c6dfa824ce851e55bc0d19a9e`
CRC32	`0666FB05`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8cbd20c471a31561_backup.exe
Filepath	C:\Python27\Lib\lib2to3\tests\data\fixers\myfixes\backup.exe
Size	40.4KB
Processes	7876 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`e042947d4ea6c5a843799f57c51bd6c4`
SHA1	`7fe76f69fd9099209a6d515c2233855dda54c664`
SHA256	`8cbd20c471a3156182ebd6554bb0e92663bf44e6af9a8730c7892a359f4ed1d9`
CRC32	`F63AC02C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0eb3a2049ecd9124_backup.exe
Filepath	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\backup.exe
Size	40.4KB
Processes	9768 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`ed6ac7abfaf306a571fc065f8719196e`
SHA1	`08f91a9e3d44584f6a88d9cdce5641fe42f8e264`
SHA256	`0eb3a2049ecd9124b878b3d786a14f525d675d1816a5d770691411681b127c30`
CRC32	`D6AC1385`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0fe8196737cc88a3_~DF263428FC23B72958.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF263428FC23B72958.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`6a8e26864b7ebae234139d46822f435a`
SHA1	`f39b9b02e26a9af5e28de9392e132d75007a444a`
SHA256	`0fe8196737cc88a31769a9aa0b1ec3b25327d6d59f514e98996946f2a1acc407`
CRC32	`DBE16A85`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f984f0611a01bda9_~DFE764F2CDC27EC2AA.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFE764F2CDC27EC2AA.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`6320e053ff17c11e854b7ad045801e26`
SHA1	`397b7a2b11010bfebc0c5b52cbb3aff103d99317`
SHA256	`f984f0611a01bda95254cc8562f9c709c93a337451258e288044ea1a7c33351b`
CRC32	`F083C9ED`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0c7b70d8b72fdc47_backup.exe
Filepath	C:\Program Files (x86)\Common Files\microsoft shared\TextConv\en-US\backup.exe
Size	40.4KB
Processes	6408 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`4d0e15f59eb025c3c4335f1294cac40c`
SHA1	`74694ef3752a2cb18417602b3ed7a824767c3454`
SHA256	`0c7b70d8b72fdc4798bfb4dfcdaa64da911b5154a8b729b1a0d77eda4d45b42e`
CRC32	`A862E8AF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	596112e039211d4f_~DF87728F96A5CB0025.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF87728F96A5CB0025.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`2a4b872094c22f11b911980fd1c994dc`
SHA1	`d0291fde15e0e8ab1e726385dcbb44cf5c10012b`
SHA256	`596112e039211d4f5321c628358d0d35b1ddf8827bce28c759f3dd15a704c7f3`
CRC32	`0B505CE7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ecdbd4f6eb95f4a5_backup.exe
Filepath	C:\Python27\Lib\site-packages\setuptools\backup.exe
Size	40.4KB
Processes	8828 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`e1d61384a0f45d45bee9c8074758b40c`
SHA1	`d00c5ff3341adfa3121d0a3fe37ed118983a7d6f`
SHA256	`ecdbd4f6eb95f4a5abd43e0e073da3c0c44981eae0ec2d9dbb29bfec52b3afd0`
CRC32	`D0747159`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	88df6b1c0cdebe0f_backup.exe
Filepath	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\backup.exe
Size	40.4KB
Processes	10196 (backup.exe) 8936 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`e553caba67774e52be6953ade61f0dbd`
SHA1	`90de48ae0704dc975fd8915da024b643e0b50698`
SHA256	`88df6b1c0cdebe0fc0fdbd9d57d4315427efbc38362055c4b0cb6b675fb91a25`
CRC32	`ECA6114A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c1e2d0c994a4f04e_backup.exe
Filepath	C:\Python27\tcl\tix8.4.3\pref\backup.exe
Size	40.4KB
Processes	10828 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`656501c28aac315e09b2267ad2b1ea1c`
SHA1	`ae86de43b280809243f04bbeb10c71dc88233511`
SHA256	`c1e2d0c994a4f04e880df133dd4cff04fe20bd82bb576bfc6e6f2f0b5c066d02`
CRC32	`BB66BE53`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	264a3b4a77964ea8_~DF3F55789370B99777.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF3F55789370B99777.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`493fdc2455da5885c2b07c0ff41b6568`
SHA1	`86d395069a2b2bfa82e3d74c100cd13da763f8ee`
SHA256	`264a3b4a77964ea8d0202c0c12e3ab340ba0152c8f737c72ee96971262743689`
CRC32	`BDAA7352`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8d99551e662386e4_backup.exe
Filepath	C:\Windows\assembly\GAC\Microsoft.DirectX.DirectDraw\backup.exe
Size	40.4KB
Processes	10788 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`ea7e171e25eb228cf1262efe2a679626`
SHA1	`395c3f9f136145b7cff69b538d940b1bd73f0410`
SHA256	`8d99551e662386e490f93d483c7cb5676a6627f47e20630aabc5884344e212d0`
CRC32	`830FBAA0`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c751298a4c3f488c_~DFB8AC76239A0BCA78.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFB8AC76239A0BCA78.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`1bb4d8714b02f76a1b004efbccea55d1`
SHA1	`141a1c504e500ef1a229c372681444bddf395c25`
SHA256	`c751298a4c3f488c9e993a19e6bc2d5b01f4c5b8327da1e35100f74dd3946c08`
CRC32	`7DC1374F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5d347c6a559dbbea_~DFAE20CB60D8672B6F.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFAE20CB60D8672B6F.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`38170707c34a41ba9476ede80ce16289`
SHA1	`37edf9f10b7d9103fa599681f24423d7b1e79f8f`
SHA256	`5d347c6a559dbbea42e34414bfa1cf5ec5b39bcca7905107e4665cfd39d6c06c`
CRC32	`28EED607`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	840a8af65c0d5f07_data.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\360TptMon\data.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe) 1592 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`7916388f69db49419c4b80d25f50a0b0`
SHA1	`e2896a2818b06eade64eba639445816118feb806`
SHA256	`840a8af65c0d5f07d028ad3fd3607b35b0062d4a4a8d12c1ff1898b0372a469e`
CRC32	`EAED3E27`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	80f3127825428791_backup.exe
Filepath	C:\Python27\Lib\email\test\data\backup.exe
Size	40.4KB
Processes	7068 (data.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`65f90de46fc2fdfc7dc24c1a15a91f7f`
SHA1	`8d4c01a17fc06f862a029e9777e7a46677f042db`
SHA256	`80f312782542879108a51a741de1663f96e85f3e8853e612568b371cdfcb893e`
CRC32	`64FE2C65`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	034b1c8f183f084f_~DF0CE03212D43CF0AF.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF0CE03212D43CF0AF.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`4811554e0b1f5ef2ab0e4767c0d0ed28`
SHA1	`9cdb9b1cc9a0c2285df37808fd324b67dba8b61f`
SHA256	`034b1c8f183f084fabdc38961a9251a00d9d035097a45b4b8e92ef670181429c`
CRC32	`25575848`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b1a781fa29fe610c_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\eZoZdSfFnYjTmGhB\backup.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`2b7a6ef41a8c6a4e1decff795e9f0015`
SHA1	`34362b95b378aac9958837008c39535cabc3defb`
SHA256	`b1a781fa29fe610cc03553c155943a102d3f55423c554b48a0199c48fee3183e`
CRC32	`ED80FA3E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5b4fa4cbf0e9aa70_backup.exe
Filepath	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\backup.exe
Size	40.4KB
Processes	6268 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`a55112f1033bbb65c5c2a052c15f812c`
SHA1	`9799ab0b27d831a63b56bbf4fb5aebe2ca11bd75`
SHA256	`5b4fa4cbf0e9aa70abb9e78156aa0e08c4ea46a13861c94e539569e6c4e3acf5`
CRC32	`C0351C5B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	04375c7804609804_~DF67D1F4E4E7DB4ACB.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF67D1F4E4E7DB4ACB.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`785de6c25269c3e07f73a75da8bd0538`
SHA1	`5b6e717b3718b5d8e16294dade49c3df2b178e5d`
SHA256	`04375c7804609804144ce73bc9359531b056567174f9a4090ac082fc86154a32`
CRC32	`5D11AB46`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	370be61b559c1988_~DF6EFEF334EDAEBC09.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF6EFEF334EDAEBC09.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`346ee3545b229170ae8e038c9873e897`
SHA1	`a4fe39367e003c8c9023c6e5b10857c26bbf9eae`
SHA256	`370be61b559c1988cbe2e1920695026d8ea5bce3d17871f50b3b695b0cfeb89f`
CRC32	`4DB2CEEF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6d1a305939244acc_~DF0259C5FC563173A2.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF0259C5FC563173A2.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`e367dc68130e8534aa10adc377eda579`
SHA1	`13fb0e4195038fc5d11fe1c34036677e545f9fee`
SHA256	`6d1a305939244acc882c49c2f54aec6d1150b29b96e318af203f7ec3d61caae2`
CRC32	`67DE07D0`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9961594c1f9cc00a_~DF56750B8856A57B40.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF56750B8856A57B40.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`32e65b24f1d27b9e856e18bd8255cbdb`
SHA1	`b67c0e9bea10eed30a6b20d83c0bc0cc8d3ca1a7`
SHA256	`9961594c1f9cc00a2e976ecc7d80690b612d13ad9733a5053ea4b52c88444929`
CRC32	`9157CAD1`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	817eb845420469a8_backup.exe
Filepath	C:\Python27\Lib\site-packages\pip\_vendor\html5lib\backup.exe
Size	40.4KB
Processes	9600 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`809ba4216c822e548d22978d264d0384`
SHA1	`d50f1f11ef5a246b1420774f10c1b44e859a45a7`
SHA256	`817eb845420469a8edcf6b8003e97b537dda1da6a676273de18c584691e07e56`
CRC32	`5207BF83`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b53c0bb244f4d801_backup.exe
Filepath	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\backup.exe
Size	40.4KB
Processes	3812 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`7d50578ec7c83b3022a540a32279b229`
SHA1	`6c7b3b1a8bd7bc9ea173ce63d8e7e65eb8ede874`
SHA256	`b53c0bb244f4d801774bcfbe5a24347888eb71d38051ae5bf2e389cd72cf76e9`
CRC32	`DA405775`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0a8cd042492daa77_~DFD129128FA7D99F8A.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFD129128FA7D99F8A.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`e70a7094e3b7c6aac102695070953126`
SHA1	`418cb317dc266dd2917da323645bece783c33ba6`
SHA256	`0a8cd042492daa77203f2a782cedd9eca054a05efb49547deb50a6bb8583def6`
CRC32	`213AFAA1`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	69d035deb6886490_~DFB0AE157D2801AC78.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFB0AE157D2801AC78.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`26a59f7c5706e6a5100fa1a652d9ef11`
SHA1	`25df4b5c6cf5b5e33269c53b262f6c090f8905de`
SHA256	`69d035deb68864905ea000fd592809d0410ff3a100dde13c8920fec8d87f62a4`
CRC32	`8BDD2D5B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3d8f2740007fbe39_~DF31E896C6FC3D20FE.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF31E896C6FC3D20FE.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`ab2f2e1298dbbd1ccc9cb7cad841979d`
SHA1	`99dff0c0e2431b67a5ba7f022c8b8e938da38177`
SHA256	`3d8f2740007fbe393a221b9b20e75e6efff2467cd7426afb6303f8171b3ef3b6`
CRC32	`91B2B3AB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	58974d6596716310_~DF4F7682595519EF59.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF4F7682595519EF59.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`e390c5f71bb69dc48c38c4ccffb600d0`
SHA1	`ecdb8ac15cf4621080d1c6a803ca7648e6c9acd6`
SHA256	`58974d6596716310e20d9e9e8489860e2572447433f90fb76dca9130c2d65f32`
CRC32	`859B65FE`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	64dfb2acadeb3315_backup.exe
Filepath	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\backup.exe
Size	40.4KB
Processes	13120 (System Restore.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`39affa53ba65954a9164d8a175b0cad8`
SHA1	`e3c6241cbcc6825da548d13299f1babf552a63a8`
SHA256	`64dfb2acadeb33158004ff5619a6af9c2e065051ccc2087c0979ba1689034d8e`
CRC32	`3F3527FC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c28667d04879f59d_update.exe
Filepath	C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\update.exe
Size	40.4KB
Processes	1592 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`72e25a08d041fc67ee28bf4b019910be`
SHA1	`96d7b770b28e744740c2febde178f28f69e3884c`
SHA256	`c28667d04879f59d6c43b4a8ca785185ff39218400961b0b8ce7407ca665ad32`
CRC32	`171B24AA`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e79a77ebaca1d425_backup.exe
Filepath	C:\Program Files\Common Files\System\Ole DB\backup.exe
Size	40.4KB
Processes	4536 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`2ab8290bc3b6d70e2356027872896d25`
SHA1	`87e35e34e9ca262280dd350e36b0cfdcdfd0040d`
SHA256	`e79a77ebaca1d4254ee575bc23249cddf11f89574b849a4653494138cb8bda8b`
CRC32	`575E7F44`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	14c9e6af991203f8_backup.exe
Filepath	C:\Users\Public\Recorded TV\Sample Media\backup.exe
Size	40.4KB
Processes	10540 (update.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`013904e103470e35139d9d31332c5caf`
SHA1	`d8c282b140351f2bb3b0652fa56ee642bbd863b3`
SHA256	`14c9e6af991203f8b7b0ecf976ebe00752cb7f46c2e41270b27152a41655a090`
CRC32	`9FCE24A7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	dd73aef12962278d_~DF188BA5F49978F147.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF188BA5F49978F147.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`4efb7cf91a152d6ab62b8802b9f4228e`
SHA1	`48cd5fe04272a636137047d0d9c6ffaadb5738a5`
SHA256	`dd73aef12962278dd2c8d66269c55e38b455e3f7a4f4535f884c66aa6440dbc5`
CRC32	`E138E6D8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	fd6733b2f38e3fca_~DF04C9FB54607A2AEE.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF04C9FB54607A2AEE.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`1abe8e122436db1e3173f52df3e0a7d3`
SHA1	`2bfe2b21593a348c133c583eb40cebf72a1f2c90`
SHA256	`fd6733b2f38e3fcaab01cfabf07e202f6d307926a5284aff959f60057bcb128f`
CRC32	`73F0E6A3`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5311e742df6a77a6_~DFC799B1319A40E9BA.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFC799B1319A40E9BA.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`b0cce8ee7ec1d6f3c00ca52245db5610`
SHA1	`972e9dd0bf9a4d952cffd48d2f7c66ffd5cf83e2`
SHA256	`5311e742df6a77a6776af99f01ccb4b421a91a6159fb92716a3943e314c1c6ac`
CRC32	`E9C97649`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	07c0ee696408cd98_~DFB2BA09AC62357B40.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFB2BA09AC62357B40.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`2b36828bed473b90e871c261426c5fd6`
SHA1	`698a1723df9351b286290139431604feb20d9904`
SHA256	`07c0ee696408cd983c600d6650ff3274d0abbb1eedd7689a03e71bfc89727e2d`
CRC32	`912AA98A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	801d5d227871bfc6_~DFC86C3B15AC75D544.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFC86C3B15AC75D544.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`7ff7261415a428dcd80170c66dfa6d65`
SHA1	`a8e666e95fdef4fc24fc32ca01f2c966501c5e40`
SHA256	`801d5d227871bfc68f0c7e5635db11c3edc390fa54b1ef8c132bdc6bb00faf99`
CRC32	`5DEE210F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	935a11f0ec288f83_~DF13044DE26DA4D8A2.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF13044DE26DA4D8A2.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`da5b6f3db1a89bdc6f5bc6734190626d`
SHA1	`f49fa5a8e442d727ae5ba4fca9a0aa3e9a70d937`
SHA256	`935a11f0ec288f8346bb97d45c7216c2d293a59fd8148382659676070ae7275d`
CRC32	`AFB20721`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7f69b5d7ed3648e1_~DFB69546C5485CB6BA.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFB69546C5485CB6BA.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`4456261fda23d08b00029f4fa0e27a1f`
SHA1	`e48aeac01d6d42ccb32bd5a15b11ebacd2eb41c3`
SHA256	`7f69b5d7ed3648e1915c62139c6f55866296f2a6e61570c787b3b9b249aacd07`
CRC32	`3CAB5867`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	de774c57428242b7_backup.exe
Filepath	C:\Python27\Lib\hotshot\backup.exe
Size	40.4KB
Processes	5212 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`f1c9b644979d44ca7540ef05115b888b`
SHA1	`c7e0e2da0f97802af8e212b0a5e841e21eccfbf8`
SHA256	`de774c57428242b70fc79b9fb3ad74ffa57fc35333713c6ba9b1524721400a93`
CRC32	`0DCA5541`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	88ddd1b60badd9f6_~DFFF24D53B017F07EC.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFFF24D53B017F07EC.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`f9f6c4b3586d61483e57d9bc6c17125e`
SHA1	`d69829515c214c6c718ae47d613a8e615657251b`
SHA256	`88ddd1b60badd9f6e028d10c84eec912a346457baf43e96c77b5c5765f454c06`
CRC32	`6EDD99FC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5437d39c60196bc0_~DFBA3FA9655FD680DD.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFBA3FA9655FD680DD.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`2786f9f7b9cdf1a97501320f48876ccd`
SHA1	`c8ef68137c5aa0b3104a1ce8a8da592d60e6c941`
SHA256	`5437d39c60196bc0178982e40b1558fea9893287bce418e63383a9e5bdacee1f`
CRC32	`E6962469`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	749f45e4af03c920_~DFE54F3AE65B6E1E75.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFE54F3AE65B6E1E75.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`169f1aaaefbca5e9841a781403746eba`
SHA1	`aa18a8e9f00c0034bb03184ab2d801894c102bfe`
SHA256	`749f45e4af03c9201a1c97671d16b43782e9e27a328aee31f625c231e758c1d5`
CRC32	`5D1BAFB5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d9bb8542b6443aa5_backup.exe
Filepath	C:\Python27\tcl\tcl8.5\tzdata\America\North_Dakota\backup.exe
Size	40.4KB
Processes	8868 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`e6f056125374ad45dfc17472a3544732`
SHA1	`d377fa444b64b2263c390ac440c68868587479ba`
SHA256	`d9bb8542b6443aa5ba2c969b5d69d068017f23886072fc8073efc724da2171b5`
CRC32	`D315E70F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	58cc9133b1603689_~DF47123A269D50C222.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF47123A269D50C222.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`5bab553cb079775dc9dcde582a0478ac`
SHA1	`e5b44ba6273ec228ba95d34466e2bac8bb996e5c`
SHA256	`58cc9133b16036899baae0ff5c6dd4782cfd964f1910270977b00f99b9db784b`
CRC32	`7FB4D2AE`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	29298c519e37728e_backup.exe
Filepath	C:\gcoxh\modules\packages\backup.exe
Size	40.4KB
Processes	736 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`92ff798b0863c1bca4f8b84b0c9cd74b`
SHA1	`fd2b69f44dcac6db2610553b889f3608d4c3d5ba`
SHA256	`29298c519e37728ede3534773492d7b3872076e44ca377611bfea055c4703abc`
CRC32	`0D4A320F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	20737cbcf1dd9387_~DF086A881CE296BAD5.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF086A881CE296BAD5.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`39044f57741d9d18753132e4667c76f0`
SHA1	`b3b409a28417f89564df86918fdc2a98be9898cf`
SHA256	`20737cbcf1dd93879e2c3cda94b9f6d9e52a0c7ff651ae0f89bcab82d3568b69`
CRC32	`DDD3E62E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	dd39a05365b68db0_~DF020BBB6D1E66EF42.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF020BBB6D1E66EF42.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`8f8852ba152f97386fd0f639fda089a2`
SHA1	`9ef00225859e75f5cab223c62d4ce21f701da9f2`
SHA256	`dd39a05365b68db0cbe7209ea9b2e62f8e5d97818f1d54da0bc75a376f0737f7`
CRC32	`D83EFFD5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ccd58e2ee47cde01_~DF57121E847BEA14DF.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF57121E847BEA14DF.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`4486a436de65d31b066cfba257e40815`
SHA1	`844600eece5f827f692f967e38dda46a78e67bba`
SHA256	`ccd58e2ee47cde01556ee35f56a13454eb87b96595465c7b81cc40dd7cae0baa`
CRC32	`E731C575`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	723e0f9678877696_~DF70B4742FBFDD7CEF.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF70B4742FBFDD7CEF.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`0067c6eb6759326aa15e720b667ab5a4`
SHA1	`bbcb81788f31e7a08e504dc556b12ab719999efa`
SHA256	`723e0f9678877696fab3ac4585e18c19a70e8abc2be04b32243c4a22a7d43875`
CRC32	`99260EBA`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	cf3871006d1ca466_~DF3A775B9CF25C6F38.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF3A775B9CF25C6F38.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`5d5d2e7a3577449de56db6488438038e`
SHA1	`3720b677a1528a7c9681e24cf24251976c7309c6`
SHA256	`cf3871006d1ca466c024a9ec02f047dda616a39e9e3c7881663e86c4cc487a6a`
CRC32	`3EA0569F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	87ab77dc0f2cacdf_~DF98F739CA4A4F3DFA.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF98F739CA4A4F3DFA.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`3d60146eff90bf95e9d7edd24255d120`
SHA1	`db68c4d5bb06a9bec54adce5ea6fe3cd605d4478`
SHA256	`87ab77dc0f2cacdfaa250444ae01c277c0cb905a2ddeb1660e9a85e75e71112b`
CRC32	`AD7CAD31`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f36e1b0014b3b436_~DFFC8B3D02DCAB637A.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFFC8B3D02DCAB637A.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`19e39a5dae1b96b21d7fd7477f1eedc6`
SHA1	`922951ac2e540c8769037a6418cd04215dfe8639`
SHA256	`f36e1b0014b3b436ed8e0c85fd4e3bd96b70bdee38fc877fd9296244963cfd2d`
CRC32	`11C2AA49`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9262e472e1fdcdb3_~DFAEB549E4628BAD00.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFAEB549E4628BAD00.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`e217f5a5b203149b5b79d3a1a0fd61bc`
SHA1	`400ed4a171446f7f202b6dbddb468b257c225a5d`
SHA256	`9262e472e1fdcdb3e01560bfc002248d622609c1cc6248ad6be020d356993f9b`
CRC32	`F76C2D8F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5bb6cf4e6150d509_~DF6FE100D57A33FAB5.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF6FE100D57A33FAB5.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`fdf21e7d85f6690705d8b6df1e8dfa0b`
SHA1	`db6fe9587a2a96e90ac255b5ebad6f936e42468a`
SHA256	`5bb6cf4e6150d509c3c68eb1eabfd1ad0b86d47042addb2ad67b77ef65b1e2ef`
CRC32	`72A2824C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ac1177230c2090a2_backup.exe
Filepath	C:\Python27\Lib\lib-tk\backup.exe
Size	40.4KB
Processes	5212 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`3562ccaede26b4206aa8186a28ca676a`
SHA1	`bd1068c810a7677a0d10bc21d2e1525d53520156`
SHA256	`ac1177230c2090a2ef9e0e2a70b1e7a4b33ff504a61c37cb0b5ede49eaff5f97`
CRC32	`7DA0A1CE`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1410c3b28f69715e_~DFDF1A6CC70DF43DC0.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFDF1A6CC70DF43DC0.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`3de308b0d49a3926758de692ecdd3a91`
SHA1	`c3d5ca12500674316f620d2266c3408359e88e4e`
SHA256	`1410c3b28f69715edf58278660cf60442724e989a0468c0fa68d128d69c71ecd`
CRC32	`8956898C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0796c3d7ecbcae01_backup.exe
Filepath	C:\Program Files (x86)\360\360TptMon\config\backup.exe
Size	40.4KB
Processes	4972 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`3bfedf099a3df097018af4c9b5577510`
SHA1	`cd0a06e9ecdc7431dbb54dfddc5cc6ad29c89372`
SHA256	`0796c3d7ecbcae018e187c6e3ce48197c7d1aaf67b7ce6cdfed2b034dd1e5d8d`
CRC32	`F34BDD33`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	cb2b8ce3d6da3ae9_~DFCB659CD6D63AEDF7.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFCB659CD6D63AEDF7.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`438dd1424f2305497b96bb3b0c4e1ff5`
SHA1	`9cfb67abd9cf44366791547d85e6550ffe555032`
SHA256	`cb2b8ce3d6da3ae9bb74d97e2617f44c177b651e617dba3d5e719ad9d9aa4d8f`
CRC32	`9B288A6B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0323e71a2a3a8cbe_backup.exe
Filepath	C:\Program Files (x86)\Mozilla Firefox\uninstall\backup.exe
Size	40.4KB
Processes	8040 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`9bd5e9864a6961522f0b3d38af30b39d`
SHA1	`6aca942dde5c52e4b9b065568a746456a36a8c22`
SHA256	`0323e71a2a3a8cbe7850b47813c83f68ea1432e92cb157b343e4e6d3073a70df`
CRC32	`56F1F14F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8dfa56696bc8ac1e_~DFE92B1819A165054A.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFE92B1819A165054A.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`a645c8f1cd0516495047b1747fa538a4`
SHA1	`d955d5024878c52ccb9b617390bc390749a149a7`
SHA256	`8dfa56696bc8ac1eed7ed31d0261be0ac2eb00527117a347fe5a6fc8c6f6585d`
CRC32	`9C78C28B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8dc2f29588380599_~DFDF14710C58FAAF0D.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFDF14710C58FAAF0D.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`faa5293df580215d6cef7fba811330a7`
SHA1	`ad21d29c62a7d44138b5ad03e6f6935c07bac57f`
SHA256	`8dc2f29588380599d6422b08c0a8296029d798b23695fda1a122821363097615`
CRC32	`36E11D81`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	12cb8656132b93a7_~DFE4BD9CFDCE2186E3.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFE4BD9CFDCE2186E3.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`5d0a9a52be1b1e3fee9bcd6f246e6b24`
SHA1	`90e5ea8c9c7b746078b0a0a8bbd0348e35598466`
SHA256	`12cb8656132b93a740a33dffd0397a43cf98eda659d53e9a5da5039aea6d4d22`
CRC32	`4993E134`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9e08449fdcdc64f6_~DF8AEF3E281643C427.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF8AEF3E281643C427.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`43d2b3313079d822f8861ba0cb1fc185`
SHA1	`507f491c83339afefc13a115f7a464c1a495d4dc`
SHA256	`9e08449fdcdc64f605f47650c51a38deb777766bf449abbe697619fd438c4150`
CRC32	`44EF9827`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	27a45714e9b53930_~DF487ED8531436B0BE.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF487ED8531436B0BE.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`9d43609d12bb9aff56f0063c991c3cef`
SHA1	`3760b7b8c64f7ea8f5d39e847793ed7b9160dc86`
SHA256	`27a45714e9b539306afc16a0b7b2ed50088642a74feac7c7fe4488ac1c159194`
CRC32	`6A753A3D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ca1ae94572002c60_~DF2724E53258748614.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF2724E53258748614.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`4e5f1ecdd1a1dfe1f82d8c5525440969`
SHA1	`fe5917a24cb70b79ddbe52862ec3d932749f912a`
SHA256	`ca1ae94572002c605da964726f21116daac5d7c740286831549339b0bf8f561e`
CRC32	`200AE2EE`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	292f180b2a1f00e3_~DF9675128767D89ED7.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF9675128767D89ED7.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`b6af0bb13855b5da006f50135bb2de78`
SHA1	`e87c5cd66e27f9ec99a39f6d20627274f9833da2`
SHA256	`292f180b2a1f00e3bb44f9316400fcaa8cad9193d9f9f1a87a16ba62dc8b0c17`
CRC32	`D09E8F3B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b35d17c16c3f0a8a_~DF82E0C074D1E68DF9.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF82E0C074D1E68DF9.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`43bcfced998e347e1bb8ce48e43d2773`
SHA1	`71277f430578c6426c070991793cc9af6f1ba640`
SHA256	`b35d17c16c3f0a8ad5e270577e80f5578d7d3473b6335d4a8d0c2203c23bcffd`
CRC32	`21CD1FF5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	833f4f9064639125_backup.exe
Filepath	C:\Users\Public\Videos\backup.exe
Size	40.4KB
Processes	9924 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`22003c7356871be06076209d5fca79b9`
SHA1	`9c495640221b6b6648cfa955346677faff493189`
SHA256	`833f4f90646391259e34ae837259f436d86e7f6cf465ea5f330cfb49e2254247`
CRC32	`63638CBD`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ad93036b8b764faa_~DFF3BD5B0F8F643574.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFF3BD5B0F8F643574.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`a10bd3b9eb93ec980ae713078c0d30d1`
SHA1	`3d7387154dfcda0393c0115c0a0fe6527d7fb545`
SHA256	`ad93036b8b764faa2fd33ab26d773e006570d9bbcdd4091ca7f10eed2cfa0d96`
CRC32	`314F05F3`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	13db96c439402b2a_~DFA09A749799818979.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFA09A749799818979.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`a13d9adc5eddad88c48469c8bee50a83`
SHA1	`d5e55ed9e54e274974cc79beaa724f22d5603c57`
SHA256	`13db96c439402b2a583101292a912ae467861ba2b6c752c29b42ecaae2fd758d`
CRC32	`BA804728`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	bab0f49856cb0d82_~DF475D13491EFC85AF.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF475D13491EFC85AF.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`c5876a2a12220465090bb2eec90e9d66`
SHA1	`8beeefbdf1321d4c852e9622b2101cb57726cc15`
SHA256	`bab0f49856cb0d82cfce9e4eb2adafd9174758a454d66bf53955b11956255dc0`
CRC32	`C0BB3D88`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a2342ad82ad44259_~DF19EFC1181208EA87.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF19EFC1181208EA87.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`492ef5e01a37fc1bc1205b5522c6e9ed`
SHA1	`24ef5ae1964ee38c412100ce5f21519092dbd56f`
SHA256	`a2342ad82ad44259528f3df3284c3ae8be52dafec35981668fe37d6589dc3810`
CRC32	`00E5738D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	950e4ec028317b89_backup.exe
Filepath	C:\Python27\tcl\tcl8.5\encoding\backup.exe
Size	40.4KB
Processes	9116 (update.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`9013da38fb5d848901d70664d50475db`
SHA1	`6053dd30ad27d708fe82f1265c45183ac2d2bcae`
SHA256	`950e4ec028317b89f25917c77d117ab04e90381557c4d9a36c6006cc34ac6b1f`
CRC32	`CE10857A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	083a278ef15573c9_~DF6F65D1807F8CFBD2.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF6F65D1807F8CFBD2.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`ead61138fbe5f8705378465b82a8096d`
SHA1	`8ce84867b9360ed948efdea8e2d5208443cc20e1`
SHA256	`083a278ef15573c980c43f33e939174d2b96f3c151c799aa1acc7790720d23a7`
CRC32	`BF0556AE`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	785d096887937d22_~DFCEF976A1968CFF77.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFCEF976A1968CFF77.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`bae42ac61b75505d2fd185fe0edbaa29`
SHA1	`80f4fe9024479105b2266d1b9bc340435f75d8a2`
SHA256	`785d096887937d2231d6c1bdcd9cbc2c9bee08535a32dd7da1abc28d638c19ec`
CRC32	`FE09B346`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	48dad8b63112bf5b_~DFA543DC09BF37FF66.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFA543DC09BF37FF66.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`c26fe5312aa82a17820810b558e42e2b`
SHA1	`992000aba32180910dd5e78a0abf8dd8b0b4a957`
SHA256	`48dad8b63112bf5ba9474cf0cc7c81017f54487c1eb668f7d75edc42430737f7`
CRC32	`791EE9CB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	13b9fa0a4d931ecc_backup.exe
Filepath	C:\Program Files\Reference Assemblies\Microsoft\backup.exe
Size	40.4KB
Processes	6796 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`2edccbc3306be394f7ec4bf971155580`
SHA1	`a41f8ad078e1d0755dcf74306564a7d9d10db59c`
SHA256	`13b9fa0a4d931ecc1fc35414240fe538dee944974b59488183cb913b834df5bd`
CRC32	`3FC4ADDC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4ec6a02bda979c5b_~DF8167579E66ECA0E5.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF8167579E66ECA0E5.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`0ebcca081791e2810904ca87b0c9b0db`
SHA1	`de003ffd2e0181365a9f1bffda66d1750a26f319`
SHA256	`4ec6a02bda979c5bbeb2597891c872185230ce2bafa3cb4f104e53a2c7ebfb35`
CRC32	`91AC25D8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	973f2fe33d1e90d9_~DFEA70E489B4BB759C.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFEA70E489B4BB759C.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`6eafab105d85800550f9c06153aab788`
SHA1	`2dc6b9e048e5e2d5179311d838860d0166ce4c84`
SHA256	`973f2fe33d1e90d93fa3082af80e4948449b36d3747fd6a38cc64cbe9e70f1b3`
CRC32	`ACEB504C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e69f2da9751752ed_update.exe
Filepath	C:\360Downloads\360驱动大师目录\下载保存目录\update.exe
Size	40.4KB
Processes	2476 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`445226eeae25f4977e01cac1772f8b99`
SHA1	`b909cb5fdd2b6d735ed9ef375ae70c6f372d5fff`
SHA256	`e69f2da9751752eda46109f2f002f782518f27277eb88b256b0277826ff68145`
CRC32	`0C978035`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	91320b60888fed46_backup.exe
Filepath	C:\Program Files\Windows Media Player\backup.exe
Size	40.4KB
Processes	1404 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`49d326f10c1bc8d9ce769a9d31513519`
SHA1	`3670f95ab4bd92703f20c2d7e4b3f15d7cd15447`
SHA256	`91320b60888fed4618eb862fab77a06ce5cb0524b3d6d2c91b3181e5042c8816`
CRC32	`B0DDEFB2`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3f3ee85509fa1d1e_~DF68B1136F580E4A94.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF68B1136F580E4A94.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`ee3716c7dd77c4e5a4fb0fa2ae451df7`
SHA1	`7e0495de7b13050d9eac0c6d9d11d254dc6a92d6`
SHA256	`3f3ee85509fa1d1e8de88c805f51c2e64dc4cbe7243c6fb9f3b42c282a3e9026`
CRC32	`BFE597F7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1b12eb1ab48b6a14_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\{77B92CD7-F092-4bca-9799-57C38D821E28}\backup.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`8bc1c3d93296eb523f8fadd8a4b6a518`
SHA1	`330ce26e261819045ac54bf84820a338e4dd2818`
SHA256	`1b12eb1ab48b6a1452ec5fb5c6f102ab4cf0a3961f9b48d9b5bba9b3c3a0aa92`
CRC32	`F75A2E43`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4d18b167b9c9e90b_~DFB542708751C97A96.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFB542708751C97A96.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`ccf9a617be8da9a4c2f99abe9e6007c1`
SHA1	`68089f4010654a504de3bed8702e673492ef318b`
SHA256	`4d18b167b9c9e90b01ea93a99b26376a7b6ceebebd1e496cf959c609ffc7f436`
CRC32	`66436994`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5f5574e07983e0f4_backup.exe
Filepath	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe
Size	40.4KB
Processes	1592 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`4f902b7b8c928d0519e28d98ca607eb2`
SHA1	`178e3989eed442b287cd8c8164bbe62175ab2bca`
SHA256	`5f5574e07983e0f4f2226ce130db9ffb00d8a6fa2777b2e6c946d269384fd16a`
CRC32	`73708C6A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	935a11f0ec288f83_~DF8910D0CF34FD66DC.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF8910D0CF34FD66DC.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`da5b6f3db1a89bdc6f5bc6734190626d`
SHA1	`f49fa5a8e442d727ae5ba4fca9a0aa3e9a70d937`
SHA256	`935a11f0ec288f8346bb97d45c7216c2d293a59fd8148382659676070ae7275d`
CRC32	`AFB20721`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3585b20e94633b74_~DF6F2CA222D49E1CF7.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF6F2CA222D49E1CF7.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`ce2c7bae710b1440b3064372e9b31df6`
SHA1	`9879542ea6c5889b1bb082c5e4046882230fe20f`
SHA256	`3585b20e94633b74819e27e395b6bab99288b843ae34ab7c7bae95c357ca2588`
CRC32	`12DD78AE`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8eeae1eb488cd647_~DF501DF88D8665CB36.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF501DF88D8665CB36.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`7b300bbd80c5d3ead6190b59a7c33308`
SHA1	`1b19be5df256a70c992f554db0054f1acbe397ed`
SHA256	`8eeae1eb488cd6470889b5fd866265bb218235364fa10f2c324919aac6b82569`
CRC32	`E63DC4F8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	865b1b3148674a14_~DFD89D7D556EA065BE.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFD89D7D556EA065BE.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`106bffa1310651ff4ecde9e06021eaf4`
SHA1	`4f357968e0c8ca40f243858e649d05fc4b1b492f`
SHA256	`865b1b3148674a14c49a7dad4ec0f26c396cfc1b5abb539c874dd1e4291e057e`
CRC32	`261982CA`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8ab382fe70e5a7fe_~DF8FD0316313E6CD34.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF8FD0316313E6CD34.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`999805bd2684173041e4e5ad10987771`
SHA1	`c13df6009eef698ec328ef32da02d0912a83b445`
SHA256	`8ab382fe70e5a7fe79eb17bd0bc0f6289e0e8773f3192258748fceb45c2e15fd`
CRC32	`F9B43895`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	62f6f3d3df7b4df1_~DFAA2E6FA63AC1582E.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFAA2E6FA63AC1582E.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`0cb5f01a0a95b417241d9743782e2515`
SHA1	`bc24f93ba8e13d7d802dd7d9fba7c0447b40b659`
SHA256	`62f6f3d3df7b4df1b0789e8e377555c715368d6ad43a07f4ce87abc22bad4a02`
CRC32	`2EF9762D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d412e9250e50777c_~DFFDDD42670ADB2FFC.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFFDDD42670ADB2FFC.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`3e93c11704bf1a20c9ecc6306ddaac72`
SHA1	`58baf1bd69e2eaae44f55a782b923c56162c9cba`
SHA256	`d412e9250e50777c9435c057286d505d23bebbcb047eccd19d7ece170a0be5ee`
CRC32	`4C71EA96`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	39faaae4327b5cef_backup.exe
Filepath	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe
Size	40.4KB
Processes	3812 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`5469125f9420f87a98c25bc56b5211fe`
SHA1	`244023304d5e3229814bae9dd35bcdb3d090a5b0`
SHA256	`39faaae4327b5cef12e17dae09fb6d9f77d7ab444892677a6ca44a3829e9e10c`
CRC32	`344E3659`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5c7a218a078fa983_~DF71C68E7ACE22C08C.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF71C68E7ACE22C08C.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`2a2c5b776037479c03fd5dbaad0286ce`
SHA1	`167f64c4f83b8720a49ecd9f3204a2ea3c8bee42`
SHA256	`5c7a218a078fa9837291d93263cf2a9adc98e596ac203c0208dfa363d5d0b3a9`
CRC32	`74210BD7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	56c284a739826566_backup.exe
Filepath	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe
Size	40.4KB
Processes	3976 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`2ffe7b98d78df8a519224e4cc23cdb2d`
SHA1	`973f5e8c2517bfab51066e9ca4960cec2d10a258`
SHA256	`56c284a739826566c46019effd2e19a3a402c6a09fd53bde9a784dda766f5488`
CRC32	`87644700`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	773a622c03677f2a_~DF0191917650EBAB8D.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF0191917650EBAB8D.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`774f13b85d9ee0eb7fda3a7ae2802437`
SHA1	`58b1fcc4398a71df7cd7ea5a18220d27f281ef58`
SHA256	`773a622c03677f2a0d9aecafa04bfc75f6215773d9fc06a60af181c055a91328`
CRC32	`D28BC151`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	207420e4190ae559_backup.exe
Filepath	C:\Program Files (x86)\360\360DrvMgr\config\backup.exe
Size	40.4KB
Processes	3772 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`4f447aa6430ec1668d8b4b500573e949`
SHA1	`bf1b305fc3df29e61a8acdee46c1e67de2e84b58`
SHA256	`207420e4190ae5599b29e108e5af77a18adfc43523f7e4961bd689ced0a95b71`
CRC32	`1F9802EF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	03d4a7ef0a37b639_~DF9FD1717A27698B11.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF9FD1717A27698B11.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`800c36a1eb8c30f0e7679926325f844b`
SHA1	`6e8f3e245d2fe46f10b5494060a44bdbf68bc5c0`
SHA256	`03d4a7ef0a37b639fb5ec2e1c29355a4d04c5b1cb4b4c2d90a2c60857c96585a`
CRC32	`10B3EB8B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c69fabefcb3c0fd1_system restore.exe
Filepath	C:\Program Files (x86)\360\360TptMon\deepscan\System Restore.exe
Size	40.4KB
Processes	4972 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`c357f97ac38afd7a6d2cdca65b2b769f`
SHA1	`93b6fcad79ec529d2dd80c143223fb920ebaad93`
SHA256	`c69fabefcb3c0fd1d637c3e28579f42ad035df0ce16769a25f41eef173be484c`
CRC32	`1D45BC1F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c6ffc3dbe12df2ce_~DF95D36D8F8430CFF7.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF95D36D8F8430CFF7.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`3a7ee2def07eb5e885a9b5b1f5d21065`
SHA1	`d62d0fc571509945788ebb37839ec12e7af32cb5`
SHA256	`c6ffc3dbe12df2ce82bf956b157e52190ff3f88f69a7273e9654741f32ef3ad8`
CRC32	`3D4898CF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a651fed8578c8d0d_data.exe
Filepath	C:\Program Files\Windows NT\Accessories\data.exe
Size	40.4KB
Processes	7456 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`6bd79dc90e2599becf66a5d8fa127ca3`
SHA1	`937c68bc179a2091e32c77131e9b7f0c4394fe96`
SHA256	`a651fed8578c8d0dc1f7c905e94268de93c020c5b0263d75607c41e61619e188`
CRC32	`A6399703`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8f88ebea1866f8c0_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\hLfOcYtTfIjZuKaE\backup.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`38c3458f8447987ad8e77f5a0dfb7990`
SHA1	`21c98b3fe124d9bef9c17fe10e4e4ea2ad029d6b`
SHA256	`8f88ebea1866f8c0ccd3085d7f8a5cfc95cc53c9f11c01615628757ea6f38f35`
CRC32	`9A87CAA8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d0d53b6dbc38fd81_backup.exe
Filepath	C:\Program Files (x86)\360\360TptMon\config\newui\themes\backup.exe
Size	40.4KB
Processes	5360 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`e7773ececc05d49c0dbec8abf4439585`
SHA1	`5e307dd0015931f2a2fc5d825d6f97353cae5735`
SHA256	`d0d53b6dbc38fd81c36913fcdc39ecf374e552034340a3ca3db8502a48ee39fd`
CRC32	`9CCCC57F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	32f6710e6dfc88ae_backup.exe
Filepath	C:\Program Files (x86)\Common Files\microsoft shared\ink\HWRCustomization\backup.exe
Size	40.4KB
Processes	900 (data.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`cd5229c712a053f6cf74994a8b0b2449`
SHA1	`da5f6007bd61f6416bcbb53ffda7e5b707389939`
SHA256	`32f6710e6dfc88ae9a29e88d20e16f43a889d5abde2d710c6ca829c3e513a925`
CRC32	`470256FB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0f1e01e496f3a766_backup.exe
Filepath	C:\Python27\Lib\site-packages\pip\_vendor\cachecontrol\backup.exe
Size	40.4KB
Processes	9600 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`a3b934cce5048ceb4c613066484b25ab`
SHA1	`911c21d9b2a588c0273a86ad0b01d661d8cb8708`
SHA256	`0f1e01e496f3a7666b5a33abb8831ba4ac39e5c31b8ade7c92a5107df0bfad44`
CRC32	`3101D35A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c61c96d13e868b47_~DFDBAA5F1971BFFB73.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFDBAA5F1971BFFB73.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`074b041324e148488a80a86310d12bc6`
SHA1	`27bef00a5f2dcb2b8d94a8ebac5a3636b840b6f8`
SHA256	`c61c96d13e868b47ba333d195af15a15e84a6f954449c17118be3b338b94059f`
CRC32	`B2832CBB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3a1205a46cd7259c_~DFB379F344857E5D93.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFB379F344857E5D93.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`58801cd0058334f34ac00b5292483a82`
SHA1	`0525ea6474dbbf26bd399f0c31d9c4ed41ab445a`
SHA256	`3a1205a46cd7259cdab509c96fc5c8a54d79147ea93ff0396135cc4c4b90383a`
CRC32	`4C29111C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d357aab2f469f8da_~DF0A23D8D8CFB4388C.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF0A23D8D8CFB4388C.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`f2537ef8ad777b61d7ce215e8a4cd06c`
SHA1	`6572698e83dbb5a35bb4fe64558998f9271376eb`
SHA256	`d357aab2f469f8da25e4741ea6481ed6647f39f684b630aa4a05496c5dff63a6`
CRC32	`12C33C6C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	20a3e7367d01f990_backup.exe
Filepath	C:\Python27\tcl\tix8.4.3\demos\backup.exe
Size	40.4KB
Processes	10828 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`ad29854b7cacb68a6deb7d2cec405f5a`
SHA1	`81a464d5914c64937de8f4f9eb660a4bb90a7272`
SHA256	`20a3e7367d01f990f3cb87f9f4c2a75005bffaec732830d914be2ef570930386`
CRC32	`226FEFE9`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	37fa2cd4fe4e72ee_~DF53C2E3CE969738E7.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF53C2E3CE969738E7.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`918b295d5476d44b2ac4f857bd9d8ae0`
SHA1	`c3db138b023cedcb053fe7bb5363bf210f96a114`
SHA256	`37fa2cd4fe4e72ee0ae3becc229f03b5cb12a516490bb182e3942e85e3406d21`
CRC32	`2084443D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	552ff28c96f8f3cb_backup.exe
Filepath	C:\Windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\backup.exe
Size	40.4KB
Processes	10788 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`42f6d53c491f35b04fac21975ccbe859`
SHA1	`5ac0eba9f14e1098682f5ad9c6f35a6a059125a9`
SHA256	`552ff28c96f8f3cbe192ec5a9a8f3fcd7d1b70b2f5b6838141259aa6156187b3`
CRC32	`84627EB9`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2d2ae2597a86739b_~DFBB300F862640BF35.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFBB300F862640BF35.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`01e58f8ecca5ae9d932c2f74d8f6022e`
SHA1	`7bbc9ce0033c80e7aa541c38bb9a5c14a4ec3c2a`
SHA256	`2d2ae2597a86739b26d54a41c794ed36893b00738deff2bfb5210496661353a5`
CRC32	`6B969B91`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b8acc6e666fc1ed9_backup.exe
Filepath	C:\Python27\Lib\test\tracedmodules\backup.exe
Size	40.4KB
Processes	11520 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`6ed241b3cad3f1925e7a9f336c65589f`
SHA1	`7df3b72dbe328d60918f1e52317b88e3c17a5b8a`
SHA256	`b8acc6e666fc1ed96bc505cffb8ae121534766a1023973b688f8a83a560cf19a`
CRC32	`590E6C72`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	581fa6550aa0dbca_~DFE0BF32E73765D442.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFE0BF32E73765D442.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`2ab34ba3c4b85cd76eff0e4e47f5a531`
SHA1	`0e2ad1f7f0dddefd638d1cef76b72d08301a26dc`
SHA256	`581fa6550aa0dbcaeba5d4f32e9975c4b0b60931b6392e4b72547d3836736bf1`
CRC32	`6C34BFB9`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d5bf871eab850192_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\{5BB31489-4B0C-41ad-8C12-389A6D59634E}\backup.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`8149f64fa9234d2900fc1d97a0065bf2`
SHA1	`5a14d22c3f389a6020000c63b223d8c8efb37abb`
SHA256	`d5bf871eab8501924d8114d0af8d416a73d83d183fc8ebada0660fde7af6bc6e`
CRC32	`D83552C4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c46d9a2603bc5459_~DF79BD03255AD00B0C.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF79BD03255AD00B0C.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`75900f0b6069a8b85dd1e5f7f3528e31`
SHA1	`8fab7c169ee0425d7a7666fc7743bf5a56bc76c8`
SHA256	`c46d9a2603bc5459d5dd56c340116e1427fd3cfacd6af51373b92ba1b04953c1`
CRC32	`75B78E09`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	80e9ceb7b31c8eb4_backup.exe
Filepath	C:\Users\Administrator\Favorites\backup.exe
Size	40.4KB
Processes	7340 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`174c5d05bdd8601d551f294ee113eb77`
SHA1	`d915b640642349e0d395b5dfa14ccfc3e35986f0`
SHA256	`80e9ceb7b31c8eb45c47385b95ddf8889de8c9bfc80f9be65e19e41a874d14c7`
CRC32	`7161CB93`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6f66d4dad321798f_~DFF39D0F6A59CCC540.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFF39D0F6A59CCC540.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`34931f13e9999ca6496ff47bcdac9900`
SHA1	`2428ca1def5e1185fe92cdeddd9d7287b73e6f3d`
SHA256	`6f66d4dad321798f43c90e0c64a9bbe2d7c21c55cd54db75966a54c68908545a`
CRC32	`D6DA386A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1d68d23cddad68ac_backup.exe
Filepath	C:\Python27\tcl\tcl8.5\tzdata\backup.exe
Size	40.4KB
Processes	9116 (update.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`b4b927e6ec31b1d1d504d3275f7ca3c7`
SHA1	`f17b7114ff3c88d91def7852a33f88878013687b`
SHA256	`1d68d23cddad68ac7aec77271250e39676b3c21378ab6ac26cf15414297a1319`
CRC32	`29A8A87D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b327f7d7f1ff4403_backup.exe
Filepath	C:\Python27\Lib\site-packages\pip\_vendor\progress\backup.exe
Size	40.4KB
Processes	9600 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`0fa2cd4683a68b76731943deadb62166`
SHA1	`031b48c906d328a4bbc0b4bcfbf3a1ad31792eb0`
SHA256	`b327f7d7f1ff44034e0b8c3330587f607e5e612a760d8e4f411516e9add7ece4`
CRC32	`CC632A20`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	94687be780fbd748_~DFEB76A80C88D910EA.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFEB76A80C88D910EA.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`99d7ec815de66cdde28f5afcb8924efb`
SHA1	`b6d9b9ec9d270cb6a96500b60216e993bdb0ccbc`
SHA256	`94687be780fbd748d2bf165936e6be3443cb15e4f3ec193604f6a933651e464c`
CRC32	`B3806311`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c9354463e6a00855_backup.exe
Filepath	C:\Python27\Lib\site-packages\pip\_vendor\colorama\backup.exe
Size	40.4KB
Processes	9600 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`1114cddfb3e9cfbd365f9e458db58490`
SHA1	`f766951b779b8022dd23d5d005d69f48c2df0ded`
SHA256	`c9354463e6a0085549e50bdad16ba0b3bdc86c6fc17322011d74d1f2dbd221be`
CRC32	`CB0EEE39`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5b785eb15e2b22fb_backup.exe
Filepath	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\backup.exe
Size	40.4KB
Processes	8936 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`aea1c245cc10b87c6ad05b28ce5c60f5`
SHA1	`61404d4b8354220a8f98f5ea8850d5237b66d90d`
SHA256	`5b785eb15e2b22fbfe1c97cc026f752b48f57e55d893e7cadd82f86855cafe7a`
CRC32	`F8A74D05`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7ffe654b9af6a41b_backup.exe
Filepath	C:\Python27\Lib\distutils\tests\backup.exe
Size	40.4KB
Processes	6336 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`d5284194835d048d491758496fa7b7b1`
SHA1	`f1d06193785ffd66882c19e4cdb5bcf6e36f047f`
SHA256	`7ffe654b9af6a41b9fdbf43cda309d3a346d57d8d1b1ce3a3a0bfefb86c12f30`
CRC32	`C6C7F82A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d811ba69c369a3f9_~DF94CE72E999280F2A.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF94CE72E999280F2A.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`0698912db7a417ae70fcdb610365dd9d`
SHA1	`2cf0da67e08509481f33b1e9e2e8f423a9d3b77d`
SHA256	`d811ba69c369a3f9d95a670dad8fbd6e1f4ab090fa17dba77381450935d5306b`
CRC32	`21D99470`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e5b834746d5550c6_~DF2213FB11B659FD3E.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF2213FB11B659FD3E.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`2d8a91e5f2454090f3be5e7449178082`
SHA1	`79cc38ac3a4f4adac66218fd301c86032152c130`
SHA256	`e5b834746d5550c66ddb226c9c5dfd6f4b67119adae4a0b4544ed1d7aab83175`
CRC32	`DD7CCAA7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	481bac793bb494b4_backup.exe
Filepath	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\zh-CN\backup.exe
Size	40.4KB
Processes	9184 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`b5123c816d62462dc82067487cbd3455`
SHA1	`84b2dcd3603eace016f87a715a4a9d0236832982`
SHA256	`481bac793bb494b4a4add69865739476bcc3beccf11b275c06d38c34d441132e`
CRC32	`B14064B5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1782cedbfacbb954_~DFEBB5A936B7C91B3B.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFEBB5A936B7C91B3B.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`efe6847afe38acbf0d4298418c3d0fe8`
SHA1	`ba7c474242dfd758303bd96eec6e522f9237b769`
SHA256	`1782cedbfacbb954690e1e7b1242ca512169dfe9916308f3dd772d8dcdc270d3`
CRC32	`EC0C501A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b33c07c026fdc2bc_~DF83C84447E8DB53F3.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF83C84447E8DB53F3.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`ef08777d0bcc8d1f354ca2152c83dffa`
SHA1	`f11644b0d1c33e2369bff44273cf2467886449b0`
SHA256	`b33c07c026fdc2bc768e5f1d02966a7a8fa40e353219faef2e2fd23f4cbd48c7`
CRC32	`C5EB425C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a0621f068d31c7b5_update.exe
Filepath	C:\Program Files\Windows Photo Viewer\update.exe
Size	40.4KB
Processes	1404 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`929d09de0c8fd4252fa69685ccb83923`
SHA1	`567ff71042b87b1ffa9d67c4d580121a65c06fd1`
SHA256	`a0621f068d31c7b567d91437b4aefc1a98f6b3d60b1db15721cff79bb928540f`
CRC32	`2EB97A11`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	49a63c25685a3e44_~DF4A146C4BCB410727.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF4A146C4BCB410727.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`6440323a4171acf6fc592b663538ce78`
SHA1	`87b72290bcc25b4208d40cc5dbbafcdcef351e8a`
SHA256	`49a63c25685a3e440d2c94ceda27e4bc4daee2cf73d5c844941d504f81d4e456`
CRC32	`CF97D2D7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0fe8196737cc88a3_~DFBFB775D276317D34.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFBFB775D276317D34.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`6a8e26864b7ebae234139d46822f435a`
SHA1	`f39b9b02e26a9af5e28de9392e132d75007a444a`
SHA256	`0fe8196737cc88a31769a9aa0b1ec3b25327d6d59f514e98996946f2a1acc407`
CRC32	`DBE16A85`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4431879df1af2698_backup.exe
Filepath	C:\Python27\tcl\tix8.4.3\demos\bitmaps\backup.exe
Size	40.4KB
Processes	11192 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`9878f0c89d1017bec795b0ee83be960c`
SHA1	`a43fc8b1b3bfa373bcab17f4796b58afee3d5e91`
SHA256	`4431879df1af26984e325fac608b83a7a4d63a8413e9ded528a4c4c6b1fb7b36`
CRC32	`9460A72E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9e4274e3b4d4a2a3_~DF0EF220DBF990ED09.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF0EF220DBF990ED09.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`1aaae201987ad5d4ec7e665b2edd2a95`
SHA1	`b527795d02cf0d27251d774921543e87c6b6c5b3`
SHA256	`9e4274e3b4d4a2a3514d98b87386378b1586fa70fdaa441f6ad68f9a4c976397`
CRC32	`78ACF002`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0b73acccad142b79_backup.exe
Filepath	C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe
Size	40.4KB
Processes	5700 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`0126087fa41d49590d1682e0f7433169`
SHA1	`7c5f77a24435a173911a257c2b1c2593c2622f20`
SHA256	`0b73acccad142b79c8b12c2336af23451c48af0ce3b00c8b8ed15bc7e2958bc2`
CRC32	`5DF56858`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a057afb79601fcc1_~DF522D56E0EF2797BF.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF522D56E0EF2797BF.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`afd3b82648ff3d6af6cfbbe8df31efb4`
SHA1	`386c530cb5aa1fd843cd55d366e63befe60ef275`
SHA256	`a057afb79601fcc1214ecef36a3728b234f976df48a092a3f9b7c26d4566d26e`
CRC32	`D90963EE`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	bd99516146624a00_~DF6BB49C6E1116C355.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF6BB49C6E1116C355.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`40631109e35cd8afe7f87df3131bed67`
SHA1	`ead6e40ef648aa00b000760b9af2905cc300f449`
SHA256	`bd99516146624a00a0e8065ea28fbb0054dc5792e5f5a45a80046e295597a3bc`
CRC32	`7761F6CF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f9bf867876cb3e3f_~DF4478926642666C77.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF4478926642666C77.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`95bf02f619be91a5fd39f8f4e735317f`
SHA1	`aad24d3314f10dc3a64c4a43e2d955d5105556db`
SHA256	`f9bf867876cb3e3fac0fefe1c3c6077d71a46c73038b9e3fe2b231102715ebaf`
CRC32	`E0A122B6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	63e5e073cfc61481_~DFF784BB71F4DA6584.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFF784BB71F4DA6584.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`18a2a8c4d44cfd5d0b4e717320b0a71e`
SHA1	`3ba02e4f8fb5181acf2fd5291d2029bac8642260`
SHA256	`63e5e073cfc614818c9477bb3ceb0e9336476d5d32fee730a32225ee1e8a65e0`
CRC32	`6FFABBB9`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	be407a7a2c07a77b_backup.exe
Filepath	C:\Program Files (x86)\Windows Mail\zh-CN\backup.exe
Size	40.4KB
Processes	10680 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`6e180fb2cc1ec9cee53a4849f19d0988`
SHA1	`4556682c59903370c1c277b47aac91bf8b8e5c8e`
SHA256	`be407a7a2c07a77b138adb81711c9f26d59856fa3b1382e684bdec00c3397dda`
CRC32	`B8C82585`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	59169b2d4e6a871c_backup.exe
Filepath	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\backup.exe
Size	40.4KB
Processes	9768 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`23736ef043abe7a659eab8744cad9c0c`
SHA1	`1d2589f42aba21525b387bff5daa8463851e81ee`
SHA256	`59169b2d4e6a871cb22dc8b031a6b2d86631d3bf7c27b825db21ba2e4908358f`
CRC32	`38A272A9`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	842c5adb6643adb1_~DF1A540EFC026EAEB8.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF1A540EFC026EAEB8.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`2d03a4bf77aaa0700dc3fa269aa629f2`
SHA1	`635351d6b67c96457185ad253bb33d063813d7f9`
SHA256	`842c5adb6643adb1fb867d4e34079cc79231a754d21b2075a613bb7d77151975`
CRC32	`CF408703`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	78273b1ac485c146_~DFA8210921033B6E2C.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFA8210921033B6E2C.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`a42adc9a1b3f6890123d9da62a8621ca`
SHA1	`a26e1f365faad308e462cfbe653aef69907c88b8`
SHA256	`78273b1ac485c146e96f352bb59c4a86dbe0112221ce9e8dc4a119e3daf95109`
CRC32	`30660CB4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3b064fb437c27da2_backup.exe
Filepath	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\zh-CN\css\backup.exe
Size	40.4KB
Processes	8736 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`8f779abfc10a362ae1316a1f4202510b`
SHA1	`b0f2f5917726b7914ddb3a9f2df3b561cc905769`
SHA256	`3b064fb437c27da2912ccc91ef3c75641a7198ac2a99d4fb0488d46c7764214d`
CRC32	`A9508975`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	fafecbf6f556b309_data.exe
Filepath	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\data.exe
Size	40.4KB
Processes	10256 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`b1a65aed8ea4c99e6fd9a28f85495ea7`
SHA1	`96b80a8cdd9f6dd301137ebc37b4fb18d08fae91`
SHA256	`fafecbf6f556b30924f170358637419eee54a6ba7236a9119398815ae2de727b`
CRC32	`5C35BD9B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ca45d53400936f5e_system restore.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\{0A270244-F7C2-4fb3-9656-B20812C44A07}\System Restore.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`984c48e35528ebaa6f0fb679ee459a98`
SHA1	`16be9bb80cad9926aaf56613a505bf71508752a8`
SHA256	`ca45d53400936f5ecaef82129cfa50a42dfe836cc22eea4ae154abcc43833d6a`
CRC32	`D6EEDAF6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	76cc146e38ee35e1_backup.exe
Filepath	C:\Program Files\DVD Maker\Shared\backup.exe
Size	40.4KB
Processes	3120 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`0a4c6003d15b2477229551edadb252b0`
SHA1	`5101fabb43c1235132b8bb4a9163edf24f53ee4b`
SHA256	`76cc146e38ee35e1d7a51d8228eba146fb577793ba30fac4d62cb45f76842cca`
CRC32	`3F3BC1B0`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	86a1507eeb8d25ab_backup.exe
Filepath	C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\backup.exe
Size	40.4KB
Processes	11588 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`4831be05ac06dbf78f36cc0e2d050bdd`
SHA1	`5d963c173752526d2875771b2ed52c5ca28d8673`
SHA256	`86a1507eeb8d25abdaafafd9a76ca771a27f95bcf3e80fa2c53510cbd7540847`
CRC32	`DD347798`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	62b8fc5f345461e2_backup.exe
Filepath	C:\Python27\Lib\multiprocessing\dummy\backup.exe
Size	40.4KB
Processes	9060 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`6a11b9469e8b268b12a41067a992591d`
SHA1	`69f04f0a02ec18336275bcd2faf2f10fc0a56cd3`
SHA256	`62b8fc5f345461e218e1a9cb3c8fe010d212f45bc3ffe75e239256abece2f217`
CRC32	`2891472C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	29b036da18e02d67_~DF280B7B902398DD7A.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF280B7B902398DD7A.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`afeb05537c235734ae415ed6a271ef5f`
SHA1	`7b72ec6e02617611ff8a844fd62d2eadfd85a1f0`
SHA256	`29b036da18e02d677dbe4a593d5eb981bb0504a45e4bc65f5606149482e54bdc`
CRC32	`29BE5448`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4179c73491f259fd_~DF9F463C0A9EF30575.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF9F463C0A9EF30575.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`a601e27ef3c30ae579074cc5d0bd5603`
SHA1	`c8bd464838564c5aac0386f74768388170de6ee6`
SHA256	`4179c73491f259fd30ad136b72e7ae0e5e24a1de0b7ab9183a4b2f00105259b7`
CRC32	`40E8ED0D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c242dcaff656519c_~DF15ED5DF0B8DC3F0B.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF15ED5DF0B8DC3F0B.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`04975dcdebbd87703a5ce153e274978d`
SHA1	`967ee2e3de4820d44af31263ca7ce2023dd151a4`
SHA256	`c242dcaff656519c00911792ee1005d0956a063394dfa645486c46e5e9f43b90`
CRC32	`8C1A008C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e5b834746d5550c6_~DF583D5FECB45A6003.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF583D5FECB45A6003.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`2d8a91e5f2454090f3be5e7449178082`
SHA1	`79cc38ac3a4f4adac66218fd301c86032152c130`
SHA256	`e5b834746d5550c66ddb226c9c5dfd6f4b67119adae4a0b4544ed1d7aab83175`
CRC32	`DD7CCAA7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d7de169ec233e28d_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\aNpKsEpSsFyBsNxE\backup.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`87d78b7380ca077f19555f39fec7f120`
SHA1	`3e266da1a45790b66826bd505532d7d37e52c4ff`
SHA256	`d7de169ec233e28df03e459065b16e5f02ac1b39d29dc88a723be5c89f997afa`
CRC32	`9DEA0EB1`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	66bff0c8d0bd2d7d_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\{9353DF3E-6A9B-4c98-9DEC-C29C75807DD7}\backup.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`d662e3f9bf8533c4965f728f30ab7ea2`
SHA1	`6044418bbb60542bd4b5fd850524fb87be67f6d9`
SHA256	`66bff0c8d0bd2d7d1267175c9c4b2a8101fa7592f951bd9fd50413759a313948`
CRC32	`1E398B76`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7ca2a65c6f0b24cb_update.exe
Filepath	C:\Python27\Lib\site-packages\pip\_internal\vcs\update.exe
Size	40.4KB
Processes	8812 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`f2e9ceebdba4cb116576e5dc55960143`
SHA1	`76f8e9f515a4695f049f413663582b7320f26313`
SHA256	`7ca2a65c6f0b24cbc7d1f1ff9d412324c5c8184b56dabdfc17501762a7d5a5b2`
CRC32	`33476D03`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	46d51001a5a65cd7_~DF2852727A94685EBC.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF2852727A94685EBC.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`beb305e6ab994f3bb566bd3d321c0a67`
SHA1	`b99741d3967d8df2ec67340662de192c15cc96df`
SHA256	`46d51001a5a65cd79fed0894635807e8e67f92a7f765e75eb91bc941a54f7d0c`
CRC32	`DF50BAC9`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ead95d0ccace12df_~DFBAA021E4D12F475D.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFBAA021E4D12F475D.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`0cadc6d1ce58cd5a5009d9984c268eef`
SHA1	`2a2be63a66c410863301c759f8df18cff15b6bd3`
SHA256	`ead95d0ccace12dfa9c3d44b68c5312b8eed2fb1359cbe1c90bd023180eef366`
CRC32	`21600C9E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	940602da332d9fdd_~DF2D36324C14558F91.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF2D36324C14558F91.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`16b7336ff1637418769de78cc27afc1a`
SHA1	`ffeaf0eb832a7f6a661bfa4689668adcc5443024`
SHA256	`940602da332d9fddc655a5d35d41b9c53e58db135e54d6de8715dcb57b3b7194`
CRC32	`5C4BB5A7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	16d466134c2f6baa_~DFB39E96CFE60553A3.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFB39E96CFE60553A3.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`4b8f91881a2576afb2266b8b96c7ea97`
SHA1	`5029b30ec4be9262e98f97772e90914577c550a5`
SHA256	`16d466134c2f6baa0abd631259da2512362addd9f603bab222e6189a0417ad55`
CRC32	`F29BEC48`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6db66feb882e4bea_~DF17DD9F915A64F7DD.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF17DD9F915A64F7DD.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`fd73603cbea1223643d36dd461167513`
SHA1	`c6e80bc54bea75ba0ca35c5dec6ca1ab916f15d8`
SHA256	`6db66feb882e4beaccd4b6854fa2fc75c5b307020608456652283726a25f5c43`
CRC32	`017FCD85`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d8b462ee16b5f66f_~DF61A9D672CEA7AF70.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF61A9D672CEA7AF70.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`c39b69e038bd43be98face96dde27f16`
SHA1	`d504f786ebf1e1b65c728f793f4609ce5fe4f066`
SHA256	`d8b462ee16b5f66f4d5a89864a42b18592be94e701e7b1efbd98fc1c606170f2`
CRC32	`1B51FB69`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5d347c6a559dbbea_~DF054EF5E41F59243E.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF054EF5E41F59243E.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`38170707c34a41ba9476ede80ce16289`
SHA1	`37edf9f10b7d9103fa599681f24423d7b1e79f8f`
SHA256	`5d347c6a559dbbea42e34414bfa1cf5ec5b39bcca7905107e4665cfd39d6c06c`
CRC32	`28EED607`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9143ceb56d988c86_backup.exe
Filepath	C:\Program Files\MSBuild\backup.exe
Size	40.4KB
Processes	1404 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`cda74201210f79d70bb2d95068fc6479`
SHA1	`95df69fe94b42613e62d4b0febe6d339498ce6dc`
SHA256	`9143ceb56d988c86f3f924be7831f1de7fda4897d00a97111cab74e7991f2428`
CRC32	`91691B07`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	709a5f7468b4ba6e_~DF84353014EF83C7BE.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF84353014EF83C7BE.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`a1316066d745db98167eb1dc2341a296`
SHA1	`271bcb0912e944be1b07d69d5a8f98d695016371`
SHA256	`709a5f7468b4ba6e67e5f18764a84755a968c6d4b3236fe02595c9ee3f458f6d`
CRC32	`F5D46958`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b0796db86c298700_backup.exe
Filepath	C:\Program Files\Common Files\System\en-US\backup.exe
Size	40.4KB
Processes	4424 (backup.exe) 4536 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`b48bf746a25dcf74cdc5e88fc8e6ad14`
SHA1	`ed463b97634fe885767e7ee274e72094b5148946`
SHA256	`b0796db86c298700bbd877ef83526930dc622df95da0ed6a82e60fc895ccc2c0`
CRC32	`435F230B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a5ebc96cec48a7a1_backup.exe
Filepath	C:\Program Files\Reference Assemblies\backup.exe
Size	40.4KB
Processes	1404 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`65e9cf541faecb636fedd90e3c570732`
SHA1	`73de99efc2ddea68b11e3fe332f20cdfb2021582`
SHA256	`a5ebc96cec48a7a1e3da1798660e6ec8ef1b0f653208dc3f5f0ec79e66038852`
CRC32	`7F677A2B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9e0528c822ceaf22_backup.exe
Filepath	C:\Users\Public\Pictures\backup.exe
Size	40.4KB
Processes	9924 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`89be126e094a1420e587b326b1cd22ed`
SHA1	`49d4866871394d905335c5540fb84dfdb1f95071`
SHA256	`9e0528c822ceaf220568e5919af12c0f086df7833a1a6101ec88b11d102ccd05`
CRC32	`1464BC2B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	fd1251d79070a9be_backup.exe
Filepath	C:\Python27\tcl\tk8.5\ttk\backup.exe
Size	40.4KB
Processes	11776 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`ed2676eb6d07959eef15f5d836b1de1b`
SHA1	`ce30c8a27004144c638078f8428e14378c156bcf`
SHA256	`fd1251d79070a9bebed6c0675d8d73ac7bf2f9c28e09dc5fe4340c5c1c7697d9`
CRC32	`5043A53F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	60cbe6758830ee5f_~DF0D471AA23BC9222E.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF0D471AA23BC9222E.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`3ad7a4ba62926a36dff1f87c5b42c1ff`
SHA1	`bca94909e985af4e24eefe4616492e6d2ff4242e`
SHA256	`60cbe6758830ee5fa4703e55bfb14d06aed7c20c6f39080839bbcdb4bc4a140c`
CRC32	`877E5BC3`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	44aac8001a29b4d3_~DF54EC86792C7A50AA.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF54EC86792C7A50AA.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`877ad998d50cfc13f909ca6eb7bba0c0`
SHA1	`9c48e97112883a8c4c3676d058de61320a776111`
SHA256	`44aac8001a29b4d3c287b3078315c88abc1fec01e8035d67cc5b8a30ce0d943b`
CRC32	`ED373405`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	dc9a473c543e9087_~DFFFB07E823D643672.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFFFB07E823D643672.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`aa268c5fcc8491eafabd20ab9adadada`
SHA1	`e1fb4c6f6ea95214c773dcfac35167de950d9254`
SHA256	`dc9a473c543e908762e6b6917532962cd439e1515a2bebd0a96c9e4bde50d57d`
CRC32	`121EC86C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a494a6c83c358901_~DF5A9CC60E67FF835F.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF5A9CC60E67FF835F.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`40915f952ad16a8669e5f2cf37d1abeb`
SHA1	`cd025f96bea80c38fdcf4227dee27b677f5137db`
SHA256	`a494a6c83c3589017b7abe1f32a370dcba73cda91441f04918a3ac340f348d5e`
CRC32	`36344925`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	bded8a91931c93b6_backup.exe
Filepath	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\zh-CN\backup.exe
Size	40.4KB
Processes	6716 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`8a5f37b5cc9228bc7aef38afaf332b7d`
SHA1	`7683dd4d1e63ce04cbc57bc99a3a2987cb24a555`
SHA256	`bded8a91931c93b6a8b4fa9cb4458a999b35d6da858079b73d21021fb3fc5c9f`
CRC32	`3381B203`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	801092e46b5f3dd3_backup.exe
Filepath	C:\Python27\Lib\backup.exe
Size	40.4KB
Processes	6004 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`ba26cc14d0b07e2a8c307d2431a213d8`
SHA1	`8b7d1c383b327af5820a10edbccc5c8fcb6bcc06`
SHA256	`801092e46b5f3dd35024ad2ffb53df8beef0e704cae7b0c9c5363af3057bc1da`
CRC32	`3DBA898B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	52ecd8a556a38216_~DF418C94D9C390127D.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF418C94D9C390127D.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`8a60d4367b47eaf0f2242af0c2693482`
SHA1	`9250a547ca267b8f12482cf35cc21d484233aba3`
SHA256	`52ecd8a556a382165452b5f85f804d94d3d5e347758ad90f915bc1461fcdba61`
CRC32	`C2C212FD`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4d014562b72c7246_backup.exe
Filepath	C:\Program Files (x86)\Windows NT\Accessories\en-US\backup.exe
Size	40.4KB
Processes	11488 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`257f128351d84957eac9f9891b626861`
SHA1	`b4bc1be875910311a3628284104e0d77175a3171`
SHA256	`4d014562b72c7246a948e2c49eec6f448480c89f90c5913cf7a3c610287d67e4`
CRC32	`B1D3D4AE`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6c2db0eae9660e05_~DF53E6E65A90B19848.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF53E6E65A90B19848.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`a5c374ae914a83f409ef705cba4da717`
SHA1	`684a2e80c6a4673291afd3783f9004ca8d8658f4`
SHA256	`6c2db0eae9660e055987cdfaee6f95ae01e52990f5fb43372e603ee19e57ebb1`
CRC32	`FD5DA0BB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c46b7cbbde9df74e_backup.exe
Filepath	C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3D\backup.exe
Size	40.4KB
Processes	10788 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`8a793227134355dde550385ea0072bf1`
SHA1	`e46a0250d6f507a29e21438af08a7a5df3cdbfc1`
SHA256	`c46b7cbbde9df74e6a85974028215268a0b8167d076c6ce16df8c3d0c6a541af`
CRC32	`F3654E2F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	32578a25bf2fce49_backup.exe
Filepath	C:\Python27\Lib\site-packages\pip\backup.exe
Size	40.4KB
Processes	8828 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`d8fb612e508f7a5cf55ed3a60d0cd219`
SHA1	`306980cf2048776e2029a62a7ed67bb14fede472`
SHA256	`32578a25bf2fce494e144f48f932adf155dab18239e8e33e1b23d7b182ef8939`
CRC32	`C4752D16`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0adba3ae451b2075_~DF04FBEA9EA1BA5493.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF04FBEA9EA1BA5493.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`92ecbc36f12d9860446a5809206f5e6e`
SHA1	`d036a9833b202d81acfae62f12e3c3e20485e17a`
SHA256	`0adba3ae451b207581a1df8736e60c052ce159fd2e6474b9271c3de35115270a`
CRC32	`29D87B48`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e665702c7947a147_~DFD051A7F980D7C164.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFD051A7F980D7C164.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`36ad9cc8906157c5a11bf99156a1dbe8`
SHA1	`a4ba919e584d5f52a08feb13df2b03a98a1a05c4`
SHA256	`e665702c7947a1478b3e837236ed298aaced91f970535785852220848b53b088`
CRC32	`6091E71A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	bd2b033d918ca996_~DF64C8CC9313D7D5E0.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF64C8CC9313D7D5E0.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`193e04cc389cd77ddb3b94651a3f2951`
SHA1	`904463bad1474bb4ab2006e2ab3bcc30bd29c8ba`
SHA256	`bd2b033d918ca9968646654d9b77c0efd3018a9106d38c3d49159b310e4a93e3`
CRC32	`C5CA0841`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0aa15b870f2f312a_~DFC8275ED5097E3E54.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFC8275ED5097E3E54.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`4fc08b8062a0d57fefa659739caf4970`
SHA1	`e6e3988d07651046dfd97c1534aa4a9bf1cc3405`
SHA256	`0aa15b870f2f312afb751a7daa9c300b588d24332a76496af6f745042722bec7`
CRC32	`57E8642F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f3f84c472c56e3f9_~DFC660DE14CCD54D79.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFC660DE14CCD54D79.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`fc3919f758bdaa86e7bfe278382fd13d`
SHA1	`9a80aa477772b4208ca7ee8091049675481ae79b`
SHA256	`f3f84c472c56e3f9790885d00bf2a357c2d7584b9cfc7b89dedac84e71e7d440`
CRC32	`A8B7446C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a2687981aa160641_~DFC7F278737B1EBBB7.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFC7F278737B1EBBB7.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`663804e2b228a16d502e1e575797f8fc`
SHA1	`da0e2b5a43fcb2693ab3f97af19d676a2cba0213`
SHA256	`a2687981aa160641e45755d2496b8e474e8f4bb8009d3e7228a4eb2024d31742`
CRC32	`50EF67DE`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f41227fb55f89938_~DF971990C2037515AA.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF971990C2037515AA.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`a6c5ce65c529555d8fc2400c64435751`
SHA1	`a3f61925ea59c6094de9561547253676adfa1d94`
SHA256	`f41227fb55f89938c038dc7e5b0b545a78b4cdbbec115bf6b3e1f4c986fb6671`
CRC32	`D62786BC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1fb51e48efcb04f0_~DFDCD5CE28020C6242.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFDCD5CE28020C6242.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`ef8b08ab2dc0973906b1febb0dd13a9c`
SHA1	`bae2803b34ee5808391e26dc4c877c68ae6ebea8`
SHA256	`1fb51e48efcb04f0f68bb07b99d98aacf08fdb87a3f979a263aae9d5de358d1d`
CRC32	`69CE46E2`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	39db7f995eaa28b3_~DF8F3C6735F9D96D53.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF8F3C6735F9D96D53.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`547d7432b5a726e2989bedb5164d1afd`
SHA1	`5a1f9510e9707844f828fbbe4e0a0f4c2425b92d`
SHA256	`39db7f995eaa28b38ebd97dba0702b529e14c109215a4868fb10966b93909e16`
CRC32	`9248E188`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	35e71c2d7104ef1b_backup.exe
Filepath	C:\Python27\Lib\unittest\backup.exe
Size	40.4KB
Processes	5212 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`5bc9c73e62c774c4c101f20b1d46c7f3`
SHA1	`08e834ec851ef115c8008fa7f23656a9432da024`
SHA256	`35e71c2d7104ef1b47fc9eff3fda3c2141920650ef48b3f1e8424fd3c64ee13b`
CRC32	`F91EE010`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	43e9ea466ce17802_~DFDBF06D56023EF81A.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFDBF06D56023EF81A.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`9ef00a842ed827a95ad53b1d4a57fa6c`
SHA1	`2ae10905918bf2ccc7552dc96481b21f76d2fc34`
SHA256	`43e9ea466ce17802ad9996eb11d0dff5c87050558757881d387594444f0b3260`
CRC32	`A527E437`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	320ae188cb5dcb43_backup.exe
Filepath	C:\Windows\assembly\backup.exe
Size	40.4KB
Processes	9424 (System Restore.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`69b1edd45d25d3cb369f1367af9d8db0`
SHA1	`85a9694b1502a8d8c5d323f67f30c59044c78a73`
SHA256	`320ae188cb5dcb438a26d86845259a8c53ca162a159bab3c6660a77cdc98708c`
CRC32	`B08E3691`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5c7a218a078fa983_~DFDCF8BA671EE4EDBA.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFDCF8BA671EE4EDBA.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`2a2c5b776037479c03fd5dbaad0286ce`
SHA1	`167f64c4f83b8720a49ecd9f3204a2ea3c8bee42`
SHA256	`5c7a218a078fa9837291d93263cf2a9adc98e596ac203c0208dfa363d5d0b3a9`
CRC32	`74210BD7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a17f59b8ab06f856_~DF2114F7BA415CBD15.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF2114F7BA415CBD15.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`b24581a42e0742e458dfc8ae764a44df`
SHA1	`8e8ad2b85ad6b2c7acf6e3d9e422a22448378cb6`
SHA256	`a17f59b8ab06f856fa650a7c9dd7e2f1d4fa960272c6584a7fcb68492915d988`
CRC32	`92143902`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	71b3ee0e314fe0df_backup.exe
Filepath	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\zh-CN\css\backup.exe
Size	40.4KB
Processes	9364 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`01e6e824e0022ce06c7775cac281caa3`
SHA1	`bed7a52aff3bb65cc020aee0b73cb320aeff4389`
SHA256	`71b3ee0e314fe0df30f73a5e145ab2cfbe44eef2bde772876bcab3724de16bbe`
CRC32	`8F034C67`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4597c42553a6c022_~DF562EF7D32509F171.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF562EF7D32509F171.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`ca6c1919bdb00bd79faba6905675fe99`
SHA1	`29f4e45b66fba55956cc99907f06bff1e6b384f2`
SHA256	`4597c42553a6c022b8e209b81aac8c06646e4ffc4ebc1cc711446eca82653f35`
CRC32	`EAD26318`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6c389af206e3d811_~DFD705254158252112.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFD705254158252112.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`3c4c6f0de256107c132dca4a904364fb`
SHA1	`a8f3c8d7b8fb42373952ab3447160dc4e4417aa1`
SHA256	`6c389af206e3d811acc719de08ac4d36f02dafd420b57442d93cf2b6f4956abd`
CRC32	`5BEA116C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	32cf3fd61eb823ac_~DF4335B4B746937990.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF4335B4B746937990.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`bafac6389ecd7363ffbcd300d02b81f3`
SHA1	`113f93897c7b19c49b51102e38fef935d6dd1d4c`
SHA256	`32cf3fd61eb823ac4bf83fee923d71a646ef0d0e28b959160f29dd91feeb8af9`
CRC32	`709DBFF7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	877ebcd204369d8e_~DFB08F7D34CBEF43B9.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFB08F7D34CBEF43B9.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`5750436d9f9f70a6d49077503b06596f`
SHA1	`ecc3d832d4671dd1c5561cfa14684e428836d28d`
SHA256	`877ebcd204369d8eb6ee20134c2c8db7f18de7d166391e6ac4cbeb31068cd072`
CRC32	`AD52A67B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	72b0ec64590aa533_backup.exe
Filepath	C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe
Size	40.4KB
Processes	1592 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`8c8a8cba83299af35200b8d6976a4c47`
SHA1	`afe04802859674b2486229df175cf58c51164c7b`
SHA256	`72b0ec64590aa53384cd7d1416376e780ba481e9cc0ed12059e7d81bf3562fae`
CRC32	`EA79DDD0`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b769a4c490565a3f_~DFDEA89F971CA501CF.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFDEA89F971CA501CF.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`15f8fae34343a8681b708ace3275bdf6`
SHA1	`6f8beca339a7949e29a41a515f868da87e7db28d`
SHA256	`b769a4c490565a3fa28aba0ead3d54055349dd067b875c0499a0d8b9c6cccd86`
CRC32	`99809712`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5e19350249930247_~DFA8DBFCC7AA3838D2.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFA8DBFCC7AA3838D2.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`80d89ec200d4540b8cefe6a0e9eb0f5e`
SHA1	`e0d5d41a18cffdf2e3b5e38ec030d67e6733f644`
SHA256	`5e19350249930247e822d90d389797c0bf5ff294056f0e89ddac0106986a3679`
CRC32	`BE41EC36`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e1f26330a386e6c9_backup.exe
Filepath	C:\Program Files (x86)\Internet Explorer\en-US\backup.exe
Size	40.4KB
Processes	8044 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`9bb8c3bc01ccd9a1b992fae4be461fdd`
SHA1	`c327d7e3d1c5c91fcacd25755f4d7cd94e98c63b`
SHA256	`e1f26330a386e6c9241ace4aa1f202d9fc2bfdecc826936d6e4bdd578fd044bd`
CRC32	`54D323D3`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	07ae34bf023280fe_backup.exe
Filepath	C:\Python27\tcl\tcl8.5\tzdata\Mexico\backup.exe
Size	40.4KB
Processes	8916 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`22d40891499bd3b2cbaab836762fe367`
SHA1	`e181137805b92a139f74f872c6a07cdd8f0855eb`
SHA256	`07ae34bf023280fe62ee32b1f993ad5aa89e10e6497445c1e828c814bb8dc904`
CRC32	`93FA0AA7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6147ec407e3eddf2_backup.exe
Filepath	C:\Program Files (x86)\Windows NT\TableTextService\en-US\backup.exe
Size	40.4KB
Processes	11420 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`96edd50e663fa140e147888e8ec434f8`
SHA1	`f9c295ec65102717f0fcbb6acdc78ac0d48fd0b2`
SHA256	`6147ec407e3eddf24460f827eb616da4669dde1b830af9eeac9c9cb150d5ff44`
CRC32	`2AF85788`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4fcd6a24de1b753d_backup.exe
Filepath	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe
Size	40.4KB
Processes	1592 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`126bb54672c4c96b812250dff1566d6e`
SHA1	`57513c09f7f8616176d1a0cb1d36118f92648690`
SHA256	`4fcd6a24de1b753d7698499dcdbcb702da13f8675d6d49b57b83f62232583a7c`
CRC32	`87A4393B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3d469889d3525ab4_backup.exe
Filepath	C:\Python27\tcl\tix8.4.3\backup.exe
Size	40.4KB
Processes	7400 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`117513f7e7c84d55899337efbf8de6c6`
SHA1	`5d4becd9312b9e19d2fb5848d65502eab6f0c85e`
SHA256	`3d469889d3525ab4bffe5e9d2947ce79e0be4d014e344fa2429a242161968620`
CRC32	`41572E7A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	907d85ee93471e74_~DF691702A965F868AD.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF691702A965F868AD.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`4fc58c8c55a4e040e86a2f1cb7efb1e6`
SHA1	`23479e7fb4bac6e09fef1eb2c0bbb0b60160a6fc`
SHA256	`907d85ee93471e74239849a709ff5ea34c907a2aaf0f0461766d1958b628d73a`
CRC32	`3E10AE59`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	207864c890aeade8_~DF10831EF67936A01C.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF10831EF67936A01C.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`c00a6147d99bc95cc0df9e7fb5c11939`
SHA1	`5b25bd952a20a38713e833410e44a5035dd58aec`
SHA256	`207864c890aeade81207748acc649fceb6a28cdee837e01bb4a5775b2b481348`
CRC32	`F6CC21A5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	20e2059af828afff_~DF1939E64B58CBBEF8.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF1939E64B58CBBEF8.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`53de9ed849365462257b17399d114ae4`
SHA1	`a09425b5fcb6c049dcafc780abd57b155db72dd4`
SHA256	`20e2059af828afff2bfc094a771521b95a0085f0bca2314162f7295b45b7af65`
CRC32	`3BC5861D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1410c3b28f69715e_~DF69A0E50E6A8DFFBB.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF69A0E50E6A8DFFBB.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`3de308b0d49a3926758de692ecdd3a91`
SHA1	`c3d5ca12500674316f620d2266c3408359e88e4e`
SHA256	`1410c3b28f69715edf58278660cf60442724e989a0468c0fa68d128d69c71ecd`
CRC32	`8956898C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	02b767f14c65ac27_backup.exe
Filepath	C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\backup.exe
Size	40.4KB
Processes	10788 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`5554c53397c866f1716ca86eb7855464`
SHA1	`b4eabd7c952dd75466fb1809e00de00d89637580`
SHA256	`02b767f14c65ac27a8c231396676a1e902951cb32aca3b4be9804d6be7ef7aed`
CRC32	`6D01DB8C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7d465bea1efe6d8f_~DF0B8C0D107B430308.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF0B8C0D107B430308.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`8fd58d9985e91a37efd7e9de61b7acc0`
SHA1	`c1895b874714c6ab7074876ec0447501516bbd05`
SHA256	`7d465bea1efe6d8f4d70c811a309b1fb351e890fee6a6bba134f007f5cb6ac0a`
CRC32	`C68EC8E4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5622adc34453411b_~DFC7FC9938FB7AFF35.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFC7FC9938FB7AFF35.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`6a1f5d0c1ee143499c7e1cf0bbf17e1e`
SHA1	`48c5ddcc4cdf145f4ee5e90ef399d84220ab5162`
SHA256	`5622adc34453411be68f70d31873c7cd6a48c9dc38d527df724099cb88756f01`
CRC32	`825ACB94`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	bb5884e69f97f90a_~DF922019F3C62210AB.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF922019F3C62210AB.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`840f4a789083c5b7fc16871b64983089`
SHA1	`320af9476f43a6a85adc1ec992d3d160bb0b74ad`
SHA256	`bb5884e69f97f90a95b2d84551e9e5eea548f370a63624a6fe48dcc14ab6520f`
CRC32	`47D5AD12`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8389aab19095c383_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\Ludashi\backup.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe) 9188 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`4d04b2ed05a8bf519173714b363ab609`
SHA1	`c36b9e2308a42ed6d36369e1d66ecc6f251cee23`
SHA256	`8389aab19095c38378e74d05dae592732e216d7422af9188957eb5eca17346b5`
CRC32	`2CE1E795`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d0230e505b15a1e0_~DF5844D87D745D04AE.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF5844D87D745D04AE.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`2ddbc93c7c05ebdff49b9486d4e6eaa9`
SHA1	`dbe2a1d14964938c139da744925a7e31e4c95dfc`
SHA256	`d0230e505b15a1e0771c29ce88d93c5b671274c5bbd87ade935f00a6cd5d2e68`
CRC32	`7455AA66`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5745f6275802dc9a_backup.exe
Filepath	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\zh-CN\js\backup.exe
Size	40.4KB
Processes	2932 (update.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`5871be8e263bcd66613fde130bed1c83`
SHA1	`1b8b9661d17eaa805282bb87b9ee564ac9b653df`
SHA256	`5745f6275802dc9a3df44d38b5b76c738093d4ab1698a000a377e5a76ebd4dd4`
CRC32	`B2FF93E5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2c54580a9bc0eb21_backup.exe
Filepath	C:\Python27\tcl\tcl8.5\tzdata\Atlantic\backup.exe
Size	40.4KB
Processes	8916 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`a0ff3a5b0fa35975a584f5fed18c0440`
SHA1	`d082efde4d8564eccfd792b15067229aa4a1bc83`
SHA256	`2c54580a9bc0eb21374292582a14822cfc1118ba65e5de62d3422e997859e541`
CRC32	`0AF35B1D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	37a55b652438a3ab_~DF8CA70CC58D85C6C4.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF8CA70CC58D85C6C4.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`11026e69dfb82a930fac46eb8714c7ca`
SHA1	`dc53054c20bd3726d5a07b416a5eac52fe9a6edb`
SHA256	`37a55b652438a3ab0e93a0c84118a9b435e86cf0ba71adaf9abbde6c1491eaac`
CRC32	`848495D9`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	48db06bd9e9e858d_~DFEA934D7FD5133D60.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFEA934D7FD5133D60.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`cbd1d29eda70c5841319ae29a2ec1ef2`
SHA1	`6bab9a4a2086c0c243e3474b070134c98bebe7eb`
SHA256	`48db06bd9e9e858d1a5ca00ccaa33d94ad8dfd021922473960818cb7ae7090d0`
CRC32	`12AF8FC2`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3473e6cc3b00ec0b_~DFFE92384AAE0D1DB5.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFFE92384AAE0D1DB5.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`54c6b6865d6ea83e86e070846770b267`
SHA1	`a3e72e8606a7e2cd3f5fb601562fc80bada7b69c`
SHA256	`3473e6cc3b00ec0b82e1382dec2031bf7aa16e0dccc7973fbab6a85eb38b395b`
CRC32	`B7D6B3EC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	935f90b60085e14b_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\dIrXrIzRxErSaIiN\backup.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`7e9f9104c8ee969714a4b74e16e6d1b4`
SHA1	`9856a287ece82cebef45602b647f12a18dd16617`
SHA256	`935f90b60085e14bacd778462451b0c9342e962890d3810790e6b384ec63e3c5`
CRC32	`038E9B12`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8227a8732c4c9e7b_~DF3408A34F5D729A0A.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF3408A34F5D729A0A.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`50d44f3417c569c9f6b2ae5f28578869`
SHA1	`1664ade7c5de1dede734ca44555eee1c77519bda`
SHA256	`8227a8732c4c9e7bae9ca2f054fc958c0e2a0953a0eb048e92a76bc7aa1de447`
CRC32	`EA634AC2`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	980326980fd7090d_backup.exe
Filepath	C:\Windows\AppPatch\AppPatch64\backup.exe
Size	40.4KB
Processes	10164 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`2e76a9f655fad542f5c12bb6b4aeba37`
SHA1	`e37700fd0ef6babae6b246dd942ad2744f714829`
SHA256	`980326980fd7090dca438d06961ce42a01bf54aeec75b50e89c7ea0173872e01`
CRC32	`603E1F58`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	34d4e3c50feaa1ff_~DFAE2D9452BE6C6F19.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFAE2D9452BE6C6F19.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`828449b5adf76b70f5a4024ac849e821`
SHA1	`e698ce071330e207580e4444c77d31d96324acb2`
SHA256	`34d4e3c50feaa1ffb56b25011b7fa2d6d1e144fac82c71140bce950d1efa5872`
CRC32	`CFD8D34D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8a7c7c63c4eed686_~DFEA869FBF7E455BD5.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFEA869FBF7E455BD5.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`45201ccf07523a59aea1589e94a005d1`
SHA1	`943ab3667644e7afe60a6770c25c6543aa896bab`
SHA256	`8a7c7c63c4eed6868fb9a5f516cf2e3a51c5e5ed11df9d6612f6d5406111dc6d`
CRC32	`5A2B7225`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8c6b041f7d716bde_backup.exe
Filepath	C:\Windows\AppPatch\Custom\Custom64\backup.exe
Size	40.4KB
Processes	8496 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`39fa590e24b44017dafdab209c816379`
SHA1	`061e0c82be4ac13cc18378b09cc2e2dc2ed59860`
SHA256	`8c6b041f7d716bdef0359728e6fb760348688f588be2b31ec832581e4ff425a7`
CRC32	`A304B80C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a7cb6222f6d7b85d_~DF9450327CB255A9D8.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF9450327CB255A9D8.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`4f70e116a738540c7291ee529ac1a1a7`
SHA1	`9741731e9538ca1fdba80b70d4f8691cd70ffe99`
SHA256	`a7cb6222f6d7b85daf071d4e9d7998481d47216ee36c780856d17438e320cb71`
CRC32	`05145881`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	22c3b6cca77b1a83_~DF1D8B2460B3CB6030.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF1D8B2460B3CB6030.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`38c3c85cbc708c376c97a723398f89d5`
SHA1	`46ecfa50b0a0264565fea37794abbf71c96d65d5`
SHA256	`22c3b6cca77b1a835ce9256ee2673848c92d46aa6d6e5dd74b6295ad7fa92670`
CRC32	`DD2CC2EE`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0beab781e273ec89_backup.exe
Filepath	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\zh-CHS\backup.exe
Size	40.4KB
Processes	6688 (update.exe) 6420 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`d0e90a86b4d8646e552a8c31be6ecee7`
SHA1	`6bae74999aceb470b91e8ff9c813a6e2a21132ad`
SHA256	`0beab781e273ec89d2f20d35a46c5b3f8aa3e9183dcfad580a1d33f5d01ec7b0`
CRC32	`6EBD324B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e8beac414f52f858_~DF8B69A9B6CF99ED1F.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF8B69A9B6CF99ED1F.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`4af442f6cf3106f8d15c8070ffa5c483`
SHA1	`deef196a72574fcf0dd36f84da5ecda9ff2a9c19`
SHA256	`e8beac414f52f8583947e1cf36fa8420ade136d00a76b910817f19532715f517`
CRC32	`6E8C8404`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	fba57ffd2ca3e52b_~DF453E5B641F50D87B.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF453E5B641F50D87B.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`e8ebc51e081d34d788c1d81ec13c64ac`
SHA1	`4736407d19582b215ca505f18c36e83fa6e7039a`
SHA256	`fba57ffd2ca3e52b94eb9638ad35fcdb3fc9f6e5d1c5f3f13cab55814d64c0b8`
CRC32	`F62EDC9F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f7c6519f46e0b831_~DFEAC921E6B3523C35.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFEAC921E6B3523C35.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`da321c71cba3368a4c2a2e0660b47f8a`
SHA1	`2e8db22259dfe45ff0299a630ba366a97da485d2`
SHA256	`f7c6519f46e0b83171c5cd5042aa891cc2af45aeb2edc4b5dbc419ad6ba55b99`
CRC32	`3038F158`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	92515a6b03e4cd35_backup.exe
Filepath	C:\gcoxh\lib\backup.exe
Size	40.4KB
Processes	2028 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`ada2980ee224227d7560fcb14a34ec4d`
SHA1	`1e7287efbe4460b3142bf46c4fde597da100423d`
SHA256	`92515a6b03e4cd354aa15a8046589e90c3eedaa9a75cd5bbc5957e73281012d5`
CRC32	`D19D3D32`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d91fdd557ac4d35a_~DF4CD1DA892AAEEEF5.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF4CD1DA892AAEEEF5.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`eb514b2a5b61b47d8a6d4d7a3eda2168`
SHA1	`042f17d5e1ea02635b0691b576aa5c80d84c5a29`
SHA256	`d91fdd557ac4d35a4a38cfa6683bbe3585ee7fc033df8822ac64fbc6de7c7550`
CRC32	`1129212E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	aeef142a3b8f9fbc_backup.exe
Filepath	C:\Python27\Lib\site-packages\pkg_resources\backup.exe
Size	40.4KB
Processes	8828 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`eb3fd52fa6483a89ac0901a84ca01bbb`
SHA1	`b9373f891997fc3898730d241952b33a1b56bc49`
SHA256	`aeef142a3b8f9fbc2c35f557f3636ac6d68e37ec9e0a1731421e331e7fe185a5`
CRC32	`A77341CF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	28ffd775113bc1ca_~DFF89CB6D4D12F7A31.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFF89CB6D4D12F7A31.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`de3f57cf92a3184027149839249cfbfb`
SHA1	`3d2d57278244cac4c70701c1912e2eacddaa5add`
SHA256	`28ffd775113bc1caebf6c9a14d79da173f3c31f4e84fe5ecdd69a682f657e6b7`
CRC32	`90B1FCE6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	be7e2ae5186d1ccd_~DFC60E6ED39641FE59.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFC60E6ED39641FE59.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`9d396198ff3e04292bbba05189b29f86`
SHA1	`e70401bbb09a7648f53076968767dc6affc8a9f5`
SHA256	`be7e2ae5186d1ccd3369f24ea748fb087bed4be1dc5b7781bb3dcd8da7d28ff2`
CRC32	`07F7B60F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	37f13c0cb332639c_backup.exe
Filepath	C:\Program Files (x86)\Windows Media Player\Visualizations\backup.exe
Size	40.4KB
Processes	10248 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`047dc5a9d98b486ac0b47843b5c0dc44`
SHA1	`4b3a0db55f65e5003f46adeb95c96bc7d1633657`
SHA256	`37f13c0cb332639c30a4edcfcd5aac2665e3e8899ac02983235684fb74a6fca8`
CRC32	`21C1743F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	add490e9efed73f8_data.exe
Filepath	C:\Program Files (x86)\Common Files\microsoft shared\ink\1.0\data.exe
Size	40.4KB
Processes	900 (data.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`7d84ecaf4b25f442e7d1ed255112627b`
SHA1	`46ed0410a41a2649a9b6f7a01ae1b5a2a2fc98b3`
SHA256	`add490e9efed73f8a83f36518ea1af9ec94a7cdb4f7f89c9e73537fca15559ac`
CRC32	`DE0B0741`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a39216b487e298e9_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\{0147F6D5-7F79-423f-902A-445D2C510FBD}\backup.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`c1256a9d6cd89841bc1d844c69e08464`
SHA1	`9cd540b090457aa9e53b83b003570657271c53c2`
SHA256	`a39216b487e298e9768452c84550d89bf4aa8beda2a8427d02cc01d29964cbbd`
CRC32	`4FE78B4C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	43977d8f232f518e_backup.exe
Filepath	C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe
Size	40.4KB
Processes	3604 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`9a00e09a106d675e22a086763f194a22`
SHA1	`3d59f91ae8b3757753859ce547a7ac52696bbadf`
SHA256	`43977d8f232f518e4c5a7d9ad4d34667b2882e8334386737c120c1784e850849`
CRC32	`AF7390BB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f8408f7f52cfdb37_backup.exe
Filepath	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\backup.exe
Size	40.4KB
Processes	8936 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`b07ac946008f0627a405c0029e85f48d`
SHA1	`693bc44bcd63bbcfe31a5ab1e8ba36528c40f7e1`
SHA256	`f8408f7f52cfdb37b909c14e58657524cc0387b6cf2bdd78faa50cdf2f98c695`
CRC32	`61AE1CBF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	11d61674172bdae5_~DF9F7FD2E104460591.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF9F7FD2E104460591.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`e78f043815822d5617a5cd31dea619ee`
SHA1	`79ee175a1f25a757361ae94c96e36026e3894d7e`
SHA256	`11d61674172bdae5572e6b469a1d31f6b650d1425f6e43fc7817872293fff4e9`
CRC32	`DDD46D43`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8cdc7e36c676f047_backup.exe
Filepath	C:\Python27\Lib\site-packages\pip\_vendor\html5lib\_trie\backup.exe
Size	40.4KB
Processes	10264 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`e49a874b14db19ce0e458dcc3d62e07f`
SHA1	`5f721a1178a109e6a22d4bd04ef7653babd82aae`
SHA256	`8cdc7e36c676f047dbfd11b6c345e4d21292890f04df8dd562caade07f16d8cb`
CRC32	`F9105425`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	71af3b2fc7dd1b9c_backup.exe
Filepath	C:\Program Files (x86)\Common Files\System\msadc\zh-CN\backup.exe
Size	40.4KB
Processes	7652 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`4394671ed0cbe39fbf8ed122ccacfe59`
SHA1	`85b34ea730bf3477869b7bf513e7ab488a6ba7c6`
SHA256	`71af3b2fc7dd1b9c1d58a7a45cffbf5bc1107a3967a2eb29835be3321bc7a90f`
CRC32	`5954563B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1628aa3ad2836290_~DFBCDE9BFEC08F6120.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFBCDE9BFEC08F6120.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`5b829ddefda6b6e1fa27fbdfef4a9e65`
SHA1	`546bb76bbf3a17315e4f63a042026dc3ffef81b0`
SHA256	`1628aa3ad28362909341c867f35754fbb211238b58802ebf06dd61191435bc7b`
CRC32	`4FF09B2F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	51d47bdfc2a129d9_~DF0D06DB901B633FF5.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF0D06DB901B633FF5.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`89ae2ee65c8fcde36edafa60bc0148d6`
SHA1	`adfcb5103dbce31a20d91888ff4fb98d69f78332`
SHA256	`51d47bdfc2a129d916fdcbaeb3fa7a3323f8b4e6b60c9362f9b88bc205d6c20c`
CRC32	`DA65A245`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	23d11d67ed7a1c32_backup.exe
Filepath	C:\Program Files\Common Files\System\ado\zh-CN\backup.exe
Size	40.4KB
Processes	4940 (System Restore.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`fe6cf05d7ee93a2958254fea59c3fa68`
SHA1	`cafc5d647325cacf26e7668825745e82e0688455`
SHA256	`23d11d67ed7a1c32eb82f2df2c8e73dcfe7bd472190ed55cbb33faf323eddf32`
CRC32	`4457CF5B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7e5b11dc03ec1a31_backup.exe
Filepath	C:\Python27\Lib\lib2to3\tests\data\fixers\backup.exe
Size	40.4KB
Processes	7180 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`3eeffd49a9390c10b3ed678affc2c78d`
SHA1	`479b3168611eb51fc153c85d5ef20eb73ebdf1cc`
SHA256	`7e5b11dc03ec1a31c1b52ad32f66603a10fff1ddfa71fa0b7c644daa11b3ee47`
CRC32	`50117578`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1cefb8466e9656ae_backup.exe
Filepath	C:\Python27\Lib\bsddb\backup.exe
Size	40.4KB
Processes	5212 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`dd0b6a69f8b6b9f1ea9c37b2724a54b8`
SHA1	`5942df710151113a34bb6b197d6a07e2e2d8f106`
SHA256	`1cefb8466e9656aecf93e48365f1ffe83cd785d6cb18c9456d0ea0a2f0d7993c`
CRC32	`C270C0D8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d2cc0b68c25ae208_backup.exe
Filepath	C:\Program Files (x86)\360\360DrvMgr\netmon\360sensordrv\backup.exe
Size	40.4KB
Processes	4948 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`5d8a5f7fcc1aa739147a8686690e4477`
SHA1	`b315e9e125d2e453dd0ee01f315e601cf3c68871`
SHA256	`d2cc0b68c25ae208f54f4604483b4f47c52b390421af6ca12b5ca18fbc13168d`
CRC32	`5465CF76`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d092e5745cc5eb74_~DF0DF077C0D08A1A32.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF0DF077C0D08A1A32.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`e409688bbdb15f93b08fcaaed9af598c`
SHA1	`6501052d983089c756f6301db3b6a8de2112a589`
SHA256	`d092e5745cc5eb74cba9dd9f290005ca3be815af6654fbe76468260fb3d57336`
CRC32	`7D198A2E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	43b257a27ef6d5d3_backup.exe
Filepath	C:\Python27\Lib\site-packages\setuptools\_vendor\packaging\backup.exe
Size	40.4KB
Processes	13232 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`edd42b168e05ff9ce7bd6fb4e83e2603`
SHA1	`c96a9fab5684d304148c889e257ef871119b50ac`
SHA256	`43b257a27ef6d5d39f13345035193d67d1daff44075be1ffeb34acdcb6b4184c`
CRC32	`78C27605`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	bb5884e69f97f90a_~DF45E01C2B28408088.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF45E01C2B28408088.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`840f4a789083c5b7fc16871b64983089`
SHA1	`320af9476f43a6a85adc1ec992d3d160bb0b74ad`
SHA256	`bb5884e69f97f90a95b2d84551e9e5eea548f370a63624a6fe48dcc14ab6520f`
CRC32	`47D5AD12`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	92fb177f67a59fd3_~DF387E8482743A7567.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF387E8482743A7567.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`d280c16e04443a57c981193f4d81d272`
SHA1	`e3d7057991bde23b7139df067220faf283a9faae`
SHA256	`92fb177f67a59fd3f796eee2fd34dcd4c0c2ac65d85f705594025b9a16a54540`
CRC32	`DF086D4E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9047ae979b75ab06_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\uRuOtPjJdDrTmWrG\backup.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`d65985cc063986ba50ae3b297ef3ada3`
SHA1	`6a321f05b0ae0328ed3cf5f8de22ee1462985f66`
SHA256	`9047ae979b75ab06d3844f93ccd269bc27e3bdd4882c3be8115835e934b15334`
CRC32	`488A4F55`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9b0e776bc5048474_~DFC95521581F739638.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFC95521581F739638.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`32c67aefabe7d2ae7b4d618fe85c590b`
SHA1	`8c73ff5c90076dc01a66596d686ab26233f06307`
SHA256	`9b0e776bc504847456ce2bbafa9ea4a2b8ffa973d8e16c18988363887fa57efa`
CRC32	`3285BD4B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	fe47f12c1c935528_~DFD4AF67AC8ACD2067.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFD4AF67AC8ACD2067.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`ec66d001b03ac4bdc147b8ab2d8fa4d4`
SHA1	`5e204c30083dabdfd9dd4d9e007581bd867fe311`
SHA256	`fe47f12c1c935528fed9380eb94eab556bcac4cc65c80f8e0175162fd6101eaf`
CRC32	`439C1582`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c2b408484c3cc8de_backup.exe
Filepath	C:\Python27\tcl\tcl8\8.5\backup.exe
Size	40.4KB
Processes	8436 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`c8e17adf43a6726125abdd29482cf689`
SHA1	`358bd34f4a8cf704a95961b11eabf433fe894a9c`
SHA256	`c2b408484c3cc8de6a2a72ad7ff9bc7c31bff2ddfbe6f93106955e1b23deac08`
CRC32	`CFD2EF4D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3891ec4849346884_backup.exe
Filepath	C:\exsrjwtsit\lib\api\backup.exe
Size	40.4KB
Processes	2084 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`8c244b23199c05db7cdf6d964ce258b1`
SHA1	`c26a2da9602f9f825624d256a94af0e4f06c7ac5`
SHA256	`3891ec48493468841dde64409b2c247f2def351bad8460eb536adb4945efa0b3`
CRC32	`63E117E9`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	648949043b301039_backup.exe
Filepath	C:\Program Files (x86)\Internet Explorer\SIGNUP\backup.exe
Size	40.4KB
Processes	8044 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`52edd176c20656feb32c4c162884e97b`
SHA1	`6b5d5039097765745fb5ce7a9898e42458b7022a`
SHA256	`648949043b301039fe79b85bc222316e74c497c2777d9f33fdf368022b870091`
CRC32	`CAB7B670`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	52663330f8fa8063_~DF84C4C6BBA18EC074.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF84C4C6BBA18EC074.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`7cdeae110814aa109a344427dea39e12`
SHA1	`6107255ff358aff2b369ac56953f07774af3c8e2`
SHA256	`52663330f8fa8063b6d11e2db7b899ad24913adfa22d683365d32c77332de668`
CRC32	`FF115753`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3b9cf0482c491896_backup.exe
Filepath	C:\Python27\Lib\test\cjkencodings\backup.exe
Size	40.4KB
Processes	11520 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`d100f5dc2a1dd6dec67254461354c37d`
SHA1	`7878a3258f704bc66225f76d90639e5db04d3901`
SHA256	`3b9cf0482c49189603105235589eda65d832f4247cb75e2f8250be178324395e`
CRC32	`B7000D5E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	05100a714594700e_system restore.exe
Filepath	C:\Program Files\Common Files\Microsoft Shared\Triedit\System Restore.exe
Size	40.4KB
Processes	2980 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`aa5909d8ef35c7e15edcda1e5c7978aa`
SHA1	`604e9a841109beb144ccd7544718b10a8473da22`
SHA256	`05100a714594700e44f54f07744229ca66e1bac250eaf4fb3f4a009d57b0fc59`
CRC32	`4A45DA6F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	740336571999956d_~DF497134B215FBF352.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF497134B215FBF352.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`b76d052ff91796f4a0e6f7c6dbc48b2f`
SHA1	`bfbe8c5ce4f1fe35a87b079c2ab818afc3935680`
SHA256	`740336571999956de6bcac8e0a1a0a2143e2299421b151c9316a86f9342bff46`
CRC32	`9E76D12A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7e8380cf0272dc8c_data.exe
Filepath	C:\Python27\Lib\site-packages\pip\_vendor\urllib3\packages\rfc3986\data.exe
Size	40.4KB
Processes	12668 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`1f552d68a446f88dfde39a4b12e7284c`
SHA1	`ac445cb74048a6ffed8807c96848fe05801ef52c`
SHA256	`7e8380cf0272dc8c751e08a70f8bbfccbad349c787a6ed4938444751df5be490`
CRC32	`B476253E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c9d88c8970c576e0_backup.exe
Filepath	C:\Python27\tcl\tcl8.5\opt0.4\backup.exe
Size	40.4KB
Processes	9116 (update.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`fc0a41b084e350fba73b3b8c4b4e11fc`
SHA1	`9fc4a23805d01eaa208cedd72d72c65759b256fc`
SHA256	`c9d88c8970c576e0c3fa1cc42ead5e7142861d06636157621e7203993480c5d6`
CRC32	`5EAF98EB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e5883b3f2e68a0bf_~DFC0BF0F6CC44562CD.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFC0BF0F6CC44562CD.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`15788e13b52ae3ebc08a988508728270`
SHA1	`18e46e26c3b75186df72222880a471e1a182633e`
SHA256	`e5883b3f2e68a0bfe384244c80f88b84b18d69950703f8a1b8ce7dfd64755239`
CRC32	`0CAE0604`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	61961a0c057ae9d8_~DF3622EE8152965D8F.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF3622EE8152965D8F.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`6a1ae56981e2559374e088c99c3fe2dd`
SHA1	`2d40d4181cf09a2290bd6b09e4349220b4c7adcf`
SHA256	`61961a0c057ae9d8572b67b8ba529ab7203d070818356a5495730d235569934a`
CRC32	`EADC68E6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3bdab87abffe4e43_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\mJfCfKyMzJuCkAiC\backup.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`a3523ddba6b2dc25b71c7e2fcf4e2a9a`
SHA1	`3f5636aa200a903e49e86621d0d3ce64f1bfa098`
SHA256	`3bdab87abffe4e434f08802a05117b0db9152f360bc18f515e36e3107ff118de`
CRC32	`5BE6D703`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	12bef18ebe3174b2_~DF1726D06B6CA0D526.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF1726D06B6CA0D526.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`5e5133e2c9565430e2a5c8c4630dbb91`
SHA1	`6d7668b1cdd3cb7cf7de633406e2fd639cd00d52`
SHA256	`12bef18ebe3174b2586140403d740afff0796bb41d5018928b2b5af7c28b6492`
CRC32	`3EFFC954`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a7fc83329d67e1fd_backup.exe
Filepath	C:\Users\Public\Downloads\backup.exe
Size	40.4KB
Processes	9924 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`b948e7b0696494373b62524de85c9c39`
SHA1	`3f3f7057be7765f856c3ef582c6b60361bdd752a`
SHA256	`a7fc83329d67e1fd734642c5c2714d6ae8380862c36ee911d3af069a3deb51cf`
CRC32	`996CB1DE`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4c5f96bd1473949c_~DF01DC98E6ACACDEAB.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF01DC98E6ACACDEAB.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`db601da2b816c99a82e065e92e62eef4`
SHA1	`3be2a0257b59e697f8bba542900a24e0534a9a9e`
SHA256	`4c5f96bd1473949c100abe565aa21ab7338bf026a32fde38941795eac9074f4e`
CRC32	`5A9DBE68`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6bdd16a7e68d99d5_~DF4E73F5716CF30AF7.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF4E73F5716CF30AF7.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`7ee811f85fb184c6fb14ecebd81e7d47`
SHA1	`e83740cb40ff57600fb4478981e21b8e474bdf08`
SHA256	`6bdd16a7e68d99d54d0f734d584ade8fb1b5ea42f36b41892c78e7f533d76fc6`
CRC32	`E24E1B1E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8aef88a5525d9eeb_update.exe
Filepath	C:\Windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\update.exe
Size	40.4KB
Processes	12148 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`285968ae797b6aade44c5af7aec74a21`
SHA1	`846832ff03e8b24225c89a214e2f28745d569e8b`
SHA256	`8aef88a5525d9eebd3144d654a3d609264f4403b4d417e4075b8ca34f217d6f9`
CRC32	`47DD9E89`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	34edbad9e00c4af2_backup.exe
Filepath	C:\Program Files\Common Files\System\zh-CN\backup.exe
Size	40.4KB
Processes	4536 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`31fa04ffe1ca774102de90202342153d`
SHA1	`26551f2668bd0767875a4ef93c8035588a748e42`
SHA256	`34edbad9e00c4af2922c467699514e0a7e813bf634dabf0807629dd17e202cac`
CRC32	`CE572EFE`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4c55bce4f82d8b23_backup.exe
Filepath	C:\Program Files (x86)\Reference Assemblies\Microsoft\backup.exe
Size	40.4KB
Processes	9276 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`5b606175fb1d89d50cc0e473cc90be17`
SHA1	`5e763425990f9571e3d4b526d37e88d78b59c5a5`
SHA256	`4c55bce4f82d8b23e583bbeaf8690670580d1c2ac4cc47c18ea4dfc9fbc313fe`
CRC32	`B83749E9`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9381fde7cd22093d_backup.exe
Filepath	C:\Python27\Lib\site-packages\pip\_internal\backup.exe
Size	40.4KB
Processes	9168 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`bf31be6391d693a79449f8af32d0e443`
SHA1	`d417cc0a0a8850e2cbe1a990b4228e421d6db476`
SHA256	`9381fde7cd22093d180d0a644398b3d329ccc95e33e5912f8d969c8d227cec04`
CRC32	`11287303`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e93ebd4e43579545_~DF432136A8E080072E.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF432136A8E080072E.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`20fdbbb07b767cabfa6370dc5411a38b`
SHA1	`4f192c532b991225dc0369dfa9dd77f0670a96f2`
SHA256	`e93ebd4e4357954589e66d018e3dfe2927bfcc51468b8412934792a0f3320b22`
CRC32	`E0C81F86`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4f9217d57887648b_~DFD0DE9AC53C0EE585.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFD0DE9AC53C0EE585.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`e73a81e09ab9603b754eef1167983367`
SHA1	`7f30ff4339c7acd7ba29e138d822cb79a7f21059`
SHA256	`4f9217d57887648bbd97354fb2bf91ca6a472a28e17819165bf3f0717b975b10`
CRC32	`C633C843`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1b63c4fd53d76e1c_backup.exe
Filepath	C:\Program Files\Common Files\System\msadc\en-US\backup.exe
Size	40.4KB
Processes	4636 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`99d6320e32bfc34acc1afcbf589b2215`
SHA1	`8adbe687d736dead236bda71c21e54371dc677e9`
SHA256	`1b63c4fd53d76e1c3134f0b22b2e29c52a91d6f3966ebb36ecd1bd26e3955306`
CRC32	`326DF996`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a513be60d40475fa_backup.exe
Filepath	C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe
Size	40.4KB
Processes	1592 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`a3dd8c4b2838147ae40ec779d08fabff`
SHA1	`7400ad3fadf1bf2aac5d48f26ab9743b75bf49f4`
SHA256	`a513be60d40475fad6f7d2072d8dae11ec3ed27da09aab7eb78a71d2b41822c8`
CRC32	`ED1419C9`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2a3d11ff00c857d2_~DFEC4BA282C9C3C179.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFEC4BA282C9C3C179.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`c8652004dc895368d8f43829031fe0b2`
SHA1	`4d401e09241f3548cadaa3645900ce1b18e32d17`
SHA256	`2a3d11ff00c857d268f7e2a85889f0a52b7c25d4967b54d365225d8dc68e64e5`
CRC32	`C23A054B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d2926ab4ba0c4630_backup.exe
Filepath	C:\Windows\AppCompat\backup.exe
Size	40.4KB
Processes	9424 (System Restore.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`55afa52b5d9b6c35af80061a096c8ba1`
SHA1	`d61d332b5f7c91d681c2ba849dd5c7b2bc9a45f9`
SHA256	`d2926ab4ba0c4630ae167e2aa535af8d538b5bf6af2e067ba5e70a5dad68c0ba`
CRC32	`3D863B64`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	dd73aef12962278d_~DFF0695FBA5FFA999D.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFF0695FBA5FFA999D.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`4efb7cf91a152d6ab62b8802b9f4228e`
SHA1	`48cd5fe04272a636137047d0d9c6ffaadb5738a5`
SHA256	`dd73aef12962278dd2c8d66269c55e38b455e3f7a4f4535f884c66aa6440dbc5`
CRC32	`E138E6D8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9e4274e3b4d4a2a3_~DFF1EDAB3EE930B90C.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFF1EDAB3EE930B90C.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`1aaae201987ad5d4ec7e665b2edd2a95`
SHA1	`b527795d02cf0d27251d774921543e87c6b6c5b3`
SHA256	`9e4274e3b4d4a2a3514d98b87386378b1586fa70fdaa441f6ad68f9a4c976397`
CRC32	`78ACF002`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	729014026cdf9159_~DF61378E597AB91ADE.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF61378E597AB91ADE.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`b3b6b6fe399f920eec13ebb630519c96`
SHA1	`fe6f31810ce63906982d06c12f0dd508da0a83f4`
SHA256	`729014026cdf91595a00ec1fefed7ee62cadb0347c013d8e7760a2d8f329c24b`
CRC32	`87F6309F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8724437ecb14f700_~DF5B3CCE7D792E647B.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF5B3CCE7D792E647B.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`17f9f423bf71e514d7dbe2680d5c1172`
SHA1	`89900828be6d53a101a3bb6bed06c91eed84ef0b`
SHA256	`8724437ecb14f7008844442bb5f279d82cf5e30cb60f5eff95fbb0bbb0509d69`
CRC32	`C0668364`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d82c041aec288915_backup.exe
Filepath	C:\Program Files\Windows Mail\zh-CN\backup.exe
Size	40.4KB
Processes	6512 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`4274fc58cfb63fb85823de0e52e8dd10`
SHA1	`988d0e1dbd9b6b81626fb2fe170c7c317e680739`
SHA256	`d82c041aec288915a7ff66196c536926126101dbb7daf0c930cd6929743836e8`
CRC32	`D098A167`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b3cd6ebbfb9cedd3_~DF51E29F6EC1997007.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF51E29F6EC1997007.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`ca9b5264c9513876a0ef046e1f429b4c`
SHA1	`cc5e78b3a00831074e0a6cb34efcbbb30c67462e`
SHA256	`b3cd6ebbfb9cedd3ed3b0e6c78277811db3285cd1be1117a3d5436afc6638264`
CRC32	`0A7383D6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	85c31bc69d9ffb26_backup.exe
Filepath	C:\Python27\Lib\multiprocessing\backup.exe
Size	40.4KB
Processes	5212 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`16ed94e0cc3e617a71fc603b4e67bc3c`
SHA1	`fa92a3bcd7a167ee4b012531d253c86e7e6b9984`
SHA256	`85c31bc69d9ffb2676a268a5eb5b8afe15c145d549642ea11763e105200b26fb`
CRC32	`93AEC0E2`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7d465bea1efe6d8f_~DFAA9D7DDB7E48E7AB.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFAA9D7DDB7E48E7AB.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`8fd58d9985e91a37efd7e9de61b7acc0`
SHA1	`c1895b874714c6ab7074876ec0447501516bbd05`
SHA256	`7d465bea1efe6d8f4d70c811a309b1fb351e890fee6a6bba134f007f5cb6ac0a`
CRC32	`C68EC8E4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	bd2ad01f3addda42_~DFD82440B33FBED4F3.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFD82440B33FBED4F3.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`df0577ad8e302ad63db001bbb3f8c362`
SHA1	`f4fc05e64d4fb0663a69e5bb39e2ae7a0c7ad529`
SHA256	`bd2ad01f3addda42deb3f867b74ada9a7650e65b1124e2152294969e412003c9`
CRC32	`16A3B408`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f945e25027a03f47_~DF51DD7F93265983B3.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF51DD7F93265983B3.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`e05bdd3cbb9daf93fa7fdddd7240a926`
SHA1	`ff1e2de0bf0af5cfcb5e596decd50ee9b9672a96`
SHA256	`f945e25027a03f471ccca2f90bbf50e436cb8db251fabf714159ac6de7953bc8`
CRC32	`FD78A06A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7f38d54d43b11155_~DFF1A23D801DE317D0.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFF1A23D801DE317D0.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`d36b6416ffeaff186b738b82a53db5eb`
SHA1	`c6e02c822d3090456d40a0c97f3a4a92bb06b8fb`
SHA256	`7f38d54d43b111554c2193c83312aac557a00be1179bde56fac3e3909168c17e`
CRC32	`09A08CF4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b22bd25ee22a5e77_backup.exe
Filepath	C:\Python27\Tools\pynche\backup.exe
Size	40.4KB
Processes	9456 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`5b3c7f9e43ad310e5455d8d3fcadd07f`
SHA1	`2d09fe1d004c281a3e0130ee2ee25da8e5324d22`
SHA256	`b22bd25ee22a5e77f815c5f1849d64ce796e3215a92b1fd3f540dd9cc5e7e247`
CRC32	`3BC79B3A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f87acaca4045d5ae_update.exe
Filepath	C:\Python27\tcl\tcl8.5\update.exe
Size	40.4KB
Processes	7400 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`1b194e13c284a0be77ba37f777f84d7c`
SHA1	`0003f21ffe41143d0da2d516d68c095bae9ed5fc`
SHA256	`f87acaca4045d5ae211c29462f47b100b73f4e3e02cc511fb84c7a78a363d590`
CRC32	`B5839B2B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	618c2d37a5e6f9ac_backup.exe
Filepath	C:\Python27\Lib\ensurepip\backup.exe
Size	40.4KB
Processes	5212 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`5ea0df9162813daebfe7e627698a9ba2`
SHA1	`cb1a149a7646df6db4cfb9bcfb2e542bf0d4e2bd`
SHA256	`618c2d37a5e6f9ac94132b5590717136f2e682ce40d98d96a51aba199b6a0fdd`
CRC32	`BCC1BC65`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	449242b27ff8eea3_backup.exe
Filepath	C:\Program Files (x86)\Windows Sidebar\backup.exe
Size	40.4KB
Processes	12364 (backup.exe) 3820 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`f3ddb15d14e7b1938418b000ce1aaa89`
SHA1	`41cbcf9689f1caebd0faae4e39182a187604c096`
SHA256	`449242b27ff8eea38cdc5355647b58572a24ad6ab4547e0664ddc622e6fe4d58`
CRC32	`88A71CB4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	cb2b8ce3d6da3ae9_~DFD439EF95D801B261.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFD439EF95D801B261.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`438dd1424f2305497b96bb3b0c4e1ff5`
SHA1	`9cfb67abd9cf44366791547d85e6550ffe555032`
SHA256	`cb2b8ce3d6da3ae9bb74d97e2617f44c177b651e617dba3d5e719ad9d9aa4d8f`
CRC32	`9B288A6B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	28a4b570303837cb_~DF3045EEFB58BEAEAF.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF3045EEFB58BEAEAF.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`c1de2b8423f93bc42f4a51645d9d3589`
SHA1	`a28c2af3db075a245344f8e4b4e2a844a5042bc2`
SHA256	`28a4b570303837cbd6acd6cce186752e4d9febb79c3b7c633b1bcfab1cf482fd`
CRC32	`C29A6C16`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f9f377b808077f4c_~DF5E59838CA9CD7A91.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF5E59838CA9CD7A91.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`da138283324c12a797de88202876b611`
SHA1	`7f6514d360390faa54094b7330d9d411859e1197`
SHA256	`f9f377b808077f4ce44f8750982544af2740f03cc70b0dca682b58f57387ca19`
CRC32	`9661A961`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f204ecf49b50b124_backup.exe
Filepath	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\backup.exe
Size	40.4KB
Processes	8552 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`c67c0f0d2c84797134f9e4f94b11934b`
SHA1	`59f9f26562d779bc2d0f364f876118f9f4148987`
SHA256	`f204ecf49b50b1245a5963f8e9759173c62e70d1ebbf91586877409f39dc1dce`
CRC32	`9BCF4A9B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	946883d8e9ef13bb_backup.exe
Filepath	C:\Python27\Lib\site-packages\setuptools-41.2.0.dist-info\backup.exe
Size	40.4KB
Processes	8828 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`a0f64b77bd61debeb2bbfecf2087eb68`
SHA1	`f560740e27b3756447f87111fdd5b2b6bb4d02e4`
SHA256	`946883d8e9ef13bbb6e6f99a093338b62a24ae52aa11305c9a3e0cc486a27f9e`
CRC32	`497D20E3`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9bd89726a0b10584_~DFBD085B65F2C422CD.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFBD085B65F2C422CD.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`14916e01ec2a7391e53080e2d412a0a3`
SHA1	`691ca13995c863ad4b2fa5271e317ed49c38d78a`
SHA256	`9bd89726a0b105844b88d20ffb8010473d91796659dd05e61f44fdeb4c2beae5`
CRC32	`0219D6A9`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b54e54e150929396_~DF4B18387538AACDA5.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF4B18387538AACDA5.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`b5ddb0b58da515b1c2e2895203d07ce0`
SHA1	`96538857a51729576d8b1e760bc57e87942264ef`
SHA256	`b54e54e1509293967102cb6a6e4fde7e0009f155e0969d3c30f0f06d292c08af`
CRC32	`3E3AF204`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	49b33b331b0e0b1e_~DFF0BB4D515C4013D0.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFF0BB4D515C4013D0.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`a47536867726cd8cbfc7cbcebcf28d71`
SHA1	`e00a54dc620f5d745f37fd278c8d39bcab047082`
SHA256	`49b33b331b0e0b1eecdb20eab0ab24b951b608f3baa3a2a6d4df568318f91f3e`
CRC32	`0E4F3B22`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	189a8bac4c40017b_~DFFC6A703FA943D21E.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFFC6A703FA943D21E.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`3585ce3440f00d934e451d41512b7d96`
SHA1	`644ba90a8c66a7217d46c3b4a746f90a18fb6931`
SHA256	`189a8bac4c40017b59ac5e7f92e43af3ef8d63cc77437505495b669a5f729695`
CRC32	`991068EC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	aa954077f01d393b_~DF5B1432F89F5347AA.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF5B1432F89F5347AA.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`765cee7d6bd47fa9c638b739664d19f9`
SHA1	`2d7e7a0ccccdddf659cf5304ba0f84e464b2e980`
SHA256	`aa954077f01d393b7f1657297216968db9196ab69ede9f7ed111ad8f6fbdd6b4`
CRC32	`05089C6B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2c91bb9a2b96969e_backup.exe
Filepath	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\backup.exe
Size	40.4KB
Processes	13032 (data.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`2d402621b85d1a8796f53759210c6e50`
SHA1	`6a54f6f02fc3cb2adfd5fe767d0f225dab4681a4`
SHA256	`2c91bb9a2b96969ed6c50452dc2ff5a7bf7f7c760049690db79715320e39e5c1`
CRC32	`6F60B4C8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1567589496b19c96_~DFA290B42C993D4065.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFA290B42C993D4065.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`bac640d55d8e36703e41252fa03d1b7d`
SHA1	`fcd32f68f7902273919c1d6b1ef2d3f9753ef7d6`
SHA256	`1567589496b19c96008ed19e2c7d52b6bf10c48137bf4be925e4758cff328a37`
CRC32	`7303FD5F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4725466fb6c3d564_~DFEE4EDBE2ABDC242F.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFEE4EDBE2ABDC242F.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`af2b766cdd72e9432606bb29db619d86`
SHA1	`79d843cbe3fb387f297e3c9cd12a5cde47052967`
SHA256	`4725466fb6c3d56478d89709d4c6e387f6cf4a4949d23c7248e799cfe94f1efd`
CRC32	`045A600A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	446a84f963e22dac_~DF194162CFC6370107.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF194162CFC6370107.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`4c63c8e6888c0a6d7b2cb537b1f40a6a`
SHA1	`12134d4324da0c116a34d5e91b5ab05b211ba27c`
SHA256	`446a84f963e22dac707afca807c6583743b98f2e6a0033be82d69bfe49bd8f73`
CRC32	`42916B49`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ce2aff987e56c57d_~DF19A36326A2975324.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF19A36326A2975324.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`18743823348ba75a4a41572804f5b5fa`
SHA1	`a2847fd48fb9e11b01d7cfc14893d79a30e41578`
SHA256	`ce2aff987e56c57d74cc97c42e63f523be0c05af3ba5feb2af7a7ffb583a72fa`
CRC32	`C7C22FD1`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4c5f96bd1473949c_~DFBE915C25241FEC83.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFBE915C25241FEC83.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`db601da2b816c99a82e065e92e62eef4`
SHA1	`3be2a0257b59e697f8bba542900a24e0534a9a9e`
SHA256	`4c5f96bd1473949c100abe565aa21ab7338bf026a32fde38941795eac9074f4e`
CRC32	`5A9DBE68`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d3a98a0cae84f7f7_update.exe
Filepath	C:\Program Files\Common Files\update.exe
Size	40.4KB
Processes	1404 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`f9bca5551f82ab566df13b7d6d14b8dc`
SHA1	`0445b4a20a333b2387f31885f4bc748e90e2ce26`
SHA256	`d3a98a0cae84f7f759c0216838de7e4312fd2a56790f2e08e5b7b573e7b55c0a`
CRC32	`FCB4FFEC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	90a16810d27962f9_~DF458D1D471A468E31.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF458D1D471A468E31.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`46f9d1bfaefc0e454bcbc78f1047d9f8`
SHA1	`67960f62de89bf96d1f6430709109aee43a2bff1`
SHA256	`90a16810d27962f9ea59c1b281d3b168d8abb8e1f2cc67476f60a336963bdb48`
CRC32	`511A8843`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c56298d1a411bf25_~DF7282C3366193158F.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF7282C3366193158F.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`134a94e40ca447d8aa354e3cbdbb2ff5`
SHA1	`98cc0e6af24221ee09c0b32427c6460280c4ebc0`
SHA256	`c56298d1a411bf2534892f224299dc2d981fd38992e414ae57507b2706489ded`
CRC32	`2BFBE012`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4e77d5601a83a117_~DF1BB5BCDA0D7239E5.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF1BB5BCDA0D7239E5.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`cd4cacb7b03a112f329b15d3d7f3f181`
SHA1	`9dfd8d39fb075f574ef562033d3827a16070b1e9`
SHA256	`4e77d5601a83a117837fb3c0b742d5b9f2952d42fab3c9d152a02735c3c447e1`
CRC32	`99227E3A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	eea14b91a47f4d80_~DF2AD28A8E5E83E322.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF2AD28A8E5E83E322.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`c825c115f9dbcd3c216be0c3d5ce2506`
SHA1	`c71072d80d5460b85a44fbce48cbdc695cd6d138`
SHA256	`eea14b91a47f4d805a3490b0ba00c171cc7ac6a6e811428655fd892e7e4929f5`
CRC32	`E70BCF11`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d2d9f062b29a6376_~DF81A96B3FE30140B1.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF81A96B3FE30140B1.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`e75550a86012bf1ffa898a8039dc9194`
SHA1	`1b3a1130eb5250953bc14624510d1159819b034f`
SHA256	`d2d9f062b29a6376c7ec4a4fee4c28222e5d8d1f6d1548c93cd34851c57079b8`
CRC32	`3F460E52`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6cee7074dbfec302_~DFD64E1319A1EBE41B.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFD64E1319A1EBE41B.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`2d0ae33b41b874beafc4fbea9ef7f1c3`
SHA1	`f92ff1120f9e3d86916c8a0db6b11a0c85676edc`
SHA256	`6cee7074dbfec302ea745c34a43d3c24d358cff586837c176c7ad5cbc0aa97ea`
CRC32	`58A6E1A5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	bd1a9b2a4b9a18fd_~DF5A7C7EB9BBD91897.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF5A7C7EB9BBD91897.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`93c3019ccab37091cf826ac88801d51f`
SHA1	`9f6a0a22b49f86f2877a194147395781458b1f60`
SHA256	`bd1a9b2a4b9a18fd99b78a327dc64722d7c0a355f4324c44494138863cc5ba53`
CRC32	`98F44614`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f945e25027a03f47_~DFA865A563FCD7D28A.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFA865A563FCD7D28A.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`e05bdd3cbb9daf93fa7fdddd7240a926`
SHA1	`ff1e2de0bf0af5cfcb5e596decd50ee9b9672a96`
SHA256	`f945e25027a03f471ccca2f90bbf50e436cb8db251fabf714159ac6de7953bc8`
CRC32	`FD78A06A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d4e321140f9a2ded_~DFBDA77444C702F2B3.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFBDA77444C702F2B3.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`b49c9fe52de231a9ad566cd25a000d17`
SHA1	`417bfa5535706f91f28dde175985e6766d9d2d7d`
SHA256	`d4e321140f9a2ded3db1adb85c8c5582400503c45478fc9fa9567b0dbe0ee887`
CRC32	`728AE1C7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	776361ddd8923a51_~DF85A44DC1EF447495.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF85A44DC1EF447495.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`ee6d19b19cd438d0d38f8e60cdb84815`
SHA1	`3d06a8adeb2a70544bb0ff74c948ea1d3a8fcd90`
SHA256	`776361ddd8923a51b1b17f8f1a1a7881d4154c0938129e6e21390293c0370a8a`
CRC32	`0D7319BC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	003bafe968c06709_~DF64D643D4EDE3FBE3.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF64D643D4EDE3FBE3.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`ba14a5ace08c6b4f6cda515522e26455`
SHA1	`6112dae35ee2d8f3bf071a380e5d25e4593a085b`
SHA256	`003bafe968c06709ec6129902a732f99de727ab31767e98dcb525d40c301f1d0`
CRC32	`AA3315BC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8c4195379c05f74c_backup.exe
Filepath	C:\Program Files (x86)\Common Files\System\backup.exe
Size	40.4KB
Processes	5700 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`894a31cfd284d7751e440f281abfb095`
SHA1	`f5805eb511dbe2ad162a8f238fb813b809c24e95`
SHA256	`8c4195379c05f74c822f73cf8a5c7e28a3b6efa2e988505e54ddcdea3598797e`
CRC32	`ECFE817C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	64ed103a1d51aa75_~DFA377334224FF18A9.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFA377334224FF18A9.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`97e6fff00bcf4734f50435a957a2530d`
SHA1	`62a1ea29276298db718c97326cbd50b23c996f39`
SHA256	`64ed103a1d51aa7572553cf3e27dcab69671dc4714dfb4f3fe21772619ca4741`
CRC32	`B571B35B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c14bcef630aa9751_~DF01717C0F3DE986FE.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF01717C0F3DE986FE.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`806c5717e28e964ace6797465d402f0f`
SHA1	`e4603ce67111c900c37e257e2136ca29e680a875`
SHA256	`c14bcef630aa9751512744302552b51ce318f1234f17724c08a65fd36999ef70`
CRC32	`0C9E35B4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c24caea0131b8ebc_data.exe
Filepath	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\zh-CHS\data.exe
Size	40.4KB
Processes	6244 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`c1027f3fa4408d1a75fa59a625213f7c`
SHA1	`1dab2c4261569a6c3a64a70b2827e2c40580dfe9`
SHA256	`c24caea0131b8ebc08d1522447106c6f2c60f1f3635bb39c1c5ccb4904d5386d`
CRC32	`F67609C6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	68730212bd285c64_~DF69832051F893424D.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF69832051F893424D.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`1749feee4028953dd3bfb9b808a15ad2`
SHA1	`2a8a2b2924fa41ff14fb9640cd04974df7dbe507`
SHA256	`68730212bd285c64ca08e6adb722bbdfd2b53483ebb15bd462a4a91c93551458`
CRC32	`AD915413`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	68fdee7efdc2c1d1_backup.exe
Filepath	C:\Program Files (x86)\Windows NT\Accessories\zh-CN\backup.exe
Size	40.4KB
Processes	11488 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`66076c163515aa5d04acb9593bd0f5df`
SHA1	`05397fd59e0eda1a581a75cbd53833259de20049`
SHA256	`68fdee7efdc2c1d1acc97a8bf085d41ec09d811c434ec882f2a47f6e9989611f`
CRC32	`2FB7410D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	907d85ee93471e74_~DF5C31619381154F42.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF5C31619381154F42.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`4fc58c8c55a4e040e86a2f1cb7efb1e6`
SHA1	`23479e7fb4bac6e09fef1eb2c0bbb0b60160a6fc`
SHA256	`907d85ee93471e74239849a709ff5ea34c907a2aaf0f0461766d1958b628d73a`
CRC32	`3E10AE59`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	13a6d21e0210520d_~DF6A878E90906F6DD4.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF6A878E90906F6DD4.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`d8750c3afcd7158ed86c4d47f3901d3c`
SHA1	`8a91406b08d9f16e4467f6dc58b0e8bc2b753b87`
SHA256	`13a6d21e0210520d62b1a6aa67f6b85b514b3a370e0fa6b7c2a46012c1820f48`
CRC32	`F85F5303`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6bbd32173d886095_backup.exe
Filepath	C:\Python27\DLLs\backup.exe
Size	40.4KB
Processes	6004 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`08bc83c4b2248eb4108e05f98ad1d863`
SHA1	`d7e2a8053c99c6712db4dfcce45be4574f4f52c2`
SHA256	`6bbd32173d8860952e3411a09ec035305a56aa964290c5df3196f01aead0c5fa`
CRC32	`A4B3D831`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	54361a35ab38ed97_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\{EAFFD803-F927-40fb-A377-A1F640453D44}\backup.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`02d969d4aae8e212409709fec3a501c7`
SHA1	`40ebbd9191099f55243cce8690c20708a5ba7179`
SHA256	`54361a35ab38ed97a9ac47ef3162b673aaa2433287f8746031d5fb7e924f575c`
CRC32	`04E35F0B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	45c1bc9803db5529_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\{2BEFC5EC-7E68-472f-BFBA-9452629B70A7}\backup.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`35abb13351ce0c74b00aa274c599f783`
SHA1	`9e8cd875030a030fb9a4a65b3e6ae249a6b29f8c`
SHA256	`45c1bc9803db5529e288f2f5b872cc4738c6bf6287a6132b6bb25e6623678121`
CRC32	`4651C767`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	390150a0223d0d18_backup.exe
Filepath	C:\Program Files\Common Files\System\msadc\backup.exe
Size	40.4KB
Processes	4536 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`1bbd9f9b978f9729d93671ecdaa44272`
SHA1	`a6ae338ce11f48fecf053e10bb507db7261d7835`
SHA256	`390150a0223d0d1814bcf62e9caf7b1000bb110a1a2aefd0b9594e743025ff7b`
CRC32	`20594FD2`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f277a928380fe8c3_~DFADA1FBD266A046E1.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFADA1FBD266A046E1.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`8ab526d2ddcbce36a96ac6f237c2117f`
SHA1	`d06cb7685c6a994371447640a725d5c16d779877`
SHA256	`f277a928380fe8c341ae8d9cb47cc588106bb726555b3c0f37094c43985124d2`
CRC32	`E34EEEA1`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	fedc75c9c60a4839_~DF6E439A5622AEF628.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF6E439A5622AEF628.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`ff3048c242f5720a231777663f0de3b2`
SHA1	`e11a600f2c085c1505d5c924bc5e7ecc56c7f429`
SHA256	`fedc75c9c60a483992348cf0dce2714ff5825c72b4317c22a334e2f48e33e016`
CRC32	`C070E1D6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f6e43ae03a87b634_~DFE59C6F8E8E9DB17C.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFE59C6F8E8E9DB17C.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`c5994d1f0f5085e338cfa0d73d224d43`
SHA1	`de30df9b553032af340e951371196fb52624e07f`
SHA256	`f6e43ae03a87b634812ed3a3731129883baab01afdf3bcdaa8e2e9cb2b7ba52e`
CRC32	`93E67D80`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	21b42fe233e4393c_~DFC31BB4F34D7A4884.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFC31BB4F34D7A4884.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`8636b284cf8448344b8cfe085de6af5c`
SHA1	`ce628213363217f95a52aad492705cf2c67eb995`
SHA256	`21b42fe233e4393c00044c75e158b9b482bf233b90366ec8461c5a2778788fe3`
CRC32	`10AEDAE5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1c05593a7d431bba_system restore.exe
Filepath	C:\Python27\Lib\site-packages\pip\_vendor\distlib\_backport\System Restore.exe
Size	40.4KB
Processes	11024 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`8a14697d1763f54699b1035726be7b10`
SHA1	`9923925d22f30989592b14e3f9f88d35ca9ef639`
SHA256	`1c05593a7d431bba04243ebba85828924e228826562a741ac09589db82d0a7c6`
CRC32	`625FBBC6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9f50b24e990c1882_backup.exe
Filepath	C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe
Size	40.4KB
Processes	2980 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`7285bf4a92a9ae08e18b92beaac4bebd`
SHA1	`b7f5908951110bbca14626769ee4532e3b06dea9`
SHA256	`9f50b24e990c1882c0efbbb55f6010f550c27e65ec65edf12df72a514f0164c5`
CRC32	`3D42EAF9`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c221ec1e91c0fe18_~DFF97B9C04C5003082.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFF97B9C04C5003082.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`1349733e731cd08b1a570c0d20f3760a`
SHA1	`ec66055ec8adc1cd4a9c5282ad04f7e8ba4829ef`
SHA256	`c221ec1e91c0fe18582d91367c62d8fdcb9d292dec5633ef5043e20a0c7b7d3c`
CRC32	`D153C919`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	47d010b230d9c7d1_~DF9545B95F26D99084.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF9545B95F26D99084.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`39a2f3a9eaffe150584e01002d481046`
SHA1	`798d624552ddcbc25b376a93883af65a5f8ba665`
SHA256	`47d010b230d9c7d1153bb4f54b160395a2c1ecd7cd499c0b5e1dda7edc47b818`
CRC32	`7EAC16FD`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5e2d571719c99b75_~DFC1FBE55991A14E56.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFC1FBE55991A14E56.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`46f03c84fc5bfd5af0f804718ae24dfc`
SHA1	`63ba4edb76b7dc85f95474582ee414fbf9a0db0a`
SHA256	`5e2d571719c99b75ca198e0133081d092b0c5428f9272ce1db0899174e561fce`
CRC32	`B4A30520`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d662660f9335c654_~DF7B9BBA8C7CA63DAC.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF7B9BBA8C7CA63DAC.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`8f429e2d59cabca3cb864ff83a3f9d0e`
SHA1	`1ef02a30a8c96ed86207692ffa029aa76a1d7a75`
SHA256	`d662660f9335c654d5de19e168e6985d9aa8388f5464746f47b66854a7ea863b`
CRC32	`737278A9`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ade31b44c103bcb3_backup.exe
Filepath	C:\Users\tu\Favorites\backup.exe
Size	40.4KB
Processes	10888 (data.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`882cad09a59acfac24e755a4b32857dd`
SHA1	`fe472a874dd5c8064382a5c1b1cd6178a4112a43`
SHA256	`ade31b44c103bcb350e28777d1b193c8f3e5a79fa92952bd437ce2703379e4e8`
CRC32	`9851B785`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	32cf3fd61eb823ac_~DF2EADFD4EB027A2C1.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF2EADFD4EB027A2C1.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`bafac6389ecd7363ffbcd300d02b81f3`
SHA1	`113f93897c7b19c49b51102e38fef935d6dd1d4c`
SHA256	`32cf3fd61eb823ac4bf83fee923d71a646ef0d0e28b959160f29dd91feeb8af9`
CRC32	`709DBFF7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1055088db74e418c_backup.exe
Filepath	C:\Python27\Lib\lib2to3\tests\data\backup.exe
Size	40.4KB
Processes	7740 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`fd7d026f834e4537700d441511e87eb1`
SHA1	`c6a6afb0d36468d398a457b4b939660a48362497`
SHA256	`1055088db74e418c5e9765b362b1a916f3c6deffce99f76a1c38cf0bb825c2f1`
CRC32	`60FB5973`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d5c2eb60a0619a68_backup.exe
Filepath	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\zh-CN\css\backup.exe
Size	40.4KB
Processes	2932 (update.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`3a714dfb47371fb98ab5bde8111a6586`
SHA1	`5f5d60b460ca0926232b29d5e07b49573418cb21`
SHA256	`d5c2eb60a0619a687afd75ce7b86b8bd0ddbe09110a13f4d93c6620f8f315408`
CRC32	`C5F8A373`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0a2aa98f1430ecbc_backup.exe
Filepath	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe
Size	40.4KB
Processes	1592 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`522cab60f3efae1ce492abada9e351fa`
SHA1	`71ca565dddd77b2e4e43ef374e2ca7043df0e0bb`
SHA256	`0a2aa98f1430ecbc116e1a20378b3dfd44800f71052250e453f46e7b607dd1f1`
CRC32	`9D7EED46`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b6b427fe09526993_backup.exe
Filepath	C:\Program Files (x86)\360\backup.exe
Size	40.4KB
Processes	3820 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`fa33b185c0c2b01a1b775f65a9fe8eba`
SHA1	`26fb966b3ef13d39725971691d5f820828d3f69d`
SHA256	`b6b427fe0952699396dc588d314892e5320186433079af984d03c0f653ada3c4`
CRC32	`3EC13189`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	76eab2776fc60c8a_~DFD47A6AC36657E656.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFD47A6AC36657E656.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`56c1fd80264f34095b3411d69c04a3f4`
SHA1	`4e30eed5b022acc71cb9ac92179c30ddfef79615`
SHA256	`76eab2776fc60c8a9b5b1fba2f6be7143aa504f0b3408ab494d3471fdf7d5659`
CRC32	`184456A0`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	03a31414db9773e5_backup.exe
Filepath	C:\Program Files (x86)\Common Files\microsoft shared\Triedit\en-US\backup.exe
Size	40.4KB
Processes	6924 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`75e153a513e69ab702560d22578755de`
SHA1	`5d1a957c0c6d98abc4ee046a251ac4afec1a7ecd`
SHA256	`03a31414db9773e5a74b5db9d0eefac0493c2008adecfee749d62f09e724add4`
CRC32	`DEA7B20E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	729014026cdf9159_~DFA0BB1B5CABEEF654.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFA0BB1B5CABEEF654.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`b3b6b6fe399f920eec13ebb630519c96`
SHA1	`fe6f31810ce63906982d06c12f0dd508da0a83f4`
SHA256	`729014026cdf91595a00ec1fefed7ee62cadb0347c013d8e7760a2d8f329c24b`
CRC32	`87F6309F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3ae9ebbe9fd22e20_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\{BCF8B4D6-4572-402c-B220-4733EE018F59}\backup.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`ac4144a1336505c1f8223409ba09deab`
SHA1	`f2c9d8b27e5a3bde6f5ac10589fe6950018abc0c`
SHA256	`3ae9ebbe9fd22e20239cebe1f955fe0538b17592656cb8635f6dcecfb9ee878b`
CRC32	`F981A671`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	37f71deb8b6d8ec1_~DF6DEF3925573C8215.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF6DEF3925573C8215.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`cdd79def28fc7e00d4604d94b2c3234d`
SHA1	`79219ec9a2876d94d27b85cecb4e032a7174fbf1`
SHA256	`37f71deb8b6d8ec137f52ce1e43f721f914c86f799b780d663fbb4ce83161767`
CRC32	`90002315`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e80bc59dd1fd99b8_~DFB1DB5B5E0366C788.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFB1DB5B5E0366C788.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`4705a0997422114c1d2db559869fb50e`
SHA1	`4a501ab4c9b8c70276e450f64cc4462cb81256e7`
SHA256	`e80bc59dd1fd99b8286fc798801706c6c3024f2f3727059ca2ac02e9016a3f40`
CRC32	`B36ED916`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	cd1a8c13aa00eae8_~DFDE10DDE39EF6163D.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFDE10DDE39EF6163D.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`16df5398e288e6990ad96037e2f9a9e7`
SHA1	`bea45b6cf6f5c5317779b37e505fe37e7ccc8fc1`
SHA256	`cd1a8c13aa00eae861973c5664233210e4b5380e2b64bd9511cba7682973350e`
CRC32	`58551957`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5dd812bd5f28d6f0_~DF0BD78625ED8DFF92.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF0BD78625ED8DFF92.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`0b19f2e969ef812a959c01de5cd6b739`
SHA1	`f9d4134c1cd7296ccdc534d8174c8887540d0be5`
SHA256	`5dd812bd5f28d6f0051b98bd29063ac281cc54e5151172eac476b0efb8309a37`
CRC32	`CC4A28B7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a838a2d0e6e15307_backup.exe
Filepath	C:\Program Files (x86)\360\360DrvMgr\Utils\backup.exe
Size	40.4KB
Processes	3772 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`d99ce6c909deef80203d0306b8adb7c1`
SHA1	`11b7caa01aa56808e8a6e7aab9b7c87d86c08115`
SHA256	`a838a2d0e6e15307bdfed819391ef665626643967c56e0f3fe14bb757271b61a`
CRC32	`95FDCB03`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	26e1a9389d8c80e1_backup.exe
Filepath	C:\Program Files (x86)\Common Files\System\Ole DB\backup.exe
Size	40.4KB
Processes	6768 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`e70a7ef5e05f39794a2ec69454ed9fdd`
SHA1	`288907bfb7fb3dea828b18d7761973917dbe62a2`
SHA256	`26e1a9389d8c80e170b0a20dec58d6b1fcc32f63aa79ee9221251154211a62cc`
CRC32	`C1E52AF7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	689fed0c359c7412_~DF5BA7FA57E8F03552.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF5BA7FA57E8F03552.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`9f4934f1cc62b0a997d4f8fcd92d778b`
SHA1	`a1e532f87750b04bc4f8a178845e6f7137c390e3`
SHA256	`689fed0c359c7412f48230b266e73c866f20b044d0d7cb7ff386ca73f0688f0f`
CRC32	`825ACC2C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1e0eecf8867133b8_backup.exe
Filepath	C:\360Downloads\360驱动大师目录\下载保存目录\SeachDownload\backup.exe
Size	40.4KB
Processes	1960 (update.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`550ce48aec9ffc0e2404043921eec327`
SHA1	`73d55d6a17fe3b48d1d59784f78547624ffe7494`
SHA256	`1e0eecf8867133b8482ad652478705d9795bd452e812957b738fe87518c7e5f6`
CRC32	`1D3CC7A8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1628aa3ad2836290_~DFF340A59B6690AFCE.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFF340A59B6690AFCE.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`5b829ddefda6b6e1fa27fbdfef4a9e65`
SHA1	`546bb76bbf3a17315e4f63a042026dc3ffef81b0`
SHA256	`1628aa3ad28362909341c867f35754fbb211238b58802ebf06dd61191435bc7b`
CRC32	`4FF09B2F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7b3729f166111695_~DFC907E84D063098D3.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFC907E84D063098D3.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`6ae547cfd338cefdf1313fa76f9868b4`
SHA1	`23b9002720ccb9b64a4c60ffa9d194debda785aa`
SHA256	`7b3729f1661116951074fe4fc0080be56790aa1f99125a9e749a87fae14ec0e8`
CRC32	`9EAF6794`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2f0bb6046f15ef3b_~DFE1402F8F492C8538.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFE1402F8F492C8538.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`59c72e2c7e54fce395362e74748c3859`
SHA1	`03792e065e9cc1f4f26da642496539a04d377ca8`
SHA256	`2f0bb6046f15ef3b5bb4e08ed403f2334b69d369255aa27060a79a72f6ac535d`
CRC32	`E534533A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	942048f814b2b251_~DF7D9C48B2F9EEA26A.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF7D9C48B2F9EEA26A.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`48d12f8ec2b9221fc1623712c830c995`
SHA1	`f2403dbc33254f8cbe694a3bb2553450ed8d7ac7`
SHA256	`942048f814b2b25182e18b6d92b7c32f1fd44fce35fa6d4b0b0fd9c68f47e1b7`
CRC32	`41EECB67`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	83b2d62f0736fccf_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\{B53A1B47-2A63-4b15-A6AD-5DCB21DD41A1}\backup.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`b8e71e63a0ad5877e95c9bcdc9ae7f99`
SHA1	`eb2a93938f1b48cfa46615d733b40c40e12bd5e0`
SHA256	`83b2d62f0736fccf2c714d5f755553bbe9e3719adb455db85ac8b42cdb2371bf`
CRC32	`178FC75D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	94687be780fbd748_~DF994084BFBA508964.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF994084BFBA508964.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`99d7ec815de66cdde28f5afcb8924efb`
SHA1	`b6d9b9ec9d270cb6a96500b60216e993bdb0ccbc`
SHA256	`94687be780fbd748d2bf165936e6be3443cb15e4f3ec193604f6a933651e464c`
CRC32	`B3806311`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9b1cddbf2fbab232_~DF2491EEEFABA316A4.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF2491EEEFABA316A4.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`e65cc0369520019437263fb71fe0305a`
SHA1	`1f0a4b134345666349cb355c280ecb6ba75afc67`
SHA256	`9b1cddbf2fbab2329dd289f74c3bf9dd6692c9e2398bff00b5029b0b3f3f9b24`
CRC32	`16747E50`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6f6874222df9e869_~DFBB98486FC47AE530.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFBB98486FC47AE530.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`ab2d486bd4f0dc3d1e283fa0b8c51e13`
SHA1	`b3ae227c839782347a4c315964db55646b3de383`
SHA256	`6f6874222df9e86921c275deb0f345ea8ee3a093868618ab0b2b0ea619fa668a`
CRC32	`ADC00B28`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	217bda67c4ed43bc_~DF6DF5FF3E9E329D35.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF6DF5FF3E9E329D35.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`b4637a554413f4f2fadd6e542c45ca7a`
SHA1	`b03bf3902b070747e04cb9a301472e112f5fce54`
SHA256	`217bda67c4ed43bc8f64cd39201920795b5bc2cc25e6ed754416d280d6dcd4f6`
CRC32	`7F5D2FC8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	60cbe6758830ee5f_~DF5383A39421BD91BB.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF5383A39421BD91BB.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`3ad7a4ba62926a36dff1f87c5b42c1ff`
SHA1	`bca94909e985af4e24eefe4616492e6d2ff4242e`
SHA256	`60cbe6758830ee5fa4703e55bfb14d06aed7c20c6f39080839bbcdb4bc4a140c`
CRC32	`877E5BC3`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f241baf05317629f_backup.exe
Filepath	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\zh-CN\backup.exe
Size	40.4KB
Processes	8884 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`f54ea2b486bfe88719ad4e8a9ec96afe`
SHA1	`8a0a62a85dd16092308f15a345a86817e6bf1661`
SHA256	`f241baf05317629f6f8df9a3d71c63138ab4e09996969cc0108c4b1227d69037`
CRC32	`2E19F74D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8ec71966ddbe5e2d_backup.exe
Filepath	C:\Program Files\Common Files\Microsoft Shared\MSInfo\zh-CN\backup.exe
Size	40.4KB
Processes	4132 (data.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`14255009a20369d80f2dff23da444457`
SHA1	`2187d4faf2e8fd8ae03d4afa58a0710b553274cc`
SHA256	`8ec71966ddbe5e2daa10078c6c4b6d381977652a6607f794d8cfd61cd4dc0a1d`
CRC32	`F3EF0449`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6d1a305939244acc_~DF75586FF350E6506C.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF75586FF350E6506C.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`e367dc68130e8534aa10adc377eda579`
SHA1	`13fb0e4195038fc5d11fe1c34036677e545f9fee`
SHA256	`6d1a305939244acc882c49c2f54aec6d1150b29b96e318af203f7ec3d61caae2`
CRC32	`67DE07D0`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2cfb2c6d3853421c_~DFD8CA7418D84FEB22.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFD8CA7418D84FEB22.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`6049a80d6c2df3da0d9b464b87ea7a82`
SHA1	`4f15ba275350f98360273b771755cfa5ea00d7ab`
SHA256	`2cfb2c6d3853421c0e3549e6907e1ebc9fe74087c2c39db20411c2856e8e9eef`
CRC32	`AECCFD6C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	26ac51651cf72666_backup.exe
Filepath	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\zh-CN\backup.exe
Size	40.4KB
Processes	9912 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`24449a5866c79bce6df2037887f59943`
SHA1	`dd5f7bab5ff1254c8a53244868bfbbbed00a88bf`
SHA256	`26ac51651cf72666d8f5a1e4366b1263bb6e09e42bb11263c2ef89aba0e7fd68`
CRC32	`C5C3804D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	728e7e0ce31e4c2b_~DF7882A45820DD7C2C.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF7882A45820DD7C2C.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`7c6590c459d84933acc78b1b3d843179`
SHA1	`cd3e80750b39893fb045d5bd239e000a037e03b8`
SHA256	`728e7e0ce31e4c2b96ee9a8396a3db6c032475ae86d82e6b39e1cd7aeef64805`
CRC32	`971FC0B6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a9abbba51e8c8ada_~DF3E45B39FDE3EAF39.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF3E45B39FDE3EAF39.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`d83f9d7786da7869fde9d240b12ee817`
SHA1	`944f8a52f95799b9174b92cedaacbfaa7c07b9f5`
SHA256	`a9abbba51e8c8ada4281ca02cd89a369fe89c048f5bf1b3cf4f74031f20c1e61`
CRC32	`9BDE59F3`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	73d2d03034c69ae3_backup.exe
Filepath	C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe
Size	40.4KB
Processes	1592 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`f87a3026ab756116e09a01bf5b67a973`
SHA1	`4130caa568c8e86fe44bce3c608c16ae27b039a2`
SHA256	`73d2d03034c69ae32eeb3194cf400c9b81605d073ddfe501e10c3b6858dccc13`
CRC32	`FE78819F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6fd73332579032d6_backup.exe
Filepath	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\backup.exe
Size	40.4KB
Processes	9512 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`4b718fd5ca5c4bf82beaa0e426544428`
SHA1	`216c0ebafb6846065122b6e199843ca8a3d0555a`
SHA256	`6fd73332579032d6037aea5450e01191877e6cb09cd00f5c825ed99716ef07d8`
CRC32	`10A8207C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ebead12a86ed12c6_~DFED8AE91CAB9A0790.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFED8AE91CAB9A0790.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`501517fcdbf0f9268bb809077909d6c1`
SHA1	`93497a1507901a7427efff0879fd16770d85198e`
SHA256	`ebead12a86ed12c674d6579fa7066c5e1fdb88ef48e27b3ea42c9a7ba2401f4f`
CRC32	`79C563AC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	805841d14219ee33_~DF7DAB541D5AB00EBD.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF7DAB541D5AB00EBD.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`e00347a866d6d83efaf66bd0fbfb44a6`
SHA1	`e260ab95edf14edde9f82865669300053c9130db`
SHA256	`805841d14219ee3337b5e16aff7de396f79f449bd7199d9e857bc7e8eb65159c`
CRC32	`8C1E8577`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6cee7074dbfec302_~DFE5F0B88B9D522C05.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFE5F0B88B9D522C05.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`2d0ae33b41b874beafc4fbea9ef7f1c3`
SHA1	`f92ff1120f9e3d86916c8a0db6b11a0c85676edc`
SHA256	`6cee7074dbfec302ea745c34a43d3c24d358cff586837c176c7ad5cbc0aa97ea`
CRC32	`58A6E1A5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	836fa2062df74772_~DF9899250EB9D05F53.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF9899250EB9D05F53.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`7215a06e150c63d82599e281128d9ea1`
SHA1	`683ea4189388bdca9f1656abaf5947c40c32406f`
SHA256	`836fa2062df747723fa599d58c653f0cfc6d2d03074284548386cb3a5a24ba28`
CRC32	`D30B9532`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2291563b3377b942_~DF838EFE0298AB238E.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF838EFE0298AB238E.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`cce589e30b80dfd3402b494dd995be3c`
SHA1	`63550182c5293a7f96a99e9fcc93b86cccbb3a1e`
SHA256	`2291563b3377b9429cfc6362e510d545d71146ae6ae421354c00659718f01256`
CRC32	`8E0BAA70`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b3b0dc1ab66b9f0f_~DF08A95E9F73BC408F.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF08A95E9F73BC408F.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`617f420bf809b90676963281dcd5a897`
SHA1	`b3f93a8b24504629856fd302476a77ebf9b38747`
SHA256	`b3b0dc1ab66b9f0fdea3e657dfbceba47ba1acb878c6cd10edf5a0f3a8f223be`
CRC32	`FFBF28CC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ecace8bc828fe8f6_backup.exe
Filepath	C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\backup.exe
Size	40.4KB
Processes	10968 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`cf58cac4f1f54fafd56870ff4b0e7e1e`
SHA1	`eb4bd0639732c7b45349fd9cb85b4f7a52dfb9d6`
SHA256	`ecace8bc828fe8f64175a42fd1993bd2101ffb16a42b34bf6c265f431def0563`
CRC32	`329C1046`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	02e7c408456e08b3_~DF4AFFEBC7F5EA0339.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF4AFFEBC7F5EA0339.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`da8937f8b9b120c53cb0a8c9c92e2280`
SHA1	`55748438affec49084588bb328b1c17333eb9f80`
SHA256	`02e7c408456e08b3c40f11c56f23e72877366a9b0e2b2e4401e19e748202eaf9`
CRC32	`CE453BB4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3a3d823753fa43d9_backup.exe
Filepath	C:\gcoxh\lib\common\backup.exe
Size	40.4KB
Processes	2544 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`e086f9371837ff2f60bce870889bf56c`
SHA1	`c8c4e3cf388f45a055c69ac2e8e1dfab589edf61`
SHA256	`3a3d823753fa43d99c018d5ce3cb45b9a09bc39ae5ed26f08539c5f89f27cbee`
CRC32	`97C7B7DB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6723b12180d94475_~DF0C5BFB91501FC8ED.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF0C5BFB91501FC8ED.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`57aca6826758c8a403d8f98d42eefea1`
SHA1	`23ff514c56409a4cf3c7a5037ba17f02dd641066`
SHA256	`6723b12180d944756f2b75958eaf00ffe8cbb19a230f42b10bef197870126aa4`
CRC32	`72437557`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ccd58e2ee47cde01_~DF6069675875D2C3E3.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF6069675875D2C3E3.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`4486a436de65d31b066cfba257e40815`
SHA1	`844600eece5f827f692f967e38dda46a78e67bba`
SHA256	`ccd58e2ee47cde01556ee35f56a13454eb87b96595465c7b81cc40dd7cae0baa`
CRC32	`E731C575`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	eeae0ccd5666cd48_~DF3BF9DC9A5C26DCC7.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF3BF9DC9A5C26DCC7.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`e06e82c9ae20f0fefffea640ea64c35d`
SHA1	`2fb7a73eb07c33444ca48cd5867a96a6bb905938`
SHA256	`eeae0ccd5666cd48c2f75e651ebf2883318225410de64178b589ec11e29c8ac2`
CRC32	`852957C8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5954eb9b14ae0a6e_system restore.exe
Filepath	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\zh-CN\js\System Restore.exe
Size	40.4KB
Processes	9284 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`e2313e854db4fdf292e8f376b8476ec6`
SHA1	`c72cd6cb2442bd5dee75b464a924a776fcd91b3b`
SHA256	`5954eb9b14ae0a6ee372f9a589722b3841241308b4d1cb305f9a7a403a9fc9c9`
CRC32	`61036B47`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f0bb38259e27f389_backup.exe
Filepath	C:\Windows\assembly\GAC\backup.exe
Size	40.4KB
Processes	11156 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`a2a73b4abe2a1d825e751169a6bd229b`
SHA1	`5d5e2aad783cfc7a3aa81bd7701360d8bdee04a4`
SHA256	`f0bb38259e27f389aad66ff2f4362ae044527d059b941af4c3f37035be33e1e9`
CRC32	`8C89AC41`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	cb32a76920fda5cf_backup.exe
Filepath	C:\Program Files\Windows Photo Viewer\zh-CN\backup.exe
Size	40.4KB
Processes	8264 (update.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`ef82586f197cf218e9885aa1e0cf9eb9`
SHA1	`f472e960a5bf7e5c82e8a5395bfcb5ea66f193cc`
SHA256	`cb32a76920fda5cfe178e6c1f86af4ed4ae5dc83b501f6f94abea413dba8a118`
CRC32	`4BB32241`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	752b4cf74cc4af68_~DF144D1CF85FEC91A5.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF144D1CF85FEC91A5.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`b931f6efb513cb41dde41fab130750cb`
SHA1	`594449114f17ed83baba6f638b5adbc70f7ef436`
SHA256	`752b4cf74cc4af687da32fe6dac2c6cfc9adc1bd98a448e35523dd52fc3290d9`
CRC32	`2946C2CF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	908c47009c668436_~DFC6C34BF9494F9F48.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFC6C34BF9494F9F48.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`b9c93556fd689b702e6d7252e23b3fa7`
SHA1	`c77da3955dabf987698cffcac69be5ec1377be87`
SHA256	`908c47009c668436528684a124af8ccd36b760e4d3c8d4ae0bc44cfb9fcc3586`
CRC32	`75726C46`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e283d9bddebbc4ff_backup.exe
Filepath	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\zh-CN\backup.exe
Size	40.4KB
Processes	11872 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`12a8380f54cabbbc740d5e57ba578a27`
SHA1	`83028c85c9fb46661db54d924526ae843738c6f9`
SHA256	`e283d9bddebbc4ffb8de72052450e9d55082b6290c1245d1b652136a3e2595af`
CRC32	`B1DB641C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	17408fb6453fb100_~DFA3E4BFD18A9A66A8.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFA3E4BFD18A9A66A8.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`98917910e5a64d166e270a4bf3d06ccc`
SHA1	`d94b221aeeb3cce668173c7383807959121ba97d`
SHA256	`17408fb6453fb1009f43287a883c20bb969101fc598af647c2f75238d2efcb00`
CRC32	`83F9A3DF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	446c9b961e4838b2_~DFA5E340A789D6CEE2.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFA5E340A789D6CEE2.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`98959b7b1e18b8fb42bd94b7d637f9fd`
SHA1	`46db486e87a85972f8dfdbd5c624b147e5ac90da`
SHA256	`446c9b961e4838b26de023c8b20a374f6b30525fc90e5de0c1d2d905324a01c0`
CRC32	`B0C6B088`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	518761302d6acccd_~DF5869DFB771E3FEB6.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF5869DFB771E3FEB6.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`fd4455ba00386799d5057d1fb5f4c2db`
SHA1	`746908faa10aca72f86d0d7fca37b3d83f11a0b6`
SHA256	`518761302d6acccdf3abe4707d0e947ef22b65e6728f0ca852517ae16aeca716`
CRC32	`3B543BEB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9f860abea321ab33_backup.exe
Filepath	C:\Python27\tcl\tcl8\8.4\platform\backup.exe
Size	40.4KB
Processes	8580 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`f5ae3f93b083d6b1412619ae3eca3dfa`
SHA1	`bd338dda1460d94fc74dd52f9b40b6372d2aeecc`
SHA256	`9f860abea321ab33cfdb2d1b59d480cb2266a525f973b8e95b7c6ccd0c467c61`
CRC32	`AB1DEC18`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	23112507bb717ebc_~DFDFA13B0CCBDF3ECC.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFDFA13B0CCBDF3ECC.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`0ddcbd56d8670bc03088353923e51a4b`
SHA1	`1f87d6f0e00eca0480e70a5fd14ceb888a23c0f6`
SHA256	`23112507bb717ebc4eea413a050cdd12510ebe24572b46ab16fb63b5171add18`
CRC32	`88A45D21`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	68730212bd285c64_~DF2D4BE4875341E87A.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF2D4BE4875341E87A.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`1749feee4028953dd3bfb9b808a15ad2`
SHA1	`2a8a2b2924fa41ff14fb9640cd04974df7dbe507`
SHA256	`68730212bd285c64ca08e6adb722bbdfd2b53483ebb15bd462a4a91c93551458`
CRC32	`AD915413`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	40a656c50e95da5e_backup.exe
Filepath	C:\Users\Administrator\backup.exe
Size	40.4KB
Processes	8088 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`233f8fe9fce51f68e8770091a19c5a32`
SHA1	`f19807002b3a4103333d4e5ffe99ef33fc77dadc`
SHA256	`40a656c50e95da5e40858bdfb77196f456a9121d79ab7725f962167cd41288c6`
CRC32	`4BEFD48A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	772eb6532b01c9cc_backup.exe
Filepath	C:\Python27\Lib\ensurepip\_bundled\backup.exe
Size	40.4KB
Processes	6372 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`6ba1d48e30876162d1189438644d6d49`
SHA1	`bd5609aa2d2c98d5f674b864c83081f0fb52f632`
SHA256	`772eb6532b01c9cc6ec328b92dee42467ac2d3320ffcdc69526f7fcad4c50300`
CRC32	`9B84CE7B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	39db7f995eaa28b3_~DF927279ADE9565EB5.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF927279ADE9565EB5.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`547d7432b5a726e2989bedb5164d1afd`
SHA1	`5a1f9510e9707844f828fbbe4e0a0f4c2425b92d`
SHA256	`39db7f995eaa28b38ebd97dba0702b529e14c109215a4868fb10966b93909e16`
CRC32	`9248E188`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5aff9c5b08b45d6d_backup.exe
Filepath	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe
Size	40.4KB
Processes	3976 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`5b65e2d3dd9c9ed9ce89d1cb70b7fa97`
SHA1	`76daf428244d09a7f0f1e8af85d7305e3bf5a73f`
SHA256	`5aff9c5b08b45d6da332f0d71277526413fde7fd870ca6ceca039b803630f7cf`
CRC32	`696A262C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9a8901324b0efb1c_~DF09FF7660481CD525.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF09FF7660481CD525.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`d016a17d52581aa611ab0d2d1e200d6b`
SHA1	`8bf09748d128fa9243ba90bd4264125a6a20537f`
SHA256	`9a8901324b0efb1c46f7b02eec69c96d9735e0300562f039dba17d527b7f453c`
CRC32	`4B84659A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a887dce6e08e0447_backup.exe
Filepath	C:\Python27\Lib\email\backup.exe
Size	40.4KB
Processes	5212 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`7c13bd0f7c5f18774340af9fdf202008`
SHA1	`1487817c6e8b8d7644d617c0a0594289965a5c9e`
SHA256	`a887dce6e08e0447511a4724f0fa6a6079618a59e0142c7b697958f45c0f323f`
CRC32	`52CFDD49`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	50763c9d8522babf_backup.exe
Filepath	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\backup.exe
Size	40.4KB
Processes	7148 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`f8d649e5c291f8edf44c97a9c252b7aa`
SHA1	`ef952f977b740d4da19b2d346d9fa773247b7431`
SHA256	`50763c9d8522babf7f5a9a5d13e062366b2710b1e7e51ea9bccf6811b91ea9cf`
CRC32	`F0EB1459`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a1a196b824ca4b50_backup.exe
Filepath	C:\Users\Public\Videos\Sample Videos\backup.exe
Size	40.4KB
Processes	10860 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`776e97cad08360d421c8a64f762c3646`
SHA1	`71912ec7f09ccdcb28e7b2f27278e4559b601dec`
SHA256	`a1a196b824ca4b500f577e8caf62162db58928c7233b6cfa6d4b05026099f082`
CRC32	`9E0C4E90`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	07c0ee696408cd98_~DF0E70FAD29F005D87.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF0E70FAD29F005D87.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`2b36828bed473b90e871c261426c5fd6`
SHA1	`698a1723df9351b286290139431604feb20d9904`
SHA256	`07c0ee696408cd983c600d6650ff3274d0abbb1eedd7689a03e71bfc89727e2d`
CRC32	`912AA98A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2842e8fb45bfbdd0_~DF7B5D52E3C957D39B.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF7B5D52E3C957D39B.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`fa44721df54bb64d6945ca77bb40251a`
SHA1	`7f8e97c6e416551d5b011a78d7dfdb1c3f232e5f`
SHA256	`2842e8fb45bfbdd080c9249f427af23213ef5bf59b62d80b1bb64a7ddadca39a`
CRC32	`D338EE54`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	16d466134c2f6baa_~DFDFB44591088E9280.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFDFB44591088E9280.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`4b8f91881a2576afb2266b8b96c7ea97`
SHA1	`5029b30ec4be9262e98f97772e90914577c550a5`
SHA256	`16d466134c2f6baa0abd631259da2512362addd9f603bab222e6189a0417ad55`
CRC32	`F29BEC48`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4725466fb6c3d564_~DFD42BF0F0EF84AB87.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFD42BF0F0EF84AB87.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`af2b766cdd72e9432606bb29db619d86`
SHA1	`79d843cbe3fb387f297e3c9cd12a5cde47052967`
SHA256	`4725466fb6c3d56478d89709d4c6e387f6cf4a4949d23c7248e799cfe94f1efd`
CRC32	`045A600A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5c016837e08b461c_data.exe
Filepath	C:\Users\tu\data.exe
Size	40.4KB
Processes	8088 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`337e99834d621b905db509d83a4eb9a5`
SHA1	`fa7e3a58522ce510f62e44e13849b19dbc803081`
SHA256	`5c016837e08b461c6e8a6017e4a2a051a4c4488a902a10ceacef9a7c48677152`
CRC32	`215FF478`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	578c6f2f7996afb3_~DFCDE621D4CD2F1902.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFCDE621D4CD2F1902.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`74a42808de15b4490398d224a2a2c33d`
SHA1	`ebb57b8a4407eaee77f524273216d2a2f40009c9`
SHA256	`578c6f2f7996afb3d83c05127e0a0e096d105629709b6cebff382ff340af9834`
CRC32	`E4BBC48A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e0023597c6b734eb_backup.exe
Filepath	C:\Program Files (x86)\Common Files\System\ado\backup.exe
Size	40.4KB
Processes	6768 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`99774800c85ee89a188bdd1de81d4808`
SHA1	`8596ede28be6b0dfa8b3fb2d1bf8b7ebc1277407`
SHA256	`e0023597c6b734ebd6a039eec87fd575c7031cc25b7addf6317ae8b34da71a3f`
CRC32	`2FEB4BDB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4a84080bab814242_~DF5A78F4F686541DC8.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF5A78F4F686541DC8.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`37e19ab12f88ae51edfaa646ddc2de53`
SHA1	`6519d44f702f874d5efe9770290dda73645357c4`
SHA256	`4a84080bab814242d399d4ade5bcf758cc36ffe860fc58d264fca930c038738e`
CRC32	`ED0AFFE0`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b9cf44a72fefc135_~DF660E898883C6F483.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF660E898883C6F483.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`88d4113737ea5675df283894a8b9acc4`
SHA1	`bfa0e7c3d7e2884d8101c11cd0aea2d05ce6b58f`
SHA256	`b9cf44a72fefc135f11f34b48541beb6ae8de632d1c4a3351e7784a0fa1ba0da`
CRC32	`01F2465A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	16002f32999d3243_~DFD338B532C46C716F.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFD338B532C46C716F.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`e885d64e1ea0f9be302906ef7c66f5e2`
SHA1	`d0f6a2dc3f1e0935d8c1312ab641b8707ab7ffd9`
SHA256	`16002f32999d32437670ca0fca1fdee5b0bf993029dac43dbfadfcd735299403`
CRC32	`4F033B7D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	da1fa169ca83a230_~DFD77C4BC4F59F031E.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFD77C4BC4F59F031E.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`88f67931f9de99238a408e0daf5f5366`
SHA1	`d957bbc2bbed07d3a21744fcf9402d9c5f7961c9`
SHA256	`da1fa169ca83a230f7716ca2729047d8a1e485e19c5e35fcb6faaa801e48b4e0`
CRC32	`244243ED`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	90d285f486267e66_~DFB3B9AF6420A6A89C.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFB3B9AF6420A6A89C.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`2748c2f4d816df8321ab464b5d71a56a`
SHA1	`9d2a04009af31795317487db5eb20eaca4c8e522`
SHA256	`90d285f486267e6645f613dd24120581f41b6d04fba5f54fd31f30749855f9ae`
CRC32	`E0346E4B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	50f1af9794d75f0e_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\{32BD1524-7EA1-4b1a-B3EA-4C8A6033C441}\backup.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`9a9f6cb657c55564ac6bf31c1eab6618`
SHA1	`4d25aef2d593d03bc3ddb16ff6524aaf2334c762`
SHA256	`50f1af9794d75f0e5ea0f2c5815e4b9d183a792a65d148f29fae02bf526e6787`
CRC32	`DF5896DD`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3ddd0ed0d8d380cc_~DFFB8915F8404688EB.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFFB8915F8404688EB.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`ea62645c91ca4ebf210d0a3303b8acbc`
SHA1	`5e8630493478ff11bc49b4d67cb2661e2d3b3633`
SHA256	`3ddd0ed0d8d380ccc0ade354e23be70fa3724692eec285c67368cfd918c1d781`
CRC32	`AAA48221`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	16d466134c2f6baa_~DF58A0C3800353318A.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF58A0C3800353318A.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`4b8f91881a2576afb2266b8b96c7ea97`
SHA1	`5029b30ec4be9262e98f97772e90914577c550a5`
SHA256	`16d466134c2f6baa0abd631259da2512362addd9f603bab222e6189a0417ad55`
CRC32	`F29BEC48`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e42f1fb77cbe0938_~DF7E902A3FA340E4CD.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF7E902A3FA340E4CD.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`0f7c11a258f0ad34ed2de68be6371678`
SHA1	`977308bae86aca42e0ccd7271c9de6a8d3e68bed`
SHA256	`e42f1fb77cbe09380b5dfa553bf27868611445eb8afeeff8d28a819dccc33de8`
CRC32	`967099C8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0cc8f5365a4e31f5_~DFC2701B0B068D48AC.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFC2701B0B068D48AC.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`ac53bf0c5301061cc31d5435518dd001`
SHA1	`c249bc156f70efbaee4d39ef3bf108adbc711a8f`
SHA256	`0cc8f5365a4e31f53098fcf086055e65b0358099482df2f73377932ccb5940df`
CRC32	`F5823B60`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1500addc1d41eabd_~DFB9BDB361684BAF0F.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFB9BDB361684BAF0F.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`000a98ed9bb55217343d37c9e8c1db5c`
SHA1	`477bdaac189abb0f0d7cd91e3dfae304350baca0`
SHA256	`1500addc1d41eabd8f9351b409d9a542367717223506b8709af128d62ecfe8ea`
CRC32	`67A4EF5C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	76fdedc126a59b26_~DF002A67269964D6D5.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF002A67269964D6D5.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`32be046d78ec1937e95547f60dfe0309`
SHA1	`6c4228a80b012d0bebe8072ff338cd85945feb27`
SHA256	`76fdedc126a59b2616d1257d3f3e2136dbf3c68eafec6b69e141f432257dc060`
CRC32	`4082779A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b932dcdccca568c7_backup.exe
Filepath	C:\Program Files (x86)\Windows Photo Viewer\zh-CN\backup.exe
Size	40.4KB
Processes	12876 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`4735a6d9932152eb4c60934974977e1d`
SHA1	`246499d7826485fd921301bae0aa2c0a44b51efe`
SHA256	`b932dcdccca568c78a9c426fbb2cc2f91fd84cc98b82e6451a173d1bbcfb94f6`
CRC32	`B8AC4940`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1a8a3fc5eb70d1f5_~DF771FE7A6AE36B6A0.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF771FE7A6AE36B6A0.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`8ff898ee55301beaf629a56ad851f257`
SHA1	`2e42f405d13c03f53ef0bdb5811eb127878f44a9`
SHA256	`1a8a3fc5eb70d1f5986aa8bb24b8d8886a71b3ad796865b52ff8b09be27fa9a9`
CRC32	`B5215457`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5f163d3601141f53_~DF16E6A4C5789AD0D9.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF16E6A4C5789AD0D9.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`adcf4fee2e728b8a8b9b73024aebd223`
SHA1	`9bebe7ec50e56e0612225d93cb3b3874cebc5853`
SHA256	`5f163d3601141f537667d8fd001c608b76bf4a0ddddf22c1c164f3bcd8215ae8`
CRC32	`75B5F3CF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ab3e0290b252e800_~DFB1CE18FAA2E190BE.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFB1CE18FAA2E190BE.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`ac414b86b558d002c53b6266cc2b0c3c`
SHA1	`81c88a40d5ea45182b72c06c00fb910976219298`
SHA256	`ab3e0290b252e8000d44dce050b87e794d5e5e544ce71c8499cfab7dbfc151a6`
CRC32	`BBA3662B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1cfd7ec5594e0d50_backup.exe
Filepath	C:\Python27\libs\backup.exe
Size	40.4KB
Processes	6004 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`7b724c4d3148c7ba9fc0a01ac0f81c41`
SHA1	`3ca2da2899724eab8a78a72401fa9d94aca1fc1b`
SHA256	`1cfd7ec5594e0d50e8bfb241736b48ef3a09346432f25d2d08a590ef122307ce`
CRC32	`F56DD80B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0172159f41306afe_~DFF907544C4A8C5124.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFF907544C4A8C5124.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`9581af75efadbeccd3a4ef356f063bbe`
SHA1	`a763d29c5d1e6fc2f42e5229d221231f11b11a45`
SHA256	`0172159f41306afefc6e9209a281bf2d8b21f07a5cff16c5ff0bebc2ed289fca`
CRC32	`2D43ACF6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ce4ffd08da797a4e_~DF5D4B4A3678EE1870.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF5D4B4A3678EE1870.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`fa32f001a69124ad4c59fac66026c70e`
SHA1	`8b5e92775cc0e5c401dccd23108a7915680eeba2`
SHA256	`ce4ffd08da797a4e1a46144af04e610b438298c76fd0d9af678c50ed76438f06`
CRC32	`668ECFC9`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	16d466134c2f6baa_~DF94EE2039353178C4.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF94EE2039353178C4.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`4b8f91881a2576afb2266b8b96c7ea97`
SHA1	`5029b30ec4be9262e98f97772e90914577c550a5`
SHA256	`16d466134c2f6baa0abd631259da2512362addd9f603bab222e6189a0417ad55`
CRC32	`F29BEC48`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	46d51001a5a65cd7_~DF96C1FDE886E214E9.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF96C1FDE886E214E9.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`beb305e6ab994f3bb566bd3d321c0a67`
SHA1	`b99741d3967d8df2ec67340662de192c15cc96df`
SHA256	`46d51001a5a65cd79fed0894635807e8e67f92a7f765e75eb91bc941a54f7d0c`
CRC32	`DF50BAC9`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8883cb8b8c722ccc_~DF7D817B24B05AC99E.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF7D817B24B05AC99E.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`039dab51a16a80f081b863ef33618cd2`
SHA1	`3b85536fb28a977b0b64ba97d3f55a787e2d3021`
SHA256	`8883cb8b8c722ccc800c9b53aeb8e5a694cdb4962096bbf7688212a865f11120`
CRC32	`2D4524B8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b95c24682ace47_backup.exe
Filepath	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\backup.exe
Size	40.4KB
Processes	3812 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`808908de8840a7b857f8626411015d1d`
SHA1	`ef268cbdf9cb5f56643164996255c6a1c76cfc8d`
SHA256	`e3b95c24682ace4784350922818a3ae0a9c5cdbab3ec622c156b8c381b5d5a9a`
CRC32	`3323F240`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e5b834746d5550c6_~DFF1D04481E7B01223.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFF1D04481E7B01223.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`2d8a91e5f2454090f3be5e7449178082`
SHA1	`79cc38ac3a4f4adac66218fd301c86032152c130`
SHA256	`e5b834746d5550c66ddb226c9c5dfd6f4b67119adae4a0b4544ed1d7aab83175`
CRC32	`DD7CCAA7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0a35413f2b18af70_backup.exe
Filepath	C:\Python27\Lib\unittest\test\backup.exe
Size	40.4KB
Processes	12888 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`cee541427dab704d172499df427bbefd`
SHA1	`b87879cd88a3ae8932c436be122ada7cbcf0dd8b`
SHA256	`0a35413f2b18af70179c5a275d981a4fac82aebbb1c5f86ced98ae80ffb1cc79`
CRC32	`CF7AB308`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	21695ad494d646b1_~DF78A4155722B6CAC6.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF78A4155722B6CAC6.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`25d553b05180d3bc0d22cb6422444368`
SHA1	`66d1308d52b044d10291ba49cdfddfb0e5927f80`
SHA256	`21695ad494d646b15690203f6082572c8ca595968e5829c9996ae50fe00b31c1`
CRC32	`2912017B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	abd2d9ecbdccbb09_~DF82603C0543FF77D9.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF82603C0543FF77D9.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`773db24dbcb76faad4d4b93b079d0618`
SHA1	`059fbf3260741e06746d96bf60e9efbfb0be9c84`
SHA256	`abd2d9ecbdccbb09b8f1a4e5a8da14f1e9e6d7c18c9a189bb5f4d4f453ea1660`
CRC32	`26428673`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6bda7d30f6254bf1_backup.exe
Filepath	C:\Python27\tcl\tk8.5\backup.exe
Size	40.4KB
Processes	7400 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`22dea14ac879e69adff385414ad0c076`
SHA1	`7d96828c9f2cb2a6c13a98b480a790e11003c849`
SHA256	`6bda7d30f6254bf185b465c0ca250876e33c23a819968f6b0679417ffa9ea05f`
CRC32	`D85E7FC0`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	16002f32999d3243_~DF95B1FB868FA2B34B.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF95B1FB868FA2B34B.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`e885d64e1ea0f9be302906ef7c66f5e2`
SHA1	`d0f6a2dc3f1e0935d8c1312ab641b8707ab7ffd9`
SHA256	`16002f32999d32437670ca0fca1fdee5b0bf993029dac43dbfadfcd735299403`
CRC32	`4F033B7D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e51abf634664000f_backup.exe
Filepath	C:\Program Files\backup.exe
Size	40.4KB
Processes	1836 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`e9289efad42778ff7ed8a3e55bbc22f4`
SHA1	`88b0d4d21db6a17b9cc42bb542ec4bcd67388797`
SHA256	`e51abf634664000fd093c5a3bc4318703b36a96a7fdf57f79c66c5ea72410256`
CRC32	`7F1927E5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9d2b02ceda56ef27_~DF715A395506CCC53E.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF715A395506CCC53E.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`461c5fea94bfe5e6d57ecea957cdd11e`
SHA1	`98b60fae142ab4d6b7af66aef02c49f8d8094fd9`
SHA256	`9d2b02ceda56ef27ef132b02a8479b104092e0aee48e2e619629b149011d84dd`
CRC32	`3148FE0A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7ec7105e46b3fc34_~DF2E9E33502F87642A.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF2E9E33502F87642A.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`569c1531fe936983a7b0360687d57232`
SHA1	`1d7a468661ad899a714458dfa398b1b17b442d6c`
SHA256	`7ec7105e46b3fc34eb0fef30fd4a4ed29a4ffd192e4a47c1c14e56880c5a7dfd`
CRC32	`31ECE759`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d31d114d94f8cff1_~DF079063A4E189FB42.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF079063A4E189FB42.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`fed583a987ad380859a4f0d0148153af`
SHA1	`86f2420db846ee49ddf989e316c547823c12be71`
SHA256	`d31d114d94f8cff1ec0001b54b8b1f293aa8c7cf8c45e20ed2bf550379a3add0`
CRC32	`5122E50C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ae0641d3905a0de7_backup.exe
Filepath	C:\Python27\Lib\site-packages\pip\_vendor\chardet\cli\backup.exe
Size	40.4KB
Processes	9488 (data.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`7e02a563e40501520e2397882e3d1f76`
SHA1	`906a710fac89b180c25f4d40a53b3d377d9a19b6`
SHA256	`ae0641d3905a0de79b1c1f4f09b5e25231b92a12fa6afafe1a58e4ece941a451`
CRC32	`639DD1F1`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ff36166017c83c37_backup.exe
Filepath	C:\Python27\Lib\site-packages\pip\_vendor\urllib3\contrib\_securetransport\backup.exe
Size	40.4KB
Processes	12848 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`a70fa5cbe3926f5f89b41b647d74ab47`
SHA1	`64cc4e419d8fdd30db2e1b76f37669961ee4d339`
SHA256	`ff36166017c83c373167ffeb3c6da80809072d0d502e760ff9a1fb6587bcb4e4`
CRC32	`C37115A8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3c8d79461575de5f_~DF31588FA23C4184CE.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF31588FA23C4184CE.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`0ece6634569872fdabc746e6cbd28ffe`
SHA1	`7f382e22d04db8834bd534263f0d98674af363fc`
SHA256	`3c8d79461575de5f371c0b05873c26c6405df0b17b4f133b5bcb60ad7dab3218`
CRC32	`47A1699E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e6b555a06894b8a0_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\{9F7CDA2D-AD22-463a-A736-892B3CD10D17}\backup.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`219b8deb8f8671c985ca440d4d6d7d7a`
SHA1	`881486aa8718a5ad64f84fac45438782012b208f`
SHA256	`e6b555a06894b8a0483ad2d8420d3a82c6173cf5caa4aee66041145cb2f05c75`
CRC32	`8730DACC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c28eb829b07d8bd0_~DF2B8804BFD5533E76.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF2B8804BFD5533E76.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`bf454e6433913fd26fecac8ae57de7e7`
SHA1	`90deaf66b73b58734f5507c7531df2f68fee86a9`
SHA256	`c28eb829b07d8bd026e381fd67c5adec9d04e0def9a92aa8afda42f43dc32e55`
CRC32	`04C5AD51`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	39cb0ac54b8bd4b0_~DF6A07BEF569E9DFA4.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF6A07BEF569E9DFA4.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`8556c7cb271c46a7a62c67ccf6aee691`
SHA1	`a789942cbbb12135357198b5c7ac2ada9071af54`
SHA256	`39cb0ac54b8bd4b09706b710639469b3e9e13109365008c0336ec0096eaa1747`
CRC32	`9C79A3CA`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ed03ddcd40579cb5_backup.exe
Filepath	C:\Python27\tcl\tk8.5\msgs\backup.exe
Size	40.4KB
Processes	11776 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`e376abd20fdbb22f4cba4eadebf40145`
SHA1	`3294f9213c6941a68b933781e654866b2025fade`
SHA256	`ed03ddcd40579cb5d8f8d6fbe88e38b4512630a855d13347774411d1d6a9f593`
CRC32	`CE27309C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f3f84c472c56e3f9_~DF8C16417F3C8B7236.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF8C16417F3C8B7236.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`fc3919f758bdaa86e7bfe278382fd13d`
SHA1	`9a80aa477772b4208ca7ee8091049675481ae79b`
SHA256	`f3f84c472c56e3f9790885d00bf2a357c2d7584b9cfc7b89dedac84e71e7d440`
CRC32	`A8B7446C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6e1541435ea29a71_~DFF359F559108C591B.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFF359F559108C591B.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`20f0e5cce4de440f34cd0217dbbd1336`
SHA1	`f539a6b832ba787ddae0787a72546a34f5eb3c93`
SHA256	`6e1541435ea29a7191b4f59f15a85df731821ecdf8f517209acc956fd34cab1d`
CRC32	`64998BC7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0045c322918136ba_~DF5CE750ABFDF0C01A.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF5CE750ABFDF0C01A.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`8cbd40e66aae6c80881521d893938aa1`
SHA1	`11443173ac6b0193b34f7878d53d1d851ba181b3`
SHA256	`0045c322918136bac5fa9ba43a59b78ac90760679376fdfce6829778e3405cf2`
CRC32	`D1DDD069`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f9bf867876cb3e3f_~DF890F3725EA1A8A5A.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF890F3725EA1A8A5A.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`95bf02f619be91a5fd39f8f4e735317f`
SHA1	`aad24d3314f10dc3a64c4a43e2d955d5105556db`
SHA256	`f9bf867876cb3e3fac0fefe1c3c6077d71a46c73038b9e3fe2b231102715ebaf`
CRC32	`E0A122B6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a774c386491ea234_~DF43C2AD9CFC26F74E.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF43C2AD9CFC26F74E.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`6a04bead6ff179b3338453ecae836f00`
SHA1	`2ea2f776df3591d9e2f102c735f082b7e8a891fd`
SHA256	`a774c386491ea2347517eb5bf2793c79b60ac3d02aab530a05f4b9e7d9268af5`
CRC32	`F6641E41`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c34da16b45ffd795_backup.exe
Filepath	C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\backup.exe
Size	40.4KB
Processes	11588 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`ad0968bddc3b7f16758896bb7cc2488c`
SHA1	`196fef0295603b67c5d155ee1ec7a8f57cc6e614`
SHA256	`c34da16b45ffd795676f76c4e9e015d87bcef1770aefe65eda34f79007d7e95b`
CRC32	`333A16B4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9c45fff982a7ecbf_~DF554C62C1F0C95C1E.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF554C62C1F0C95C1E.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`c4f28b4e63638241b0302a53c3cfc888`
SHA1	`91fa5bbc8634ce0803c316cc81b312fe8c53edc2`
SHA256	`9c45fff982a7ecbf25c365620532ca759e56409bf621bd7f2cae7e87507dd95f`
CRC32	`EE4F4701`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2f89a5ec57112b19_backup.exe
Filepath	C:\Program Files (x86)\Common Files\System\Ole DB\zh-CN\backup.exe
Size	40.4KB
Processes	8148 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`02a15a07b0d27b930d57a425a0666bb3`
SHA1	`e64344aacbfe699e81dcb094d93cfc4523476e47`
SHA256	`2f89a5ec57112b1930547a08f0a2a28ae7f198e4ba04e9160c1155b0777e71e3`
CRC32	`C6F2A9AF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f0ea975628b30962_system restore.exe
Filepath	C:\Program Files\Common Files\System\ado\System Restore.exe
Size	40.4KB
Processes	3840 (backup.exe) 4536 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`5e8c764ea3ad4c642d9e5789005d1c20`
SHA1	`9cb16be5d0edd41b605fa186f95e1eb517f92687`
SHA256	`f0ea975628b309625d1cbbbb5ed8d80e078b11755604ffb1e59a9a0aa2d84293`
CRC32	`3458139D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	fae10bdb73385696_~DFF6662404E684C36E.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFF6662404E684C36E.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`6c42c01afe29cee774d32025905e3da2`
SHA1	`83e3b63c93ac94356984992de189f37737792cf6`
SHA256	`fae10bdb73385696f907544b3258086e8536e4942beed37415a6da02851e6b49`
CRC32	`044302AD`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	75abd5a68ff1209f_update.exe
Filepath	C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\update.exe
Size	40.4KB
Processes	1592 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`73a4aba3a0511bdf9d90d38604bf30b5`
SHA1	`44d7376e25c2e60a8502b0aaaf71e7cfdbdfa4b0`
SHA256	`75abd5a68ff1209ff5557189c287917906c9cca08ca281c11197953c43ae8833`
CRC32	`8E127510`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d76c6332b6d31e73_~DF0AAA9A88F83AFF1D.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF0AAA9A88F83AFF1D.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`36ccda396695985e92e8a94c8ac4df01`
SHA1	`a84f0dfcd07b86a4aea5e123e2cb8bab81a542c2`
SHA256	`d76c6332b6d31e73d4cff3b97eff2b21399c55cc20a1512efdcacad09810b34c`
CRC32	`491C8F97`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	976715d83dbec580_backup.exe
Filepath	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\backup.exe
Size	40.4KB
Processes	6268 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`a11e01f6f54a98d94332d7da994fbacb`
SHA1	`171a08ac93c05bdd76b137ae656c9b55f2216d1c`
SHA256	`976715d83dbec5809422fca22a5bf2189fefcbcd3bdb8338870756ab4609a5a0`
CRC32	`B7322CCD`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	236f0a13be180850_backup.exe
Filepath	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\backup.exe
Size	40.4KB
Processes	12684 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`2471580756ed03739960f00e47bf9c3d`
SHA1	`49c153cb68842eb8d70e9d9d34681e9f7089dc7d`
SHA256	`236f0a13be180850d0ad771dd83a49268d39f7b3a8595a6f375d6c73c031eb99`
CRC32	`A9CCE976`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	42969af7ce6f2c05_~DF5226136D6799672A.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF5226136D6799672A.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`c941ee89633f5b928259cca2f4e85d8a`
SHA1	`37ba764d904d859ce271effc40ba57a7cdaf2607`
SHA256	`42969af7ce6f2c05a49bc9f78a6070427d67846ce86915c6d788859efd88caa7`
CRC32	`B5DD18BD`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8d272d5da20c6c06_~DFECC1C15B7F65024F.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFECC1C15B7F65024F.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`799d1dd0ecc8b7b2e628b75d17469670`
SHA1	`a92217d96ea8e662a3b8f14240417b04de299482`
SHA256	`8d272d5da20c6c06962252bd8696bd61fbd4531f88c4e8d5a2b2a0a498843d70`
CRC32	`2FAC184D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ea35bb506f9f05bf_~DF46AD69C9317E3680.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF46AD69C9317E3680.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`7d6b545c98c9f61a67a2bd5074b40aec`
SHA1	`f8862e6307228b990e3ce9a7d1797e26c86c62c2`
SHA256	`ea35bb506f9f05bf53f36006a144137eb76699781aa03aeb87898697cce515e5`
CRC32	`A3150DA1`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1048203228c52d1a_backup.exe
Filepath	C:\Program Files\Windows Media Player\Media Renderer\backup.exe
Size	40.4KB
Processes	7420 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`f9aa4559f214fdd1d2b69eae07450319`
SHA1	`eb002f41029cdba373ce25476d22483844e037f2`
SHA256	`1048203228c52d1a68a4cc92bc57ed3b8609b418a2291bd478ab354df30a1da1`
CRC32	`4991F0DD`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	62e42e13845bccc7_~DF71E0C1F389064862.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF71E0C1F389064862.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`47a31a1ba2cce5672d322c8d21ad753a`
SHA1	`296b7e59bab13796348fb42f0c61d59423c429c8`
SHA256	`62e42e13845bccc7eb0b16ecd0cf9afd145990ad0a0c6357ed3640d5f6d22d92`
CRC32	`C921CE62`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f3451c815f5a0e02_~DFCCC12FE18353042C.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFCCC12FE18353042C.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`1f6b152f6f4ad90f532d5528069cb6d1`
SHA1	`a5294b0b7468220222a514c6e3cd851e4ecf46e0`
SHA256	`f3451c815f5a0e029e42c9ed08eee65753ccbfa3eaf9cb1f0755aba1bf1b47e3`
CRC32	`1593494C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0d4d7c23e39cba9e_backup.exe
Filepath	C:\Python27\Lib\ctypes\test\backup.exe
Size	40.4KB
Processes	6668 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`dfacf6d43be3152e1d5c3eefcf03c154`
SHA1	`c11d107ded65230b20306fb1f9c2c8374942bc24`
SHA256	`0d4d7c23e39cba9ecd537dbcaee92049c760b82f871540e011fb55d62e9f8df3`
CRC32	`2A239210`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6c4321c851a1e49b_~DFB75A31F57D4279E2.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFB75A31F57D4279E2.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`d73bfbd663b27c789e05676048d4a18f`
SHA1	`9c521d5c612510f473171f815f0f48a78cb88151`
SHA256	`6c4321c851a1e49b473052b25406eb0cca4c3304b5cb006bef50bb8c6b658d54`
CRC32	`852B25C4`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	fa069babef2cda09_~DF67502C67F6978D84.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF67502C67F6978D84.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`b3f5e53f62de15987c3f6febf2129e5d`
SHA1	`94bcd41a67f02c3540750f14ea9d18ef775455e4`
SHA256	`fa069babef2cda09d89f40d8c2fac1aa753e2076529abd76626946216349648e`
CRC32	`2CFB6C64`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8e1b25e0904ee22f_backup.exe
Filepath	C:\Program Files\Windows NT\Accessories\en-US\backup.exe
Size	40.4KB
Processes	7836 (data.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`0d0bb08c831b99a4be944f1d0d6b6352`
SHA1	`9f97bfaca65bd2f69cd654941488cff08d57e5dd`
SHA256	`8e1b25e0904ee22f4bf8a86473cc959d209efe0ac72d3ffe8ae0fd23492c2054`
CRC32	`03F225FB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	45f9cf823b1a365a_~DF0BCB0A99B300772B.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF0BCB0A99B300772B.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`23881894b82733e6ed686a9cd6c3c20d`
SHA1	`d0b37315c87648c1455b3a40850393c738cf6c01`
SHA256	`45f9cf823b1a365a9afd3c9c6525b63444dce4febc2731ec118f140b13cc808c`
CRC32	`802C662D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	13a6d21e0210520d_~DF790E0BABD6F02C12.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF790E0BABD6F02C12.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`d8750c3afcd7158ed86c4d47f3901d3c`
SHA1	`8a91406b08d9f16e4467f6dc58b0e8bc2b753b87`
SHA256	`13a6d21e0210520d62b1a6aa67f6b85b514b3a370e0fa6b7c2a46012c1820f48`
CRC32	`F85F5303`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	756bfcf216d1f570_backup.exe
Filepath	C:\Python27\Lib\site-packages\pip\_vendor\urllib3\util\backup.exe
Size	40.4KB
Processes	13292 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`652e0e50af94f0737c99cfc40bb07f7f`
SHA1	`a18ddbea6bcc4f241a9d0051916963c867890935`
SHA256	`756bfcf216d1f5701f1a23972b5335a1c45799565a778b41949dee779ef9e884`
CRC32	`1ECC15E7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b70d03350d3e417b_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\{ED713694-0E85-433c-A114-73424E5A2A30}\backup.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`6689c706b3bbed2cc0dbcb9a01619cca`
SHA1	`f11b26f85017559da0a08fd3a038a1f929626e47`
SHA256	`b70d03350d3e417b92d603ded71c4b28996725a054df056dac8ef1cff5be5dd6`
CRC32	`73E46F9D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4d18b167b9c9e90b_~DF69A0761AF2AB99DA.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF69A0761AF2AB99DA.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`ccf9a617be8da9a4c2f99abe9e6007c1`
SHA1	`68089f4010654a504de3bed8702e673492ef318b`
SHA256	`4d18b167b9c9e90b01ea93a99b26376a7b6ceebebd1e496cf959c609ffc7f436`
CRC32	`66436994`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	cd1a8c13aa00eae8_~DF59212BD087753BED.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF59212BD087753BED.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`16df5398e288e6990ad96037e2f9a9e7`
SHA1	`bea45b6cf6f5c5317779b37e505fe37e7ccc8fc1`
SHA256	`cd1a8c13aa00eae861973c5664233210e4b5380e2b64bd9511cba7682973350e`
CRC32	`58551957`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f6e43ae03a87b634_~DFDBB019808EC7E88D.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFDBB019808EC7E88D.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`c5994d1f0f5085e338cfa0d73d224d43`
SHA1	`de30df9b553032af340e951371196fb52624e07f`
SHA256	`f6e43ae03a87b634812ed3a3731129883baab01afdf3bcdaa8e2e9cb2b7ba52e`
CRC32	`93E67D80`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	15ebf01b3502a081_~DFAD9F3706DE15EB09.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFAD9F3706DE15EB09.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`6096b2b8bb3a81f65c7958923982efb9`
SHA1	`121fb7d329a947a7107e524b78808690a7a67a55`
SHA256	`15ebf01b3502a0819d2cba373ac26cb7897ff556e8eae118cac385ef661114df`
CRC32	`A362FDC3`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0209455acef8d58e_~DF14DC21DB6DDB0490.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF14DC21DB6DDB0490.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`86a9797599f2425276a780d3bcc4703c`
SHA1	`b91fb2ca1397bab8ae24efd51ed999e6455b873f`
SHA256	`0209455acef8d58e0b2fe9746cb50b000f3d6fd636d6740d1a23f7bcfde2c16f`
CRC32	`6CD4F47F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	638b5b3bf0a22376_~DFCAF06FE8C0DC02A4.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFCAF06FE8C0DC02A4.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`e0f621738464d95516ca44f0f1c75e05`
SHA1	`8bc9fb0305ee44e8ea4bfba946dfab2fe5d00579`
SHA256	`638b5b3bf0a223767b80dac4685099208286238d506c97ebf1a5f5515bb0f8b8`
CRC32	`B18D2A43`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	80076ae0f1977d41_~DF0307B5928AF0148B.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF0307B5928AF0148B.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`1e54c5d0299e4dc3ee9b5450bd41aa06`
SHA1	`7e90b69e0313692e748a8682d70a3e739325f023`
SHA256	`80076ae0f1977d410f55375ed313f591a5a97172b6ceec0103403bc97467c4b6`
CRC32	`59BDAE01`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	fa3cdf8084b3dfb8_~DF294CBC402A7DEF9F.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF294CBC402A7DEF9F.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`fa34a4137e9475e0ad7b8a8610515226`
SHA1	`ef38825babe3bb728ad6ad20170d56c1d4e5bfb3`
SHA256	`fa3cdf8084b3dfb8107d7dd0f76784c3f940345e860835ece92081e4002a2596`
CRC32	`F88AA253`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b2f899895e104086_backup.exe
Filepath	C:\Python27\Tools\versioncheck\backup.exe
Size	40.4KB
Processes	9456 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`c2cb8299f557c73676fd30a20c394b69`
SHA1	`f86f1a922b70ea0e3a51b3f4052da51b18b42580`
SHA256	`b2f899895e104086cea32ce9f83b26fb92912c4056f4df596edfd4f914fdc8ef`
CRC32	`4CC0ABAC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2842e8fb45bfbdd0_~DF68D1FD6839396718.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF68D1FD6839396718.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`fa44721df54bb64d6945ca77bb40251a`
SHA1	`7f8e97c6e416551d5b011a78d7dfdb1c3f232e5f`
SHA256	`2842e8fb45bfbdd080c9249f427af23213ef5bf59b62d80b1bb64a7ddadca39a`
CRC32	`D338EE54`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	75cc020c063c96af_backup.exe
Filepath	C:\Python27\Lib\site-packages\pip\_vendor\urllib3\backup.exe
Size	40.4KB
Processes	9600 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`6d7d0e207840c3a63ddbf2c017f985a6`
SHA1	`fe2a866ae8fb55e662cc74695e4cbd69099884c5`
SHA256	`75cc020c063c96af5bf80f6df38dac0c1624f540063d294c411d402313ebd435`
CRC32	`556A7B9A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ae5ced40f073f014_~DF9715689F3AA028AC.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF9715689F3AA028AC.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`93aff88048f1788496b7cb37b19e6ad5`
SHA1	`be4b8fd40db8ae2e98a9a482fe10dc4cb9fc05c8`
SHA256	`ae5ced40f073f014508f353b08d552ba1ac4569ea84d4486b528fd80a6ca4120`
CRC32	`DAD227F3`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5622adc34453411b_~DF213E5A19C763AB30.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF213E5A19C763AB30.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`6a1f5d0c1ee143499c7e1cf0bbf17e1e`
SHA1	`48c5ddcc4cdf145f4ee5e90ef399d84220ab5162`
SHA256	`5622adc34453411be68f70d31873c7cd6a48c9dc38d527df724099cb88756f01`
CRC32	`825ACB94`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	965bc09f51aa1ce0_~DFDFE01AE560566963.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFDFE01AE560566963.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`487e31aeeeb5aca47d65ff44107e68d1`
SHA1	`840f4482243408c80fd5e9148c04f417c5873555`
SHA256	`965bc09f51aa1ce003d3e75d91d6668cee0a2b899897563e0f438b7c4b6c1f54`
CRC32	`CBDAE324`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8a8db33ee2719950_~DFAD8FECFF5B447B6C.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFAD8FECFF5B447B6C.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`480fe2cd27538ea9a61155103be41e5d`
SHA1	`b807a0a33534f489bca270bc9a2d6e35956b4ed5`
SHA256	`8a8db33ee2719950dd855ee795fd2688fd8481b3307ab859cdb665e8e549d770`
CRC32	`84F2DABA`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b75167516a478e33_backup.exe
Filepath	C:\Python27\Lib\site-packages\setuptools\_vendor\backup.exe
Size	40.4KB
Processes	12976 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`603a7a43c8b6bca189af05d87d8b02e9`
SHA1	`468d0f25e8cbf91b896797d3f826b978f930893d`
SHA256	`b75167516a478e337857f28fb45510bf41128cae595e926a0aff772520fd4087`
CRC32	`607F81D7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	4656e29f9f9f9fd3_backup.exe
Filepath	C:\Program Files (x86)\360\360DrvMgr\config\defaultskin\backup.exe
Size	40.4KB
Processes	3840 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`ee7806362278a2781363c6c3c3933659`
SHA1	`1d0ed0a8bed20152d0f84bd3bf290969d2ef221d`
SHA256	`4656e29f9f9f9fd3e3b8e65e4f81fffe8e0697e7ccd148344fcf731ddc30a6b9`
CRC32	`DA8D7A28`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b769a4c490565a3f_~DF5245200C0146E721.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF5245200C0146E721.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`15f8fae34343a8681b708ace3275bdf6`
SHA1	`6f8beca339a7949e29a41a515f868da87e7db28d`
SHA256	`b769a4c490565a3fa28aba0ead3d54055349dd067b875c0499a0d8b9c6cccd86`
CRC32	`99809712`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0a5e2b36d7382366_backup.exe
Filepath	C:\Program Files (x86)\MSBuild\Microsoft\backup.exe
Size	40.4KB
Processes	8136 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`6ecae9a2508fffa2948db79df108368d`
SHA1	`ad52853518bd074592a20b668ce03cee55682a6f`
SHA256	`0a5e2b36d7382366fc5f9b606aebe2f0e71749a1517e48178e9ec222353bfc73`
CRC32	`CF5415BA`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5bc14bf40ecf4e81_backup.exe
Filepath	C:\Python27\Lib\test\audiodata\backup.exe
Size	40.4KB
Processes	11520 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`d988a004b882e5ce00dc31c5d27ea652`
SHA1	`f771deaf4840ac7d8353db718ba676c751375a2e`
SHA256	`5bc14bf40ecf4e810a73b2c5600d8990d23039124138f216b2e9badcc0532364`
CRC32	`296498FD`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	392edd7fda0eabbc_~DF47064EC165D627FD.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF47064EC165D627FD.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`5764437941ce7432644a4bfa8c5ab3f7`
SHA1	`26993bf210c2cf15192ca86fd585926abfeb51fa`
SHA256	`392edd7fda0eabbc20f386a1c358145d78d2c3691c5aa101ae7163b9fa859396`
CRC32	`5F6333D7`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	29c846ab7d8961d2_~DF2DABEB3FE885D72B.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF2DABEB3FE885D72B.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`e43cd6cfd1c6e66deb736c10058a871f`
SHA1	`2e902766f5e5c831d856769a41ec23389c48b213`
SHA256	`29c846ab7d8961d29a19557e6e2ea54b59daaf16bbe30c37f6a2cf18782d83b6`
CRC32	`2DCEBF93`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	eb91310a8a66f3a4_~DF1E9BB50A3DD40345.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF1E9BB50A3DD40345.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`1a7c516369ae0ac622a909df65b8e436`
SHA1	`5c767d4d16cde1f212f1cec44133154b61cc9faa`
SHA256	`eb91310a8a66f3a4aef838c475cbe2ee95b61c5328a6c766744c5530941af7b9`
CRC32	`DF64C08E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ff3e2247ef515cde_~DF91D4B37BF5761C45.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF91D4B37BF5761C45.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`fee2f0aca6b916fa33a459fa4c45f37c`
SHA1	`2211bd5818758095e74a9c887131ae97d82b26fd`
SHA256	`ff3e2247ef515cdee6b889eb303d02eae1264fc2fcb468051b7f6d56f6b3bcfc`
CRC32	`7312F3DE`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9ee4e288fd005e8e_~DF34FF320FA8AF3D18.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF34FF320FA8AF3D18.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`be7c5f8655c9d398102da97951a7b816`
SHA1	`41cbfef1a66a3ea2daacfa3339defe1008f31e85`
SHA256	`9ee4e288fd005e8e393de6dcd25490ac8078ab4e831bb78c3bfc1e7edd6afb3e`
CRC32	`87871BBD`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7f4b23cffe604211_backup.exe
Filepath	C:\Users\Public\Music\Sample Music\backup.exe
Size	40.4KB
Processes	10192 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`9009d274a3e1b0e0de4e31d430f2e289`
SHA1	`729d4f7df1024d5069fdb4cd0a0979e01146b223`
SHA256	`7f4b23cffe60421183f5a88ca240ac1cba74a2799ce0fc04e75ee431b0f11be9`
CRC32	`72BBFD89`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	23fb33da4bb5a7d1_~DF16E70F1CC75AF508.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF16E70F1CC75AF508.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`6da4a5953d7127abac585452f1ac7ec9`
SHA1	`780ac4ab3537d2e30ed7092b2a453773b52cd4fa`
SHA256	`23fb33da4bb5a7d17d6503c3654558661b271aec224aa142b03b82aaadb90839`
CRC32	`EF73C977`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a004aaab4bae6b0a_~DF0C01F2B716291476.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF0C01F2B716291476.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`aa8bd6e58e65f54cabf92a8537d6b304`
SHA1	`f6e4b9845388d2d9492935972d86b5fad04f8a28`
SHA256	`a004aaab4bae6b0a7aa8e71585bf0d99f4b47c623c9f70d4ded71451e31a6581`
CRC32	`EB47D64C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6c053389839ac26f_~DF4A124146C809C7C5.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF4A124146C809C7C5.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`f835470b090ca7b009d7fd24e1212dae`
SHA1	`fcf1256d9249c86212be2739221452af62ac062a`
SHA256	`6c053389839ac26ff5cd090167ddba03e3441765807ad462c01d808e0f5ae303`
CRC32	`A88F3FD8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9727057b3c9de733_backup.exe
Filepath	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\backup.exe
Size	40.4KB
Processes	8936 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`67f8896fbdf3aa3fb5c2e626b1548f50`
SHA1	`dd25d5f3291aae712b6303de2248ead0a2038b1e`
SHA256	`9727057b3c9de733f2d50f08073a72adecd265cca1d42008a94ffaa8cc751a62`
CRC32	`02A87066`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f945e25027a03f47_~DFFBE1B3168F13144B.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFFBE1B3168F13144B.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`e05bdd3cbb9daf93fa7fdddd7240a926`
SHA1	`ff1e2de0bf0af5cfcb5e596decd50ee9b9672a96`
SHA256	`f945e25027a03f471ccca2f90bbf50e436cb8db251fabf714159ac6de7953bc8`
CRC32	`FD78A06A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6e6ecdc4a8d68583_~DF3E57917F6C5E4A27.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF3E57917F6C5E4A27.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`feb5f5c86142c6c1b1dcf6526e622100`
SHA1	`52f1617efed0c703ba9c70fb98bd87d042a221ce`
SHA256	`6e6ecdc4a8d685837e4c96ddd128274439dfe87c16354f6c1d658f719a8dd9a9`
CRC32	`0DA3312C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	edeaa469130ce410_~DFC0EFF0DBA30B6552.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFC0EFF0DBA30B6552.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`7758e937773b9103b34bc11329911896`
SHA1	`7996e771627b2741bdf119d08ccb3e4c5141b6b0`
SHA256	`edeaa469130ce410ae18313fd7c4254990f75d34a62d7a04692e3b25ef529584`
CRC32	`347AEC60`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a17f59b8ab06f856_~DF5C236718EDEA20C7.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF5C236718EDEA20C7.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`b24581a42e0742e458dfc8ae764a44df`
SHA1	`8e8ad2b85ad6b2c7acf6e3d9e422a22448378cb6`
SHA256	`a17f59b8ab06f856fa650a7c9dd7e2f1d4fa960272c6584a7fcb68492915d988`
CRC32	`92143902`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	86a9fdc449070d2f_~DFE997F2E21FE2D624.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFE997F2E21FE2D624.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`bb5319147aa9c8379d43ad8c4314ced6`
SHA1	`828b8f569345ae1bef05b1edc0d0275612fd8385`
SHA256	`86a9fdc449070d2f071a50971b04c7f831f2fa6c51a53781295cca61ae885e4b`
CRC32	`2DB0AD5D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b3592cd2cbce4494_~DFF82690FAAE695F14.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFF82690FAAE695F14.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`e02ea9ff159e2a8a44aa1999d01ddf25`
SHA1	`d9f288bff6010af460db1fb8b8bab537af715b2d`
SHA256	`b3592cd2cbce44944809be1c73fcde660246bce87658b574a7b1ae0aef66ccc5`
CRC32	`2C544305`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	da2e7a959710955c_temp.zip
Filepath	C:\Users\Administrator\AppData\Local\Temp\temp.zip
Size	22.9KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	Zip archive data, at least v2.0 to extract, compression method=deflate
MD5	`c99c4fa4acc642712926494bb6feb31a`
SHA1	`5c8d2d63902239cb078c1caa5508d3150afa3f05`
SHA256	`da2e7a959710955c36af3f2929b71690e6c894a678e0b98d193f5f4671c3f7ec`
CRC32	`EE9663F0`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e463c2cf6d983b6e_~DF7C0BD9FDCAAC42B4.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF7C0BD9FDCAAC42B4.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`82c29a6ccacbfe89e29d1b4e95288d91`
SHA1	`5b7cf3ef6c294a03e0529794c263e7641dff0aa5`
SHA256	`e463c2cf6d983b6ef714a50cfea5c938a56a0428e2a7d23ab6ff0bd59ddebd7e`
CRC32	`6642085B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	bd99516146624a00_~DFA6C95BD2C49A4100.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFA6C95BD2C49A4100.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`40631109e35cd8afe7f87df3131bed67`
SHA1	`ead6e40ef648aa00b000760b9af2905cc300f449`
SHA256	`bd99516146624a00a0e8065ea28fbb0054dc5792e5f5a45a80046e295597a3bc`
CRC32	`7761F6CF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3d810d0351fea1b7_~DF2A99727F5F97CFF9.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF2A99727F5F97CFF9.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`8456cf742528cb380aefe0a58a017777`
SHA1	`454df567a63aa1f2bc4567807a38a1876fc1a17c`
SHA256	`3d810d0351fea1b756c85b9f456f5d763bdfa9ee56e7b3fb3950efcfb1a0f250`
CRC32	`4BF14664`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1bfc94e5350ed709_backup.exe
Filepath	C:\Python27\tcl\tk8.5\demos\backup.exe
Size	40.4KB
Processes	11776 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`fae2d14bc51f4d23a51a6e2415b89d32`
SHA1	`ce895d671b0d66ea2f5e095732e0b6e7b5af8e38`
SHA256	`1bfc94e5350ed70913c04cd650c9c327bc20e0635027665c6eae7ab7b12818b2`
CRC32	`B920000A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	92d849c7d328a929_~DF7B2104FA9333D55B.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF7B2104FA9333D55B.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`d47467325768a477472ce62786ad7838`
SHA1	`eefda756de5ad677aa7b6a7cdafe5d69dff68b03`
SHA256	`92d849c7d328a9298625cb9e3345300539e4401f7c760d8bddda344384584543`
CRC32	`4FFE98A3`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3c0839d862df9a82_~DF3EC17B3B3182DB98.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF3EC17B3B3182DB98.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`95a4cdc16108189794cccf9141938986`
SHA1	`2cf38b1c01d7c3d17701b7fffca511ffd1242e16`
SHA256	`3c0839d862df9a82dbc05a74f73514870bbfff2cb89dc9b873bb358332ecc9a0`
CRC32	`2FF84492`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0da251e8df9e4a86_~DF2EFAAFC62E2F200A.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF2EFAAFC62E2F200A.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`57b9cf9b8c504ff29a2366a2d5a9a33a`
SHA1	`abe35e8cdba13100f0ef5d4f867216de9cbfefc7`
SHA256	`0da251e8df9e4a86cf4e118f1f1b8f7a47038c15a29b153d0ffa3ce47530401e`
CRC32	`073CDA38`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9f9803ff086dfb3e_backup.exe
Filepath	C:\Program Files (x86)\360\360DrvMgr\config\skin\tools\backup.exe
Size	40.4KB
Processes	4444 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`c7170726d407d1d293632d7b9f24816e`
SHA1	`d03e88c2bb23ef80b1bacf96347d2c996e8320dd`
SHA256	`9f9803ff086dfb3edc349f9816c7734891dce3019bb31906569be8f456a60b2c`
CRC32	`9E8C9219`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	799b97d55de0d975_~DFB3A803C3D4F5D146.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFB3A803C3D4F5D146.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`d3bc8628eece75ab17c141abde165063`
SHA1	`73e5de0341a08394ea6fe3a4acdd2ca234eb2bc0`
SHA256	`799b97d55de0d975b13881ec9d85bb2a6d34cdfdc9f3717fd1d9f180012dceaf`
CRC32	`188ED5A3`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	065866d860687911_~DF5D8750EEC2CC31EF.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF5D8750EEC2CC31EF.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`b4dcfc450be8da75550e394dd46a0a83`
SHA1	`0ad8a6ac76fa0c752417f2bad62e75d716e4bf08`
SHA256	`065866d86068791176f5931de304d0c472da2b41e3576c4eb57c6ebb135fd4d8`
CRC32	`93090332`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	457d36033aa19c49_~DFBCB5D1EB331276D9.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFBCB5D1EB331276D9.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`57fdbaff12672605f2fcb2279b9e2e8e`
SHA1	`7b11b7c7631e2a8d36be749cccf50f2addafc16d`
SHA256	`457d36033aa19c492255c328c3c9b9e55e737fc3c4eac3679c57d1ef2b92c754`
CRC32	`4FD3BA81`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ff80102d846a8009_~DFCE57BB585820C0E5.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFCE57BB585820C0E5.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`946c6aa66dbe4758371cc1e4f76ac76c`
SHA1	`162a3ff64a28e447483e53686f47927df83ebb17`
SHA256	`ff80102d846a80093922ac320a49b006231952ea594efafde511dc3ae0147c27`
CRC32	`CE6E8FDF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	dd0a39df9111c55a_~DFF9FF8B3BF04329A1.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFF9FF8B3BF04329A1.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`82c9d366f4b03af66a0bceafa7b2a95b`
SHA1	`890dcbf76d1cbeb7df1eaf5516548c665ebd1855`
SHA256	`dd0a39df9111c55a75b8a2befc0de5173662b4cdf04cbc8e5146c76acc9b40d2`
CRC32	`DA4ACC2A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	bfcf5ea19c265c24_~DFF87B30229A96F7A8.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFF87B30229A96F7A8.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`9238302095a44f9ad85d29fb971e306d`
SHA1	`231c3c85b221a10333a12fddacebf2326dfb2516`
SHA256	`bfcf5ea19c265c24541b860c4aa35c340ae4f45449b192938c66f1b5c38f495b`
CRC32	`59606024`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	973f2fe33d1e90d9_~DF538B0F9DAE98D9B4.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF538B0F9DAE98D9B4.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`6eafab105d85800550f9c06153aab788`
SHA1	`2dc6b9e048e5e2d5179311d838860d0166ce4c84`
SHA256	`973f2fe33d1e90d93fa3082af80e4948449b36d3747fd6a38cc64cbe9e70f1b3`
CRC32	`ACEB504C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	af53f09bf0f31378_~DFB96C11120EB683B1.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFB96C11120EB683B1.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`4011d7c41f21d05869bf9a6a9589c2d1`
SHA1	`8f080608e5f86cf64bcedd724ed5388e45c1bba9`
SHA256	`af53f09bf0f31378e25b11f8c5650d1484141c97632e4f6908f50c13ec6077a4`
CRC32	`B7519195`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	bd666b593ebf0077_backup.exe
Filepath	C:\Program Files (x86)\Mozilla Maintenance Service\logs\backup.exe
Size	40.4KB
Processes	9188 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`d0bb27adce79ea029d8428ad617964de`
SHA1	`87e8cbd2eadfd369e6b403fa1c2a5de72b27bc28`
SHA256	`bd666b593ebf0077b6ef0acc98103e3ed0a486edc75b4b96d97c99030da331a4`
CRC32	`54B74F16`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	723e0f9678877696_~DFAF18F99C13A51D57.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFAF18F99C13A51D57.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`0067c6eb6759326aa15e720b667ab5a4`
SHA1	`bbcb81788f31e7a08e504dc556b12ab719999efa`
SHA256	`723e0f9678877696fab3ac4585e18c19a70e8abc2be04b32243c4a22a7d43875`
CRC32	`99260EBA`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	145f4371ec4bddb0_~DF87257C5725D25E91.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF87257C5725D25E91.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`6d0030da2fd07743561f5626b99d125f`
SHA1	`4cde73d2f47a1cdcd5078d55c05608d0c17e9a41`
SHA256	`145f4371ec4bddb05bf2710de3311956dbed83235f9ccf608bcf9922c3f99992`
CRC32	`B163C421`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9961594c1f9cc00a_~DFE4FC0EDBE234CBA1.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFE4FC0EDBE234CBA1.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`32e65b24f1d27b9e856e18bd8255cbdb`
SHA1	`b67c0e9bea10eed30a6b20d83c0bc0cc8d3ca1a7`
SHA256	`9961594c1f9cc00a2e976ecc7d80690b612d13ad9733a5053ea4b52c88444929`
CRC32	`9157CAD1`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ea0faedcc45b2178_~DF35744160C29799DE.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF35744160C29799DE.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`dff674647d341bdc56a08c29cb26ce64`
SHA1	`d708757196acf9dd6cba4c68fc1af86c5d58f66e`
SHA256	`ea0faedcc45b2178b4d735a16bb17e0d6133daf5e617d1815aaf1c8b89ad9c95`
CRC32	`B9E02D13`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	866bb44ff31d814e_backup.exe
Filepath	C:\Windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\backup.exe
Size	40.4KB
Processes	12872 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`b47e8e053cb88aa7d9003ee7de7cccc0`
SHA1	`e3218e380c81c97ee6d0c08886af0acb259766e0`
SHA256	`866bb44ff31d814effb74133771c3462da8504cc0319b21b65016362bded5c27`
CRC32	`39088EF1`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e0465aee9b9048aa_~DF40A06B5813DAC865.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF40A06B5813DAC865.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`665a276bad86370adc9116e4624fac96`
SHA1	`2dd261adc562fb6577f30f7d243253d37b7a4745`
SHA256	`e0465aee9b9048aa788d06d6693bdcfb6305717a5b6f4bb21f07d362fc64b3eb`
CRC32	`E680AEF5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	28de5e58afdaded3_data.exe
Filepath	C:\Python27\Lib\sqlite3\data.exe
Size	40.4KB
Processes	5212 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`b0020348c0a7639a89f06ef5e9522532`
SHA1	`75011a6a5e43ed82783c42187a7b96016fe7cec6`
SHA256	`28de5e58afdaded3df5f6de7cf7339e7d104532eb6064268c93b58ebd30e1fb4`
CRC32	`FE732409`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e29271b94bfe363d_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\{5612CBE7-9CDF-4014-9454-1A3AE75C0CEE}.tmp\backup.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`78aaadc7cf1e289b1675eda711b51e34`
SHA1	`d7b7e13e0d33cf017b0a1bb6420be484d8600c62`
SHA256	`e29271b94bfe363d0369ec3a92360d501ccfd14282f12c98371f1fd4596dedca`
CRC32	`413C037E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1782cedbfacbb954_~DFFF4D1EADBD565E65.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFFF4D1EADBD565E65.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`efe6847afe38acbf0d4298418c3d0fe8`
SHA1	`ba7c474242dfd758303bd96eec6e522f9237b769`
SHA256	`1782cedbfacbb954690e1e7b1242ca512169dfe9916308f3dd772d8dcdc270d3`
CRC32	`EC0C501A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1c00435984b62081_~DF68277D8302B16551.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF68277D8302B16551.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`e2a34f768fcc1a4eeb646c90a07492c9`
SHA1	`e0d918334a8b92bddec19940a4dd04289ab90dc2`
SHA256	`1c00435984b620818ba1dae4c8d2989b73efcd025023c3970c1590615ec9484a`
CRC32	`6C929ED9`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a17f59b8ab06f856_~DFA2DCA502F65E2A19.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFA2DCA502F65E2A19.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`b24581a42e0742e458dfc8ae764a44df`
SHA1	`8e8ad2b85ad6b2c7acf6e3d9e422a22448378cb6`
SHA256	`a17f59b8ab06f856fa650a7c9dd7e2f1d4fa960272c6584a7fcb68492915d988`
CRC32	`92143902`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9ee4e288fd005e8e_~DF95141E06C326B5F2.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF95141E06C326B5F2.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`be7c5f8655c9d398102da97951a7b816`
SHA1	`41cbfef1a66a3ea2daacfa3339defe1008f31e85`
SHA256	`9ee4e288fd005e8e393de6dcd25490ac8078ab4e831bb78c3bfc1e7edd6afb3e`
CRC32	`87871BBD`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	121da31e7bce0e4d_~DFE8DA89E4062A214D.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFE8DA89E4062A214D.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`15f51078b41c8cd10b57a17e384bdce0`
SHA1	`e56b067c998c397e2e499bd856856fcb285b9bf2`
SHA256	`121da31e7bce0e4dcc61d43f4fad90467de4f66f4715c6c2b1c51ba8c158b015`
CRC32	`E5DE1C3B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f3c934be6d411675_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\360TptMon\Themes\Setup\backup.exe
Size	40.4KB
Processes	5896 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`c77d2a93d65b5700d4b9b74f3f678faa`
SHA1	`28f1212e8dbf4dee5806d5035cc40d98761a1282`
SHA256	`f3c934be6d4116756a6bca9a47576cd9696f20f4aaefb555318e5b729d8e0401`
CRC32	`766366B8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7262788419b4c2a6_~DFE3C0F900A84CE32B.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFE3C0F900A84CE32B.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`4395d6fa4f73f38604be139f5ad2b4ca`
SHA1	`725075026323f18f44fa41236b00863f5a303c0b`
SHA256	`7262788419b4c2a6f16ed7736f2bf19e6a609e9beb99c2f89c43c92fe7d2b385`
CRC32	`A91E03DB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b7dbbb8a58923898_~DFF8336CDFA396A735.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFF8336CDFA396A735.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`e5ffe05af3e45ddefd682ee12f910824`
SHA1	`62b1e5bbd57f18e730a7b685ddef99f0fda2ac0b`
SHA256	`b7dbbb8a589238980e1b93ac91ab60de4f437a2bf53733f943f4ccef4e7de38a`
CRC32	`78D00C43`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	512ae18548bfdd2e_~DFBD6F1F3728AF1BA6.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFBD6F1F3728AF1BA6.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`d621a374fe6ffb919434d2480d2fa780`
SHA1	`ce81bffee9e96e2c76a105cf921d04ca40ecea56`
SHA256	`512ae18548bfdd2e68c40dff6c349331f2c5b856e3f7260b38476dad6caa68be`
CRC32	`9E0F0E94`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	251d6dbe6d7c0df3_backup.exe
Filepath	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\zh-CN\css\backup.exe
Size	40.4KB
Processes	12984 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`7edb4294242a5451d89c0318a9e15b52`
SHA1	`b08a0be1041b45400e55959c4c5cfae676d4a486`
SHA256	`251d6dbe6d7c0df3a21e9e29afb6260a07daa88d0eef7032cd563ddee9c1a132`
CRC32	`FE1DC36E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6c95fdb4656bfa29_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\{980860C8-10E9-4f55-B732-3966ED9751FE}\backup.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`6725beb40f39c1c62b1fc5ea1832ac24`
SHA1	`889ab83ece5e9d69e89d4d2890621e698d000976`
SHA256	`6c95fdb4656bfa29f63e6a450964a49a353bd8122d65cf30f124d0cd4fa828ef`
CRC32	`F037EA5A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2e59ba717f6fd745_system restore.exe
Filepath	C:\Windows\System Restore.exe
Size	40.4KB
Processes	1836 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`0ca7cddea3748f671bb3c67ee02cf0ad`
SHA1	`e8dd67b32cf10c698056d04df9d4cc26140d4dd8`
SHA256	`2e59ba717f6fd745497f5c07d724a4d643803d46d2abff0ed78e0bebe0c94483`
CRC32	`15A90717`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3473e6cc3b00ec0b_~DFC349170AC98B8020.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFC349170AC98B8020.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`54c6b6865d6ea83e86e070846770b267`
SHA1	`a3e72e8606a7e2cd3f5fb601562fc80bada7b69c`
SHA256	`3473e6cc3b00ec0b82e1382dec2031bf7aa16e0dccc7973fbab6a85eb38b395b`
CRC32	`B7D6B3EC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2f8ec27878657e25_~DF31B3E605BF734373.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF31B3E605BF734373.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`1fa05af5db4780a8cfdd1dddc8d1e1d8`
SHA1	`a6be8d7502c8d41c75f2d80156020b9298923e65`
SHA256	`2f8ec27878657e25b316bc67059987714f9da5b38d03adc0710049f34ef7c90b`
CRC32	`933C7640`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b5f980df8871b956_backup.exe
Filepath	C:\Program Files\Windows Sidebar\zh-CN\backup.exe
Size	40.4KB
Processes	8760 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`7e75d8a8cb2fcbbc9c68fdde09cdfef3`
SHA1	`5064ade05305a3b1fc574696da87e7687ac302dc`
SHA256	`b5f980df8871b956e0cf8607b930b45ca8388421c4d9d1388b3d3dc00750a37a`
CRC32	`5169F63C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c1e7f043da52036a_backup.exe
Filepath	C:\Program Files\Windows NT\TableTextService\en-US\backup.exe
Size	40.4KB
Processes	7340 (backup.exe) 8144 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`3ad3e9b681527582f930d04868559b1b`
SHA1	`3fcad786c1bde9263d51cd6c7b1262d09b784eb7`
SHA256	`c1e7f043da52036a99b9ca952c16384f87e9e7a0dd7d79e1c52eb0e9250d7d01`
CRC32	`75377F5A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	90466b9fe8fe3b6f_~DFE24786C5F63FDAF1.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFE24786C5F63FDAF1.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`bdd10c7a98e1a980de323aca85ccc08a`
SHA1	`88a842ddba098dd84f7ee8cf6d90cb58527343e5`
SHA256	`90466b9fe8fe3b6f4ca4d0d90f3041633300fba12006c3a64a8b3495de7d8ad1`
CRC32	`416A6AF2`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	27ab948cb3d3d0a9_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\{97967038-950B-4637-A08D-2CF414643DC5}\backup.exe
Size	40.4KB
Processes	3028 (0264491e54f2fe8b4c2522d6e0fa56b7f1252238b964590cae1bf54bd8ad1bdd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`c9c7bb45256f307811ea5ed8d42a38df`
SHA1	`3848bbf2951f6f2312a6ab65135854eadaedbff7`
SHA256	`27ab948cb3d3d0a9ecc969e48fe042698c4dbac2e53575617431b4e2788ff55e`
CRC32	`693EBBE0`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	81079d27ce47e81e_~DF8AB9D2B16133F7D3.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF8AB9D2B16133F7D3.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`5eeee651ad0478ca27727563876b1ddd`
SHA1	`34486c019a8d5a41e1d5ad6bb95c75706cb6303a`
SHA256	`81079d27ce47e81ef20c2356f41d528f7c7d669cd577f408848c1a4f32b44893`
CRC32	`F6CC261D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	6c355927691cfc8d_~DF6A8DAE37A9D0DAA1.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF6A8DAE37A9D0DAA1.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`1afa5f3e1fb8c6d2bcd59526c7002e70`
SHA1	`69e633ed5770ff8e7d5745242c671d3fda8ea763`
SHA256	`6c355927691cfc8ddd2d53cadd432df067c723a3a124fd710e230f6ec9bc904f`
CRC32	`92C15FC5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ffb3c6d777f0b302_~DF0ECF0FFE8032F0F5.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF0ECF0FFE8032F0F5.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`8fcdadcc5cbed097e1cfc23cd7e0eeb1`
SHA1	`d7cb935395f1cdbccf948f2c310015fcb29bbc76`
SHA256	`ffb3c6d777f0b302940536cc7ecb9f205b4839ac75f21dcd7612a3218661335c`
CRC32	`5F02282D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b9ebf5f9b8e4aeba_~DF1389FED59EA98709.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF1389FED59EA98709.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`1b0512151fa89c33236334e6f1cdc0e2`
SHA1	`c523ea5f774519ca9ebcf5b9ca9e47e326596805`
SHA256	`b9ebf5f9b8e4aeba1f6b31a3135df1d8ded333c4384624ebea9a5568a1a3e913`
CRC32	`F0014227`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c33f1da43baff4d2_~DF8B6A8ADA01D1225A.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF8B6A8ADA01D1225A.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`060c65ad880dba3038cf4bba06edd4a8`
SHA1	`7f576909979f8ae731f53c6c200deea2e2f20033`
SHA256	`c33f1da43baff4d24f2ada9837cf87dbd610e4598e1d8adfb313601bb2528893`
CRC32	`D568DA9B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e51e9db114cac571_~DF554D1A8AB9A4E5AB.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF554D1A8AB9A4E5AB.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`abb9b0f4c871973f0821e9668e3cdab4`
SHA1	`56a4d7af05e99a641b2679e0222663dda964d1ce`
SHA256	`e51e9db114cac571c96bd38c2600146358e952708954dd65ea2a8f6d75f38a79`
CRC32	`BFC9AF9A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2fb95338fdfb9cbc_backup.exe
Filepath	C:\Python27\Lib\site-packages\pip\_vendor\webencodings\backup.exe
Size	40.4KB
Processes	12372 (backup.exe) 9600 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`50c2a20690b673e07e17a81ea977e205`
SHA1	`04fb480f3b543787ecf80ed4b721210373567743`
SHA256	`2fb95338fdfb9cbc3d2ac2473a4832121bac390d35f9ad4cfa657c408cb1600d`
CRC32	`B2D2569D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c675a437428124dd_~DF0F636DF31320123C.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF0F636DF31320123C.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`7f3478529aa07b627ceb76cc79dd57d0`
SHA1	`b0ce8d80902a440db936ae334588a9e38120206c`
SHA256	`c675a437428124dd60d2ddb473bf553419ab7ad7a91879e8fb597482b1390d58`
CRC32	`E1B8D0CE`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a2061e5c8456ee84_backup.exe
Filepath	C:\Windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\backup.exe
Size	40.4KB
Processes	13540 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`2a28912add482f636a5afb18a16deb0a`
SHA1	`01141843013251cd1799771185ccd560cb99acd1`
SHA256	`a2061e5c8456ee8403c628f70b04fcd695f34c11a224548c6ca3993a529caafb`
CRC32	`30127795`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0b26c313c36ac60c_~DFA1C6708B71515D55.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFA1C6708B71515D55.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`d8e1bd54dca3b284285d433313b23b24`
SHA1	`c39ae96d78c519c39085d4b31c1ff308145286c9`
SHA256	`0b26c313c36ac60c0242fcc283296dbc12e0dd094c997c19260b03edd4d63e19`
CRC32	`30DED183`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d49d5e4bd2eb6db1_backup.exe
Filepath	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\backup.exe
Size	40.4KB
Processes	6016 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`4f74881dd1a0f0912842e0ce7970b403`
SHA1	`9ef37019cab999befbb4d601ade1142c20f6dc5c`
SHA256	`d49d5e4bd2eb6db1b21b9791f4feb7d81550751706b8b4e32e0d96fd0750e18e`
CRC32	`524EE4A8`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0d5c5a5ff481785c_backup.exe
Filepath	C:\Windows\AppPatch\backup.exe
Size	40.4KB
Processes	9424 (System Restore.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`4af846056b63c1529d406baca65b07be`
SHA1	`44d668cd933c8c4d0737f5385b7b6ad124e2a3f1`
SHA256	`0d5c5a5ff481785c579ca4b57ec62e3ba1642d16b929ace0741e4f5e27ca9a18`
CRC32	`4A810BF2`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d0230e505b15a1e0_~DF6C31032D8BBF42CB.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF6C31032D8BBF42CB.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`2ddbc93c7c05ebdff49b9486d4e6eaa9`
SHA1	`dbe2a1d14964938c139da744925a7e31e4c95dfc`
SHA256	`d0230e505b15a1e0771c29ce88d93c5b671274c5bbd87ade935f00a6cd5d2e68`
CRC32	`7455AA66`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	123af52ff2bb0c06_~DF135FA63AFA9FA808.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF135FA63AFA9FA808.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`d47c4ed23d5ccfaff9c27c3f7806e496`
SHA1	`6f32358a21eb0729257fdbaf093241b5044866c4`
SHA256	`123af52ff2bb0c068add59a8f91791bfaba78c2674e3d85bcd7ddb09edfb1e23`
CRC32	`ED7E95E5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	438a48638c881d53_~DF36C088E7DE7A3EB7.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF36C088E7DE7A3EB7.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`133483f437eb95428e7f346271064c47`
SHA1	`d1e1e2e084c9e29ef7d96266470cac16f7c0b69a`
SHA256	`438a48638c881d5374022bbff51b5c91def2118bc26020ee20b417a6e80fb9eb`
CRC32	`CF468138`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	cd40da24b8e84138_~DF5940175A283168DF.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF5940175A283168DF.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`9345c1cdbcb6b538cab780a6dc2d992f`
SHA1	`11f3c064ff2009332094ae4849b26140b65a88d1`
SHA256	`cd40da24b8e84138564431abd84a837e212d4dee9dd4583051304d9854429857`
CRC32	`0351A62B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	23fb33da4bb5a7d1_~DF2AC92590738A3B65.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF2AC92590738A3B65.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`6da4a5953d7127abac585452f1ac7ec9`
SHA1	`780ac4ab3537d2e30ed7092b2a453773b52cd4fa`
SHA256	`23fb33da4bb5a7d17d6503c3654558661b271aec224aa142b03b82aaadb90839`
CRC32	`EF73C977`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	38dc97428d611130_backup.exe
Filepath	C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\backup.exe
Size	40.4KB
Processes	12092 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`155227a58a3ed4de3226df25774ce491`
SHA1	`1c5475573d4e80b92fa78c3cc1bde66d699b7e46`
SHA256	`38dc97428d6111309fc86433e1c38391d599c5ebbf7545cf4982087e737b6276`
CRC32	`461FF4BE`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f36e1b0014b3b436_~DF2A72C83F9FE9B134.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF2A72C83F9FE9B134.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`19e39a5dae1b96b21d7fd7477f1eedc6`
SHA1	`922951ac2e540c8769037a6418cd04215dfe8639`
SHA256	`f36e1b0014b3b436ed8e0c85fd4e3bd96b70bdee38fc877fd9296244963cfd2d`
CRC32	`11C2AA49`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	78ff703ac20bf591_backup.exe
Filepath	C:\Python27\tcl\tk8.5\demos\images\backup.exe
Size	40.4KB
Processes	12112 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`5ef7654ec0fab5be5e57ecacfdd6a1a5`
SHA1	`b6a66246531cd4b04bb1cdd97126db45e7c3f561`
SHA256	`78ff703ac20bf591734a9c4c94cb5ee190a281f4e6a7f01a658ef4c37fa4e608`
CRC32	`3F88028B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	62e42e13845bccc7_~DFFD9E3F024E0BCDDC.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFFD9E3F024E0BCDDC.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`47a31a1ba2cce5672d322c8d21ad753a`
SHA1	`296b7e59bab13796348fb42f0c61d59423c429c8`
SHA256	`62e42e13845bccc7eb0b16ecd0cf9afd145990ad0a0c6357ed3640d5f6d22d92`
CRC32	`C921CE62`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e2756091c0360e64_~DFEBB9D413DD9520B9.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFEBB9D413DD9520B9.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`aa52a9d437d484083fd4eaff916fc500`
SHA1	`3d036d8c23628c6b93f7fa0335e25c903ea4e570`
SHA256	`e2756091c0360e64570f0f791478337444746394976be707ff807eb6c3826897`
CRC32	`27FCE2CB`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0adba3ae451b2075_~DFCE2E7D6AEA21F249.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFCE2E7D6AEA21F249.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`92ecbc36f12d9860446a5809206f5e6e`
SHA1	`d036a9833b202d81acfae62f12e3c3e20485e17a`
SHA256	`0adba3ae451b207581a1df8736e60c052ce159fd2e6474b9271c3de35115270a`
CRC32	`29D87B48`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	aaded1bfd236451b_~DF17E69BC43D76A771.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF17E69BC43D76A771.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`8a9c3dd6b8d2a6cb0831c74ef05046bd`
SHA1	`ec50e545b30fd9306bdc9ed126de4fa58d1aa0dc`
SHA256	`aaded1bfd236451bb80df5b4a42aa677125e6befd03fc5830b77115eaec537e4`
CRC32	`BE30573B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d46b9b6422987101_backup.exe
Filepath	C:\Python27\Lib\logging\backup.exe
Size	40.4KB
Processes	5212 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`712900b6e216ed830f490995853818f5`
SHA1	`444096be089c1712434c0741ca5758f63374adf6`
SHA256	`d46b9b6422987101e09dbf25d710fdff2bdb701124be139eeb3606ac477ada8d`
CRC32	`E4A9F074`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e345259896644464_~DF8B6201C7336D88CC.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF8B6201C7336D88CC.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`054780d09d41f64c4d4c650e30098d1d`
SHA1	`90575f4d2c157ad30bf90e3765cad0eb5c1a1cdd`
SHA256	`e3452598966444643487ca5ba7b7695f35dfb0c969a25a229b79eba990d2bb48`
CRC32	`9A7EA34A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	21df8f94a4a8fcf2_backup.exe
Filepath	C:\Program Files (x86)\Windows Defender\backup.exe
Size	40.4KB
Processes	3820 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`d9f09d0f2d73332beb9bb1e956ba6da7`
SHA1	`d6eb0318aa5a2b71de790e652f6dcc565a202200`
SHA256	`21df8f94a4a8fcf2e88995e7134c39ae9c7723558538906a93e50147f031b8e8`
CRC32	`F8CDE83B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	753d4cc86486829c_data.exe
Filepath	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\data.exe
Size	40.4KB
Processes	11872 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`4660dce591ed65538c873e351d9e5588`
SHA1	`cd9c245b04aa8be116d715ff5790c796e6c84c35`
SHA256	`753d4cc86486829c10d329458002bba5a41ed068514ef102fbd160a05388aa5b`
CRC32	`C6DC548A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	1cbfc87533b34ebc_~DFF85B1A27E05301BD.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFF85B1A27E05301BD.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`427fa6669881ed05d4b49b1d875c6689`
SHA1	`5dd8b22230b2d04fe59ac562fa3053631d5d58c3`
SHA256	`1cbfc87533b34ebca79cb07712c3a1000e57d64cb0aceb6ac31f085cfeea8fef`
CRC32	`86598082`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9033d71d72f03709_backup.exe
Filepath	C:\Python27\tcl\reg1.2\backup.exe
Size	40.4KB
Processes	7400 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`bb5e0a1d834d417fa099a2f62d066d00`
SHA1	`e11e3ebfab354ba556a6a60ad500904e6f19a0f7`
SHA256	`9033d71d72f037095ea7ba222bdca770b0d4db543172e2fff19219723c15d7da`
CRC32	`C284ABBD`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f1c22bbb8739bed3_~DF1C33ECF7784C096F.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF1C33ECF7784C096F.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`fc0e6385948c00d196d724576a82bcc8`
SHA1	`9a73919a0fa9ac9f5a1e7f9d9c7914f7828595f3`
SHA256	`f1c22bbb8739bed3aa63b69e03bf24f2019b118e4a87df5ff3a4c7fc8cbcb296`
CRC32	`55EF63EC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0822d0cc762def16_~DFDE14ADE3F498B0F1.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFDE14ADE3F498B0F1.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`7d0ede4b766aa65a8c97b042e539c88d`
SHA1	`c6abe35d95a8267c17233f6d81b712f22401f8d4`
SHA256	`0822d0cc762def166f01b70b32316d42fdfbd94ba3a53767430ffcf4c8434dbd`
CRC32	`4235F856`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	30f16d21444223c1_~DFCE9B760315D5024E.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFCE9B760315D5024E.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`9d9a243cc8f897ffb9f40557d2243804`
SHA1	`dabbc2defc1811d46b897330563137061f900700`
SHA256	`30f16d21444223c11d1fc692c4ef30d71b7f9479ac1d79ac6e8bbe12d66aaaf3`
CRC32	`7FFF1F45`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5f163d3601141f53_~DF58473DAB00ACEBE7.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF58473DAB00ACEBE7.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`adcf4fee2e728b8a8b9b73024aebd223`
SHA1	`9bebe7ec50e56e0612225d93cb3b3874cebc5853`
SHA256	`5f163d3601141f537667d8fd001c608b76bf4a0ddddf22c1c164f3bcd8215ae8`
CRC32	`75B5F3CF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	8724437ecb14f700_~DFCC3C8BE8A666DF07.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFCC3C8BE8A666DF07.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`17f9f423bf71e514d7dbe2680d5c1172`
SHA1	`89900828be6d53a101a3bb6bed06c91eed84ef0b`
SHA256	`8724437ecb14f7008844442bb5f279d82cf5e30cb60f5eff95fbb0bbb0509d69`
CRC32	`C0668364`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b2d9e977bd1981f5_backup.exe
Filepath	C:\exsrjwtsit\lib\backup.exe
Size	40.4KB
Processes	2080 (System Restore.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`00c958bad86a9564ad395e73eb9c123f`
SHA1	`695b6934b5173ea7d710d4c1c22cced9612124be`
SHA256	`b2d9e977bd1981f51b3285c3a1ddb50a4697530ee9ded46820dff899bc314a06`
CRC32	`A6FE6161`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e8beac414f52f858_~DF01B65A285AF6E757.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF01B65A285AF6E757.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`4af442f6cf3106f8d15c8070ffa5c483`
SHA1	`deef196a72574fcf0dd36f84da5ecda9ff2a9c19`
SHA256	`e8beac414f52f8583947e1cf36fa8420ade136d00a76b910817f19532715f517`
CRC32	`6E8C8404`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7cf8b5e110487634_backup.exe
Filepath	C:\Program Files\Windows Journal\backup.exe
Size	40.4KB
Processes	1404 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`ab32d374fc058db0e6c10c3a689bf8e4`
SHA1	`7fbd4d71bcdd63e0925dc481152c02bdf06f8947`
SHA256	`7cf8b5e110487634bf2d702521a1a6c64f5028c56962101048ca30944fc26d9a`
CRC32	`76D13600`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2f0bc960c2a4f4b7_~DF1978D31737201954.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF1978D31737201954.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`94045f2094e43c1719c20fd97321c607`
SHA1	`8505a27a7734972e264cc614aedb95fe3e3f720f`
SHA256	`2f0bc960c2a4f4b7b74b9411ca09c86bcbd1d822d53cd933e2e484e7c03a784d`
CRC32	`A7A46A61`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	d7f64ca726823cb1_~DF7FF866258CFF0877.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF7FF866258CFF0877.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`c99d8bfbe038d6ec9ae0f2d228553387`
SHA1	`758fd137d2b744d446055235dc0866a229eca010`
SHA256	`d7f64ca726823cb13dda23920ab92931bf998ef1691778acb5397cc1d3e45391`
CRC32	`A1FE44E0`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3db9d559d2099db9_backup.exe
Filepath	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\backup.exe
Size	40.4KB
Processes	8936 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`76b4b9208b3d359c9a6cf6391e49026d`
SHA1	`04013285abe06406b536f1153206547a45a8e015`
SHA256	`3db9d559d2099db95fe728a8543c8628ea136e18996f91b24f8b7ebe2b521fc5`
CRC32	`05C5B47F`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e87cf3c5aae9c09d_~DFE0E46AE049C57E23.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFE0E46AE049C57E23.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`5217fa8c87ab22972909ab7ccaf63f69`
SHA1	`9e01bce2a48f142967336c3eae99d2b822e11316`
SHA256	`e87cf3c5aae9c09d820df3666f1a8fbc28daf85007ce0fe5ee466a86a0432800`
CRC32	`637CBA3B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3b6f251705785148_system restore.exe
Filepath	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\System Restore.exe
Size	40.4KB
Processes	12560 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`51bbd8e7aed68e1c2064ced8cc80f090`
SHA1	`ab911635688532caa48e8405927727d039641c22`
SHA256	`3b6f251705785148320cdd369e8973ee4cc3cb6ab0708854210ac084cace5bcc`
CRC32	`5C51D15E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	ac900d01925326ac_backup.exe
Filepath	C:\Users\Administrator\AppData\Local\Temp\360TptMon\Themes\backup.exe
Size	40.4KB
Processes	5568 (data.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`f7c4eaebabc7d83da66dfcbf676dabd7`
SHA1	`ddfe1f83746631465a315aeb20332f6ffd3c11c6`
SHA256	`ac900d01925326acbe5403bbcd0dc6686180f666b32c646dc9ec15634effb81e`
CRC32	`92AA065C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	56a355cd927b032f_~DFFB5AEC415D4E3892.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFFB5AEC415D4E3892.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`730cd642f3a72d0dc62bf1e1ae40fad1`
SHA1	`58a4c284c542d6f09c29fd58475687ca83c72996`
SHA256	`56a355cd927b032f33de10b57424afaa112f3c936a1c0af94abe9bac59350a02`
CRC32	`0EB6114C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	b56a39683ffd0de5_~DF74BB2E4B33153879.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF74BB2E4B33153879.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`8b0f61007e64949cfafbba814cbe9bd8`
SHA1	`b3557d6e089b515a5b464931b30dbcc65f9a04a5`
SHA256	`b56a39683ffd0de58c0ece167915d76e451421a237458573715443bb69ff07f0`
CRC32	`EB3EB2D2`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	0d646591389134a7_~DF036EEAFA857C5662.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF036EEAFA857C5662.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`a05071638d8511d3b996914d3df56eec`
SHA1	`32eac1fbb2a3b75f7b821de0e499cee95a7d84fe`
SHA256	`0d646591389134a7d2286751e6d8eab7611e3b5f76da99ad9927e9f5adeb1f22`
CRC32	`CB32EB7C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	3c8d79461575de5f_~DF052BAEE36FFA1170.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF052BAEE36FFA1170.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`0ece6634569872fdabc746e6cbd28ffe`
SHA1	`7f382e22d04db8834bd534263f0d98674af363fc`
SHA256	`3c8d79461575de5f371c0b05873c26c6405df0b17b4f133b5bcb60ad7dab3218`
CRC32	`47A1699E`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	762e730c1ea746d1_backup.exe
Filepath	C:\360Downloads\360驱动大师目录\backup.exe
Size	40.4KB
Processes	952 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`44b1c11d25caf38f2e7addce10cf8047`
SHA1	`5314c101b830b0811dde9a634af244e5eb96e2b0`
SHA256	`762e730c1ea746d198131186f56f1e6d327aaea0292a9fd7537e88817d3ffaf2`
CRC32	`4A1A0B5B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	baf6398de2828f2c_~DFE04DD2BF4A7A8147.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFE04DD2BF4A7A8147.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`3d63014a3026c9c1d67abdc596468ca6`
SHA1	`5c338d77fe2e0f9e772e4e271101c97825184738`
SHA256	`baf6398de2828f2c414eb7a7b363a00f330c8fcc933aad7825574023d288e9e3`
CRC32	`763BA9D6`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	a755ad689bf73922_backup.exe
Filepath	C:\Python27\Lib\site-packages\pip\_vendor\certifi\backup.exe
Size	40.4KB
Processes	9600 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`2891b28e303148bcc48176486f920490`
SHA1	`24a6195c6e187318251fe38ef8e086e85eb3fa13`
SHA256	`a755ad689bf7392277e21056ee295a24e01d3e029c1f98392864621b32b6788e`
CRC32	`BC09DEAF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	20cb6a1ae4a92c54_backup.exe
Filepath	C:\Program Files (x86)\360\360TptMon\config\newui\themes\default\backup.exe
Size	40.4KB
Processes	5584 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`1fb9dfddec701894a2cb35dde3f0fe76`
SHA1	`87f435bae68a959dd90e04aa2a8cfa21d257fa07`
SHA256	`20cb6a1ae4a92c54bf08c5ff5fb70041ffc89eac3a564dc29211b49195df4c39`
CRC32	`CAA78CB5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	071a2b540a46194a_~DFFDF21306962E2DFA.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFFDF21306962E2DFA.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`21fefda7f23ffca87fd66e021d7087c4`
SHA1	`5d9c7542a10ae12b198861156f78928762ceb846`
SHA256	`071a2b540a46194a6b624b0d60b67cc17617bd5b112a6f005de75a0648273de9`
CRC32	`FFD707F5`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	f39d55ea266db900_~DFCCCEA6D94FE2C910.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFCCCEA6D94FE2C910.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`9881a88e212aff8ae55549b1b6131ba3`
SHA1	`6c71b3793dff3699509b104b9f35c74767e1a096`
SHA256	`f39d55ea266db9008ea49c20142343b754133b07f7c07ec1b9f103ee862da713`
CRC32	`0D9351CF`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	9db519e20f4e7175_~DFB9180AD10F21D8A2.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFB9180AD10F21D8A2.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`0d0bce9c844d394ea1d0517cd1d31df6`
SHA1	`b8e8d8c14cd37f14910680d54aeca83d5caaade3`
SHA256	`9db519e20f4e71750d9c0ae7344927d4776c8d2612799d0c97cf06ce749e1ddb`
CRC32	`63B3E86D`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	c7d9226772117f00_~DF40458061A561533E.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF40458061A561533E.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`494a24ca32ced1c064029a002e05b2a0`
SHA1	`2b0c26b0eed5b3ac01942947e6f9383cd0cd4aaf`
SHA256	`c7d9226772117f007eef5855e61001588c7c25054b0cb2ece8a5753560308003`
CRC32	`80E264EC`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	690fc808c2339638_backup.exe
Filepath	C:\Windows\assembly\GAC\Microsoft.DirectX.DirectInput\backup.exe
Size	40.4KB
Processes	10788 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`97199f53a6de91f9e42dbe96da0350b1`
SHA1	`91c759aa48dfc1c3ea96ecaf052d13e46624f461`
SHA256	`690fc808c2339638b8189287c358533f2e9eed342ce74a07acf71d17b0c512fd`
CRC32	`8AB9F68B`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	37a2b79a0f39f3c7_~DF728544B36059A99E.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF728544B36059A99E.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`6dafa4778c2e5177cedbf590789745a2`
SHA1	`a8e26726254c3fd98664a62e08c890291fe65abf`
SHA256	`37a2b79a0f39f3c74e1f51bbbde3fbc6d45fb814e82ea7fa5e3677369dd48046`
CRC32	`1BEEAA58`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	733f713b78bc5bb2_~DF7CAF75C73C750408.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF7CAF75C73C750408.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`bdabf7aabe45341894f2f4161a3c7301`
SHA1	`24cc57db01e5c45281361a2e6c1a677fd51dac40`
SHA256	`733f713b78bc5bb26a0d6cd427a4bcc3d325a1bf59cb0881f35f902e194ea73f`
CRC32	`9F5A8779`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	e852c0dd10546e06_backup.exe
Filepath	C:\Python27\Lib\lib2to3\tests\backup.exe
Size	40.4KB
Processes	7936 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`18ce12110880841df695fb3c69817494`
SHA1	`8ee4f0dcc73faa4060eaf6598954b69fd01fef4e`
SHA256	`e852c0dd10546e06d8703db92d702399ab9da41cde4a99f25ad43fa90bb781be`
CRC32	`B691BE4A`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	780723d83dad6cc9_~DFEAB831D0A4A77424.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DFEAB831D0A4A77424.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`5c3c6a6046db912858a7c47553a4a26d`
SHA1	`c72f896db845eb636e840ed5489a8ca11e83f5e6`
SHA256	`780723d83dad6cc9804d6e0ab15b34903e9de9e9840a0c291f9e0ed8550c2ae4`
CRC32	`B190B1C0`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	5b87a87986af5231_backup.exe
Filepath	C:\Program Files\Common Files\Microsoft Shared\backup.exe
Size	40.4KB
Processes	816 (update.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`c739f703f03c9f01023f0fae6d81936b`
SHA1	`fe0b99ef6506a3f7fe27d587725269bd625d9a9b`
SHA256	`5b87a87986af523153d9e1154e8074f8af7730aca699577a6176c64ede7fa7ff`
CRC32	`A57E9DEE`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	90be51f8688d6ad0_backup.exe
Filepath	C:\Program Files (x86)\Mozilla Firefox\gmp-clearkey\0.1\backup.exe
Size	40.4KB
Processes	8668 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`303dd6c7f41a0eca8ad333d19aec8511`
SHA1	`56202588986b5c35797eeafa7a3c4ab415942e6f`
SHA256	`90be51f8688d6ad076523c25c396b49788567f8451c04b97a6bd31313fcd74e2`
CRC32	`63242ADA`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	2ebb19e3a05bc11a_backup.exe
Filepath	C:\Python27\Lib\site-packages\pip\_internal\cli\backup.exe
Size	40.4KB
Processes	8812 (backup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`d9adec0da2a04f2260f9e1f87e705473`
SHA1	`15a519c80376e5dd2ec1c22346de2c6944be780f`
SHA256	`2ebb19e3a05bc11a88e0d423cd02938a1c71edad9f712844362bd25533c1d0cc`
CRC32	`AA4E3CB9`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Name	7c98c9572983e07d_~DF5BD0BDB2AFDC33A7.TMP
Filepath	C:\Users\Administrator\AppData\Local\Temp\~DF5BD0BDB2AFDC33A7.TMP
Size	23.5KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`d9f4309b14c9edd91a71710109144888`
SHA1	`c114ef0e30fb03d5da372cbc5595a4d474f55c0f`
SHA256	`7c98c9572983e07d8ce2be15ffbf8e0a81b9fdba48c3a212fa9cfe0441b100d7`
CRC32	`D89A6CCA`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Sorry! No dropped buffers.

cmdline	C:\Program Files (x86)\Internet Explorer\SIGNUP\backup.exe C:\Program Files (x86)\Internet Explorer\SIGNUP\
cmdline	C:\Program Files\Internet Explorer\SIGNUP\backup.exe C:\Program Files\Internet Explorer\SIGNUP\
cmdline	C:\Program Files\Internet Explorer\backup.exe C:\Program Files\Internet Explorer\
cmdline	C:\Program Files (x86)\Internet Explorer\en-US\backup.exe C:\Program Files (x86)\Internet Explorer\en-US\
cmdline	C:\Program Files (x86)\Internet Explorer\backup.exe C:\Program Files (x86)\Internet Explorer\
cmdline	C:\Program Files\Internet Explorer\en-US\backup.exe C:\Program Files\Internet Explorer\en-US\
cmdline	C:\Program Files\Internet Explorer\zh-CN\backup.exe C:\Program Files\Internet Explorer\zh-CN\
cmdline	C:\Program Files (x86)\Internet Explorer\zh-CN\backup.exe C:\Program Files (x86)\Internet Explorer\zh-CN\

file	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\zh-CN\js\backup.exe
file	C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe
file	C:\Users\Administrator\AppData\Local\Temp\360TptMon\data.exe
file	C:\Program Files\Windows Media Player\Network Sharing\backup.exe
file	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe
file	C:\gcoxh\lib\core\backup.exe
file	C:\Program Files (x86)\Windows Media Player\Skins\backup.exe
file	C:\Program Files\Windows NT\TableTextService\en-US\backup.exe
file	C:\Python27\Lib\test\imghdrdata\backup.exe
file	C:\Python27\tcl\tk8.5\msgs\backup.exe
file	C:\gcoxh\modules\backup.exe
file	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\System Restore.exe
file	C:\Users\Administrator\Music\backup.exe
file	C:\Python27\Lib\site-packages\pip\_vendor\backup.exe
file	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\data.exe
file	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\update.exe
file	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe
file	C:\Users\Public\Recorded TV\Sample Media\backup.exe
file	C:\Users\Administrator\AppData\Local\Temp\{0D4F049D-B901-4409-85A1-7CB64F27B094}\backup.exe
file	C:\Program Files\Internet Explorer\zh-CN\backup.exe
file	C:\Program Files (x86)\360\360TptMon\config\newui\themes\default\Uninstall\backup.exe
file	C:\Python27\DLLs\backup.exe
file	C:\Python27\tcl\tcl8.5\tzdata\Chile\backup.exe
file	C:\Program Files (x86)\Mozilla Firefox\backup.exe
file	C:\Users\Administrator\AppData\Local\Temp\360TptMon\Themes\backup.exe
file	C:\Python27\Lib\site-packages\setuptools\extern\backup.exe
file	C:\Users\Administrator\AppData\Local\Temp\uRuOtPjJdDrTmWrG\backup.exe
file	C:\Users\tu\Desktop\backup.exe
file	C:\Users\Administrator\AppData\Local\Temp\nGtIbScZiToEmFmJ\backup.exe
file	C:\Python27\Lib\site-packages\pip\_vendor\urllib3\packages\backports\backup.exe
file	C:\Python27\Lib\backup.exe
file	C:\Windows\System Restore.exe
file	C:\Python27\Lib\test\backup.exe
file	C:\Program Files (x86)\360\360TptMon\config\backup.exe
file	C:\Program Files (x86)\Common Files\microsoft shared\VC\amd64\update.exe
file	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe
file	C:\Python27\Lib\site-packages\pip\_vendor\packaging\backup.exe
file	C:\Python27\Tools\Scripts\backup.exe
file	C:\Windows\AppPatch\Custom\backup.exe
file	C:\Users\Administrator\AppData\Local\Temp\{3E352DBF-08A1-4ad3-9615-B83822C5F7F8}\backup.exe
file	C:\Program Files (x86)\Windows NT\backup.exe
file	C:\Python27\tcl\tk8.5\demos\images\backup.exe
file	C:\Python27\Lib\site-packages\pip\_vendor\html5lib\treewalkers\backup.exe
file	C:\Program Files (x86)\Windows Sidebar\backup.exe
file	C:\Users\Administrator\AppData\Local\Temp\{97967038-950B-4637-A08D-2CF414643DC5}\backup.exe
file	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\backup.exe
file	C:\Python27\Lib\encodings\backup.exe
file	C:\Program Files (x86)\Internet Explorer\zh-CN\backup.exe
file	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\backup.exe
file	C:\Users\Administrator\AppData\Local\Temp\{FD94C708-F85D-46e7-8962-8DFBA743E3FD}\backup.exe

section	UPX0				description	节名称指示UPX
section	UPX1				description	节名称指示UPX

host	114.114.114.114
host	8.8.8.8