Analysis
-
max time kernel
179s -
max time network
189s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
23-11-2022 17:11
General
-
Target
94c52f893e8dbc97c64b9d10e648e969413058e6b694791e8ea0de4cf2efba8e.exe
-
Size
72KB
-
MD5
1ef4fdf097e9722f6a06538dd3e6d0a5
-
SHA1
873296bf510faba1a9f1747597e7ea11e7930212
-
SHA256
94c52f893e8dbc97c64b9d10e648e969413058e6b694791e8ea0de4cf2efba8e
-
SHA512
aa0f3b991fd813cfd70de1e6cf21feb9479d1a123debb89e34be3a6c311fbda9564f8341b2a318c07151ddd2856cb264d7639c1e4d0bb047d38eddac89d4de84
-
SSDEEP
768:rpQNwC3BEc4QEfu0Ei8XxNDINE3BEJwRr3k2uv:teThavEjDWguKUh
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 13 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\94c52f893e8dbc97c64b9d10e648e969413058e6b694791e8ea0de4cf2efba8e.exe"C:\Users\Admin\AppData\Local\Temp\94c52f893e8dbc97c64b9d10e648e969413058e6b694791e8ea0de4cf2efba8e.exe"1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\720023746\backup.exeC:\Users\Admin\AppData\Local\Temp\720023746\backup.exe C:\Users\Admin\AppData\Local\Temp\720023746\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\backup.exe\backup.exe \3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\odt\backup.exeC:\odt\backup.exe C:\odt\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\data.exe"C:\Program Files\data.exe" C:\Program Files\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\data.exe"C:\Program Files\7-Zip\data.exe" C:\Program Files\7-Zip\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\DESIGNER\backup.exe"C:\Program Files\Common Files\DESIGNER\backup.exe" C:\Program Files\Common Files\DESIGNER\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\update.exe"C:\Program Files\Common Files\microsoft shared\update.exe" C:\Program Files\Common Files\microsoft shared\6⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe"C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe" C:\Program Files\Common Files\microsoft shared\ClickToRun\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ar-SA\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\bg-BG\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\da-DK\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\de-DE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\el-GR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\en-GB\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\microsoft shared\ink\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\en-US\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\microsoft shared\ink\es-MX\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\es-MX\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\es-MX\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\et-EE\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fi-FI\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\fr-CA\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fr-CA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-CA\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-FR\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\update.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\update.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\8⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\9⤵
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\9⤵
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\9⤵
-
C:\Program Files\Common Files\microsoft shared\MSInfo\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\8⤵
-
C:\Program Files\Common Files\microsoft shared\OFFICE16\backup.exe"C:\Program Files\Common Files\microsoft shared\OFFICE16\backup.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\backup.exe"C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\backup.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\Source Engine\backup.exe"C:\Program Files\Common Files\microsoft shared\Source Engine\backup.exe" C:\Program Files\Common Files\microsoft shared\Source Engine\7⤵
-
C:\Program Files\Common Files\microsoft shared\Stationery\backup.exe"C:\Program Files\Common Files\microsoft shared\Stationery\backup.exe" C:\Program Files\Common Files\microsoft shared\Stationery\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\TextConv\backup.exe"C:\Program Files\Common Files\microsoft shared\TextConv\backup.exe" C:\Program Files\Common Files\microsoft shared\TextConv\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\microsoft shared\TextConv\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\TextConv\en-US\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\microsoft shared\Triedit\backup.exe"C:\Program Files\Common Files\microsoft shared\Triedit\backup.exe" C:\Program Files\Common Files\microsoft shared\Triedit\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\microsoft shared\VC\backup.exe"C:\Program Files\Common Files\microsoft shared\VC\backup.exe" C:\Program Files\Common Files\microsoft shared\VC\7⤵
-
C:\Program Files\Common Files\microsoft shared\VGX\backup.exe"C:\Program Files\Common Files\microsoft shared\VGX\backup.exe" C:\Program Files\Common Files\microsoft shared\VGX\7⤵
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\VSTO\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\10.0\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\10.0\8⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\System\ado\en-US\data.exe"C:\Program Files\Common Files\System\ado\en-US\data.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
- System policy modification
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\7⤵
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
-
C:\Program Files\Common Files\System\msadc\backup.exe"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\msadc\de-DE\backup.exe"C:\Program Files\Common Files\System\msadc\de-DE\backup.exe" C:\Program Files\Common Files\System\msadc\de-DE\8⤵
-
C:\Program Files\Common Files\System\msadc\en-US\data.exe"C:\Program Files\Common Files\System\msadc\en-US\data.exe" C:\Program Files\Common Files\System\msadc\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Common Files\System\msadc\es-ES\backup.exe"C:\Program Files\Common Files\System\msadc\es-ES\backup.exe" C:\Program Files\Common Files\System\msadc\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe"C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe" C:\Program Files\Common Files\System\msadc\fr-FR\8⤵
- System policy modification
-
C:\Program Files\Common Files\System\msadc\it-IT\backup.exe"C:\Program Files\Common Files\System\msadc\it-IT\backup.exe" C:\Program Files\Common Files\System\msadc\it-IT\8⤵
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\9⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\9⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\9⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\System Restore.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\System Restore.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\9⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\9⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\10⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\data.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\data.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\11⤵
- System policy modification
-
C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe"C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\8⤵
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\de-DE\backup.exe"C:\Program Files\Internet Explorer\de-DE\backup.exe" C:\Program Files\Internet Explorer\de-DE\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\en-US\backup.exe"C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\es-ES\backup.exe"C:\Program Files\Internet Explorer\es-ES\backup.exe" C:\Program Files\Internet Explorer\es-ES\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Internet Explorer\fr-FR\backup.exe"C:\Program Files\Internet Explorer\fr-FR\backup.exe" C:\Program Files\Internet Explorer\fr-FR\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Internet Explorer\images\backup.exe"C:\Program Files\Internet Explorer\images\backup.exe" C:\Program Files\Internet Explorer\images\6⤵
- System policy modification
-
C:\Program Files\Internet Explorer\it-IT\backup.exe"C:\Program Files\Internet Explorer\it-IT\backup.exe" C:\Program Files\Internet Explorer\it-IT\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Internet Explorer\ja-JP\backup.exe"C:\Program Files\Internet Explorer\ja-JP\backup.exe" C:\Program Files\Internet Explorer\ja-JP\6⤵
-
C:\Program Files\Internet Explorer\SIGNUP\backup.exe"C:\Program Files\Internet Explorer\SIGNUP\backup.exe" C:\Program Files\Internet Explorer\SIGNUP\6⤵
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\backup.exe"C:\Program Files\Java\jdk1.8.0_66\backup.exe" C:\Program Files\Java\jdk1.8.0_66\6⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\bin\7⤵
-
C:\Program Files\Java\jdk1.8.0_66\db\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Java\jdk1.8.0_66\db\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\bin\8⤵
-
C:\Program Files\Java\jdk1.8.0_66\db\lib\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\lib\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\lib\8⤵
-
C:\Program Files\Java\jdk1.8.0_66\include\System Restore.exe"C:\Program Files\Java\jdk1.8.0_66\include\System Restore.exe" C:\Program Files\Java\jdk1.8.0_66\include\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\include\win32\backup.exe"C:\Program Files\Java\jdk1.8.0_66\include\win32\backup.exe" C:\Program Files\Java\jdk1.8.0_66\include\win32\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\backup.exe"C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\backup.exe" C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\9⤵
-
C:\Program Files\Java\jdk1.8.0_66\jre\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\7⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Java\jdk1.8.0_66\jre\bin\update.exe"C:\Program Files\Java\jdk1.8.0_66\jre\bin\update.exe" C:\Program Files\Java\jdk1.8.0_66\jre\bin\8⤵
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\6⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\data.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\9⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\8⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\8⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\System Restore.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\System Restore.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\8⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\8⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\System Restore.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\System Restore.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\8⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\10⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\10⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\11⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\11⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\11⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\8⤵
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
-
C:\Program Files (x86)\Common Files\Adobe\ARM\backup.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\backup.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\7⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\backup.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe"C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\7⤵
-
C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\8⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\7⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\8⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\9⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\10⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\10⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\11⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\11⤵
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\3D Objects\backup.exe"C:\Users\Admin\3D Objects\backup.exe" C:\Users\Admin\3D Objects\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Documents\System Restore.exe"C:\Users\Admin\Documents\System Restore.exe" C:\Users\Admin\Documents\6⤵
- System policy modification
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Admin\Favorites\backup.exeC:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\6⤵
-
C:\Users\Admin\Links\backup.exeC:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Admin\Music\backup.exeC:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Admin\OneDrive\backup.exeC:\Users\Admin\OneDrive\backup.exe C:\Users\Admin\OneDrive\6⤵
-
C:\Users\Admin\Pictures\backup.exeC:\Users\Admin\Pictures\backup.exe C:\Users\Admin\Pictures\6⤵
-
C:\Users\Admin\Pictures\Camera Roll\backup.exe"C:\Users\Admin\Pictures\Camera Roll\backup.exe" C:\Users\Admin\Pictures\Camera Roll\7⤵
-
C:\Users\Admin\Pictures\Saved Pictures\backup.exe"C:\Users\Admin\Pictures\Saved Pictures\backup.exe" C:\Users\Admin\Pictures\Saved Pictures\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Admin\Saved Games\backup.exe"C:\Users\Admin\Saved Games\backup.exe" C:\Users\Admin\Saved Games\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Admin\Searches\backup.exeC:\Users\Admin\Searches\backup.exe C:\Users\Admin\Searches\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Users\Admin\Videos\backup.exeC:\Users\Admin\Videos\backup.exe C:\Users\Admin\Videos\6⤵
- System policy modification
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
- System policy modification
-
C:\Users\Public\Documents\backup.exeC:\Users\Public\Documents\backup.exe C:\Users\Public\Documents\6⤵
-
C:\Users\Public\Downloads\backup.exeC:\Users\Public\Downloads\backup.exe C:\Users\Public\Downloads\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Public\Music\backup.exeC:\Users\Public\Music\backup.exe C:\Users\Public\Music\6⤵
-
C:\Users\Public\Pictures\System Restore.exe"C:\Users\Public\Pictures\System Restore.exe" C:\Users\Public\Pictures\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Users\Public\Videos\backup.exeC:\Users\Public\Videos\backup.exe C:\Users\Public\Videos\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
- Drops file in Windows directory
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
-
C:\Windows\appcompat\backup.exeC:\Windows\appcompat\backup.exe C:\Windows\appcompat\5⤵
- Drops file in Windows directory
-
C:\Windows\appcompat\appraiser\backup.exeC:\Windows\appcompat\appraiser\backup.exe C:\Windows\appcompat\appraiser\6⤵
- Drops file in Windows directory
- System policy modification
-
C:\Windows\appcompat\appraiser\Telemetry\backup.exeC:\Windows\appcompat\appraiser\Telemetry\backup.exe C:\Windows\appcompat\appraiser\Telemetry\7⤵
-
C:\Windows\appcompat\encapsulation\backup.exeC:\Windows\appcompat\encapsulation\backup.exe C:\Windows\appcompat\encapsulation\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Windows\appcompat\Programs\backup.exeC:\Windows\appcompat\Programs\backup.exe C:\Windows\appcompat\Programs\6⤵
- System policy modification
-
C:\Windows\apppatch\backup.exeC:\Windows\apppatch\backup.exe C:\Windows\apppatch\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Windows directory
-
C:\Windows\apppatch\AppPatch64\backup.exeC:\Windows\apppatch\AppPatch64\backup.exe C:\Windows\apppatch\AppPatch64\6⤵
-
C:\Windows\apppatch\Custom\backup.exeC:\Windows\apppatch\Custom\backup.exe C:\Windows\apppatch\Custom\6⤵
- Drops file in Windows directory
- System policy modification
-
C:\Windows\apppatch\Custom\Custom64\backup.exeC:\Windows\apppatch\Custom\Custom64\backup.exe C:\Windows\apppatch\Custom\Custom64\7⤵
- System policy modification
-
C:\Windows\apppatch\CustomSDB\backup.exeC:\Windows\apppatch\CustomSDB\backup.exe C:\Windows\apppatch\CustomSDB\6⤵
-
C:\Windows\apppatch\de-DE\backup.exeC:\Windows\apppatch\de-DE\backup.exe C:\Windows\apppatch\de-DE\6⤵
-
C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exeC:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe C:\Users\Admin\AppData\Local\Temp\acrocef_low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\data.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\data.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\data.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\data.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\Triedit\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\Triedit\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\Triedit\en-US\1⤵
- System policy modification
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\PerfLogs\backup.exeFilesize
72KB
MD57d277d3a77964586b862810ca64d2e9d
SHA1f871ab31fc028638b22cf33901a814a6ae9a1aa7
SHA256928936b6dfe844659e2ed554444196c0b091de6e7c515bea607d2580e60130dd
SHA512c4913c6020cd89ea40c75758df9e4888d8db1f05a3d021d2a9db1fb8d9be2bc6b38cd2893e72ebbeae355725df865a02483e053ea90b950530a31b11254ef4bf
-
C:\PerfLogs\backup.exeFilesize
72KB
MD57d277d3a77964586b862810ca64d2e9d
SHA1f871ab31fc028638b22cf33901a814a6ae9a1aa7
SHA256928936b6dfe844659e2ed554444196c0b091de6e7c515bea607d2580e60130dd
SHA512c4913c6020cd89ea40c75758df9e4888d8db1f05a3d021d2a9db1fb8d9be2bc6b38cd2893e72ebbeae355725df865a02483e053ea90b950530a31b11254ef4bf
-
C:\Program Files (x86)\Adobe\backup.exeFilesize
72KB
MD5c3b8e5a564624fb8c725ef18b8030846
SHA1f096562331edc44ce8182bddd4dfbc387b80fc3e
SHA2566bf59bcc4ba36cbe53d3f77a9708451f1e717538cd35a7eeeecf3ad5d2bc193e
SHA5124b2b54b65311009eb86cab88460bf26f4f3f4a6db3815ac8254bf3a51df4e00ec1d8e802ed0b692cb732d9beaef4d9a898e57920138fb9a36e992ce78816d490
-
C:\Program Files (x86)\Adobe\backup.exeFilesize
72KB
MD5c3b8e5a564624fb8c725ef18b8030846
SHA1f096562331edc44ce8182bddd4dfbc387b80fc3e
SHA2566bf59bcc4ba36cbe53d3f77a9708451f1e717538cd35a7eeeecf3ad5d2bc193e
SHA5124b2b54b65311009eb86cab88460bf26f4f3f4a6db3815ac8254bf3a51df4e00ec1d8e802ed0b692cb732d9beaef4d9a898e57920138fb9a36e992ce78816d490
-
C:\Program Files (x86)\backup.exeFilesize
72KB
MD569d18420db9839149c3dc082e0860e76
SHA14ef2fce5dd84bafc72651b90babed45bb8305ae1
SHA2567e5af06dcbbc1f9434e2a2955ce9e4ca322a365764e961dd65c648b4d8bdf778
SHA5121030c20ae720ede4b31bc051d5872a73589a79eeff9b50c279520eb926412776cc6b99fb701c204cb1bd1f5903cea5b354f58ad19fe5ba0a4ac3b794d421e2fc
-
C:\Program Files (x86)\backup.exeFilesize
72KB
MD569d18420db9839149c3dc082e0860e76
SHA14ef2fce5dd84bafc72651b90babed45bb8305ae1
SHA2567e5af06dcbbc1f9434e2a2955ce9e4ca322a365764e961dd65c648b4d8bdf778
SHA5121030c20ae720ede4b31bc051d5872a73589a79eeff9b50c279520eb926412776cc6b99fb701c204cb1bd1f5903cea5b354f58ad19fe5ba0a4ac3b794d421e2fc
-
C:\Program Files\7-Zip\Lang\backup.exeFilesize
72KB
MD5d31b69fb6d64c55440178dd0b7c3a6f8
SHA1e570c01e15dc68cd1e6f75efcbc28948ba33bec8
SHA2567891085801b95ab60aad042c82a4f465998908a6aa3f3af805fda817e765fbf1
SHA5124a92f6678f0516f390777cb98b07800799fe4e41840d04bb31b312905bfd7bbe4c7c95fef622b28e35ef4a4610491ab76c128dd7796f1e51fb8756556e6c1bd3
-
C:\Program Files\7-Zip\Lang\backup.exeFilesize
72KB
MD5d31b69fb6d64c55440178dd0b7c3a6f8
SHA1e570c01e15dc68cd1e6f75efcbc28948ba33bec8
SHA2567891085801b95ab60aad042c82a4f465998908a6aa3f3af805fda817e765fbf1
SHA5124a92f6678f0516f390777cb98b07800799fe4e41840d04bb31b312905bfd7bbe4c7c95fef622b28e35ef4a4610491ab76c128dd7796f1e51fb8756556e6c1bd3
-
C:\Program Files\7-Zip\data.exeFilesize
72KB
MD5a6e2e03f1229304e9c85423f5938f0af
SHA183f5da2ca0ab4c29acb1230f632deaf3051c2c0b
SHA2564e9276d41e7e1f283127500ca55d8a4ddf183da245abbad246e286ff5a4a6f8f
SHA512c87d7d0e9c611b8586675d0d57d378e75331992dda1bb5b6bdead9a1db64c8ea5627da7feff042c5c3cf2f3be5ac3d230919459ded3813407dddbf1b6a94ec40
-
C:\Program Files\7-Zip\data.exeFilesize
72KB
MD5a6e2e03f1229304e9c85423f5938f0af
SHA183f5da2ca0ab4c29acb1230f632deaf3051c2c0b
SHA2564e9276d41e7e1f283127500ca55d8a4ddf183da245abbad246e286ff5a4a6f8f
SHA512c87d7d0e9c611b8586675d0d57d378e75331992dda1bb5b6bdead9a1db64c8ea5627da7feff042c5c3cf2f3be5ac3d230919459ded3813407dddbf1b6a94ec40
-
C:\Program Files\Common Files\DESIGNER\backup.exeFilesize
72KB
MD5c3bfdf91ef02aeb0c8bfd8f0b89055b6
SHA1c07dcf818aa7e6a4c4d3330d22db4fff4810d5da
SHA256a37dde237d73dde6f0942b64b44ac9823961152faf0e3389bb324d9005e84643
SHA5121946c2c87a7b6e129b894a8935e5aefd8578aed390d9825aa428cfef3fc9a6ba1726bc7b43e00dccc1ebcaaba4593f884fdf49723338cbe45abcf2076db135d0
-
C:\Program Files\Common Files\DESIGNER\backup.exeFilesize
72KB
MD5c3bfdf91ef02aeb0c8bfd8f0b89055b6
SHA1c07dcf818aa7e6a4c4d3330d22db4fff4810d5da
SHA256a37dde237d73dde6f0942b64b44ac9823961152faf0e3389bb324d9005e84643
SHA5121946c2c87a7b6e129b894a8935e5aefd8578aed390d9825aa428cfef3fc9a6ba1726bc7b43e00dccc1ebcaaba4593f884fdf49723338cbe45abcf2076db135d0
-
C:\Program Files\Common Files\Services\backup.exeFilesize
72KB
MD561663d8a6a05756bb73ccb92867e8a1d
SHA11feb2e1542e3682064f7892d219166574dd2dd0e
SHA256045eec5a3cc6b8a586b3eb58a8e85781a6035b5abb825479f9652675f5bb2717
SHA512661a0bc829d28b04af5da1dc1416df5a9a1705a20ce5cae200f2799ebb0d6f2af72aa8c40bafb67d1c7bb65487b24e907922e7458744c89e354d06a7b1792ead
-
C:\Program Files\Common Files\Services\backup.exeFilesize
72KB
MD561663d8a6a05756bb73ccb92867e8a1d
SHA11feb2e1542e3682064f7892d219166574dd2dd0e
SHA256045eec5a3cc6b8a586b3eb58a8e85781a6035b5abb825479f9652675f5bb2717
SHA512661a0bc829d28b04af5da1dc1416df5a9a1705a20ce5cae200f2799ebb0d6f2af72aa8c40bafb67d1c7bb65487b24e907922e7458744c89e354d06a7b1792ead
-
C:\Program Files\Common Files\System\ado\backup.exeFilesize
72KB
MD56604be2d8f64cec9673a802d7849765d
SHA1b975d0e65fab9c6bcb5473917fe044d17f588c12
SHA25637764650e34e17c698acb6d7262d3a648d56c304dc33c6762f4b71258eb624ea
SHA512cc4c241dcdfbf526ad424812ab3764ef1476e24d39704f2cea53abdab92fff47980a3195b4c623de53863406dec87db73548ee2402131664b90629c86f92d9dd
-
C:\Program Files\Common Files\System\ado\backup.exeFilesize
72KB
MD56604be2d8f64cec9673a802d7849765d
SHA1b975d0e65fab9c6bcb5473917fe044d17f588c12
SHA25637764650e34e17c698acb6d7262d3a648d56c304dc33c6762f4b71258eb624ea
SHA512cc4c241dcdfbf526ad424812ab3764ef1476e24d39704f2cea53abdab92fff47980a3195b4c623de53863406dec87db73548ee2402131664b90629c86f92d9dd
-
C:\Program Files\Common Files\System\backup.exeFilesize
72KB
MD52ba3c27bfa6096f16e8b3c1dea964c13
SHA14dd8e33bd617953f9838c1decf5f7372f0153ae6
SHA256bbf482515caf7b4a48a2b14baa901eee54488c2f5724fbc57bf50e912b0d8936
SHA512a5b6f2afc586ba1aa8f3f7ef7bc9083fc3be4be46178d8cd58c03895f831510030a864c928c41f2d3c66186836b03caa8fbae510b0915533ccc433a85f5fa6d1
-
C:\Program Files\Common Files\System\backup.exeFilesize
72KB
MD52ba3c27bfa6096f16e8b3c1dea964c13
SHA14dd8e33bd617953f9838c1decf5f7372f0153ae6
SHA256bbf482515caf7b4a48a2b14baa901eee54488c2f5724fbc57bf50e912b0d8936
SHA512a5b6f2afc586ba1aa8f3f7ef7bc9083fc3be4be46178d8cd58c03895f831510030a864c928c41f2d3c66186836b03caa8fbae510b0915533ccc433a85f5fa6d1
-
C:\Program Files\Common Files\backup.exeFilesize
72KB
MD55e5a2a727e2da526918c124684ce6cd8
SHA1f68c1297179dfcc8669e6133b89d33faec1d1a0e
SHA2566a147cae3744b94f7c9d8f9a6e75eed498b5f22ea944488c202817d4306ce07f
SHA5127fdfc0e374d4fc49060bdad24e381bc96d0c372a24ca921b645496c1b2d5967a51a82ac923e52a675211e38aab239fddfbe17b761d3d44bd2e713266e7f1153a
-
C:\Program Files\Common Files\backup.exeFilesize
72KB
MD55e5a2a727e2da526918c124684ce6cd8
SHA1f68c1297179dfcc8669e6133b89d33faec1d1a0e
SHA2566a147cae3744b94f7c9d8f9a6e75eed498b5f22ea944488c202817d4306ce07f
SHA5127fdfc0e374d4fc49060bdad24e381bc96d0c372a24ca921b645496c1b2d5967a51a82ac923e52a675211e38aab239fddfbe17b761d3d44bd2e713266e7f1153a
-
C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exeFilesize
72KB
MD5fd7709124cbc5fcf56eb47a8f67e82d3
SHA1c049a778b064c29190d3357a91073207762415bb
SHA2562103b492f307930f817136924a8902b50c741763cda7eeae8c2f6f9757be8c77
SHA5121a5ee50e0300c3098ac4713bc14a1a7cd7d3acfdcbabe26afeda399aeb4e2470db0a4b941244569d2bece612a156c1c74d8f4cb335b376a995e3a9dae2547b56
-
C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exeFilesize
72KB
MD5fd7709124cbc5fcf56eb47a8f67e82d3
SHA1c049a778b064c29190d3357a91073207762415bb
SHA2562103b492f307930f817136924a8902b50c741763cda7eeae8c2f6f9757be8c77
SHA5121a5ee50e0300c3098ac4713bc14a1a7cd7d3acfdcbabe26afeda399aeb4e2470db0a4b941244569d2bece612a156c1c74d8f4cb335b376a995e3a9dae2547b56
-
C:\Program Files\Common Files\microsoft shared\MSInfo\backup.exeFilesize
72KB
MD59f46ecda0ca4d314f61284e0935bf185
SHA1e2f3839ede9f182b9f37f28b4937a70d7e0d5cb8
SHA25635e70c4c8d10688d76de58c75818f3f6252bd0a880f7ef91657b3459d7edfc05
SHA5126fc7960c2cce1fe97b8341b9bca415c321ba2aeaf4a9c35760a496a027d6712d1d758fc5559d13022466a1c644a351fbddf413799d1a994447fecc60000a1272
-
C:\Program Files\Common Files\microsoft shared\MSInfo\backup.exeFilesize
72KB
MD59f46ecda0ca4d314f61284e0935bf185
SHA1e2f3839ede9f182b9f37f28b4937a70d7e0d5cb8
SHA25635e70c4c8d10688d76de58c75818f3f6252bd0a880f7ef91657b3459d7edfc05
SHA5126fc7960c2cce1fe97b8341b9bca415c321ba2aeaf4a9c35760a496a027d6712d1d758fc5559d13022466a1c644a351fbddf413799d1a994447fecc60000a1272
-
C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exeFilesize
72KB
MD5fd96dfd85d6efd63dbf846d24fc93236
SHA15ca8a45e544a4c05877cc97068631ced5eaf539e
SHA25680d051f100c121c6c4a531cf1b192d646e7cedd37b3d1015c156a5019c80d244
SHA512ef86c770e371d63345dd7f2763492f49fde7dab5edf909991a882d79c23cfa34a34cb043557cb401ee1cdaffbc28607c08871ecdfa160b636bdc2c747426945c
-
C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exeFilesize
72KB
MD5fd96dfd85d6efd63dbf846d24fc93236
SHA15ca8a45e544a4c05877cc97068631ced5eaf539e
SHA25680d051f100c121c6c4a531cf1b192d646e7cedd37b3d1015c156a5019c80d244
SHA512ef86c770e371d63345dd7f2763492f49fde7dab5edf909991a882d79c23cfa34a34cb043557cb401ee1cdaffbc28607c08871ecdfa160b636bdc2c747426945c
-
C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exeFilesize
72KB
MD5db4873ab59bd9ec1597dc7a77370c726
SHA1c85c4491254d0f35f13d688e1cd6a5453b3f7ba3
SHA2563f0c4519e8741f7f555399f39c16df1c36bdfb27f28e6ef6e57cceb8b45c9e1e
SHA51225ff19cb66bfacc4e7b6521cdf5d67052f6ec5acf8c84699ebfc278914000f6535e968a45d3a1e3ff71fa3b5090e98b5aba3aa91ac5b6be7fa3c79b62d03bf9f
-
C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exeFilesize
72KB
MD5db4873ab59bd9ec1597dc7a77370c726
SHA1c85c4491254d0f35f13d688e1cd6a5453b3f7ba3
SHA2563f0c4519e8741f7f555399f39c16df1c36bdfb27f28e6ef6e57cceb8b45c9e1e
SHA51225ff19cb66bfacc4e7b6521cdf5d67052f6ec5acf8c84699ebfc278914000f6535e968a45d3a1e3ff71fa3b5090e98b5aba3aa91ac5b6be7fa3c79b62d03bf9f
-
C:\Program Files\Common Files\microsoft shared\ink\backup.exeFilesize
72KB
MD50b14726c005aef394c98e20c63793ccf
SHA1de11821e8ac404a57531434450d0c088d4590220
SHA256857a825ade90b363188ef855505aa2dab1671c8f3d52fd304aaa9fd6aa43e8d1
SHA51273bd3a2701cb7a2eb3fb009e8c3776e544926236fb48ac0549dff1f1db0f56427f5ceff81d291b672ae65b61918f7c8b4275ce2ac88762fb0384f64b0fca9c4b
-
C:\Program Files\Common Files\microsoft shared\ink\backup.exeFilesize
72KB
MD50b14726c005aef394c98e20c63793ccf
SHA1de11821e8ac404a57531434450d0c088d4590220
SHA256857a825ade90b363188ef855505aa2dab1671c8f3d52fd304aaa9fd6aa43e8d1
SHA51273bd3a2701cb7a2eb3fb009e8c3776e544926236fb48ac0549dff1f1db0f56427f5ceff81d291b672ae65b61918f7c8b4275ce2ac88762fb0384f64b0fca9c4b
-
C:\Program Files\Common Files\microsoft shared\ink\bg-BG\backup.exeFilesize
72KB
MD5ce4c246087cbb2b22cf41955ae2661a0
SHA1e15604233158839e0faa8fc894779782e780e5ac
SHA256e1a2b4bb6464a6b62ff921e5d5b0f5f03649cf051e1a99e3406b651cb8c4aff6
SHA512bf06c509ef6ba14305038d8a0923bac7b2fb3fe6b6f05d70e1e8319f7b6480b4349eb3fa5aca1cbcf409d9a59ec288ade00530ee8b11fe773f7e6538783e2aa4
-
C:\Program Files\Common Files\microsoft shared\ink\bg-BG\backup.exeFilesize
72KB
MD5ce4c246087cbb2b22cf41955ae2661a0
SHA1e15604233158839e0faa8fc894779782e780e5ac
SHA256e1a2b4bb6464a6b62ff921e5d5b0f5f03649cf051e1a99e3406b651cb8c4aff6
SHA512bf06c509ef6ba14305038d8a0923bac7b2fb3fe6b6f05d70e1e8319f7b6480b4349eb3fa5aca1cbcf409d9a59ec288ade00530ee8b11fe773f7e6538783e2aa4
-
C:\Program Files\Common Files\microsoft shared\update.exeFilesize
72KB
MD5c3bfdf91ef02aeb0c8bfd8f0b89055b6
SHA1c07dcf818aa7e6a4c4d3330d22db4fff4810d5da
SHA256a37dde237d73dde6f0942b64b44ac9823961152faf0e3389bb324d9005e84643
SHA5121946c2c87a7b6e129b894a8935e5aefd8578aed390d9825aa428cfef3fc9a6ba1726bc7b43e00dccc1ebcaaba4593f884fdf49723338cbe45abcf2076db135d0
-
C:\Program Files\Common Files\microsoft shared\update.exeFilesize
72KB
MD5c3bfdf91ef02aeb0c8bfd8f0b89055b6
SHA1c07dcf818aa7e6a4c4d3330d22db4fff4810d5da
SHA256a37dde237d73dde6f0942b64b44ac9823961152faf0e3389bb324d9005e84643
SHA5121946c2c87a7b6e129b894a8935e5aefd8578aed390d9825aa428cfef3fc9a6ba1726bc7b43e00dccc1ebcaaba4593f884fdf49723338cbe45abcf2076db135d0
-
C:\Program Files\Google\Chrome\Application\backup.exeFilesize
72KB
MD5c22c7d03b003a42c3f4b20bea83e366a
SHA1922b5e8188c58172e7e07fb54070eab9db7f1696
SHA256fcb6c7898d5da32bada5150fd84c5b4d00b7876b78ec5dd86c4874be6d7606de
SHA5125a259779da1fc1e74c2b28df12c93789ed72050187d930bc5f3dfc1e99d3e9320cbf141cd8f663605e359fb75308ceaa76d553a4f3aa496f2d9ac138d7b805a0
-
C:\Program Files\Google\Chrome\Application\backup.exeFilesize
72KB
MD5c22c7d03b003a42c3f4b20bea83e366a
SHA1922b5e8188c58172e7e07fb54070eab9db7f1696
SHA256fcb6c7898d5da32bada5150fd84c5b4d00b7876b78ec5dd86c4874be6d7606de
SHA5125a259779da1fc1e74c2b28df12c93789ed72050187d930bc5f3dfc1e99d3e9320cbf141cd8f663605e359fb75308ceaa76d553a4f3aa496f2d9ac138d7b805a0
-
C:\Program Files\Google\Chrome\backup.exeFilesize
72KB
MD5db822c4d0ea82d934aa03adf7a8768e9
SHA14cc3fe6453977ca496086be534c2b867bebc8959
SHA2569c2d9b09461c99c35121ef28b4117f405ce115edee3785c8f6008d3046e8d91f
SHA512605f3b17609880a6cd902ea8972632b3364267f24c17853c2abf838b6cc9ce19ca877895796155cf7ba5a83f58f31668297762b8dea1f0e9f43c37703b6bd704
-
C:\Program Files\Google\Chrome\backup.exeFilesize
72KB
MD5db822c4d0ea82d934aa03adf7a8768e9
SHA14cc3fe6453977ca496086be534c2b867bebc8959
SHA2569c2d9b09461c99c35121ef28b4117f405ce115edee3785c8f6008d3046e8d91f
SHA512605f3b17609880a6cd902ea8972632b3364267f24c17853c2abf838b6cc9ce19ca877895796155cf7ba5a83f58f31668297762b8dea1f0e9f43c37703b6bd704
-
C:\Program Files\Google\backup.exeFilesize
72KB
MD5061849cba6c56d86bb46401f843323f9
SHA112c586ace79615a9d3f7984117b40e15bfc01b47
SHA256eba94710ba484c057edd0bc7a48bfdbef643493b875e459b8b3c9dab18bc2299
SHA5123d20f5b89b786ce0ed0e114e60a6149d0ec9fb1eb26e0a152596dc119dd17d06185d386e0f9883c740f9f07c87987c33082fbc471307a2d902e98f8e5aa31739
-
C:\Program Files\Google\backup.exeFilesize
72KB
MD5061849cba6c56d86bb46401f843323f9
SHA112c586ace79615a9d3f7984117b40e15bfc01b47
SHA256eba94710ba484c057edd0bc7a48bfdbef643493b875e459b8b3c9dab18bc2299
SHA5123d20f5b89b786ce0ed0e114e60a6149d0ec9fb1eb26e0a152596dc119dd17d06185d386e0f9883c740f9f07c87987c33082fbc471307a2d902e98f8e5aa31739
-
C:\Program Files\Internet Explorer\backup.exeFilesize
72KB
MD5e8ea95bbed88bf82e368b36f77b18839
SHA13846db8a83cbff7885e156f350091a763cff618d
SHA256fd5a025d5fa16e9d1ab2f65c7c7f81847e76040db45e86d2e8a756fd8794a3a7
SHA512443797f4c5315661ed71a86251b51d4c6f062635a4a0988a5df92e785f0dec3db266c612d0aba58a30d69e2db2cb939e2e1c4a6414ac298155c67beba282a84b
-
C:\Program Files\Internet Explorer\backup.exeFilesize
72KB
MD5e8ea95bbed88bf82e368b36f77b18839
SHA13846db8a83cbff7885e156f350091a763cff618d
SHA256fd5a025d5fa16e9d1ab2f65c7c7f81847e76040db45e86d2e8a756fd8794a3a7
SHA512443797f4c5315661ed71a86251b51d4c6f062635a4a0988a5df92e785f0dec3db266c612d0aba58a30d69e2db2cb939e2e1c4a6414ac298155c67beba282a84b
-
C:\Program Files\data.exeFilesize
72KB
MD5a1db5c7bd2587dc869e911ed1d06265e
SHA13f3dad3c306a78266420e73d822bfeaa968a81a2
SHA256da47421c118ac26c2ce675f89d12144284a13150c5b52c2e098870e79d2b65dc
SHA5122efa4148a4a652bf3d3a5d8e5d7a9613e40c1a14dc736c5c3ab53b40c2877abf2a3f1e98f5b3cd946f92b708117614686935b966e7a58b714987ee5e61d29a42
-
C:\Program Files\data.exeFilesize
72KB
MD5a1db5c7bd2587dc869e911ed1d06265e
SHA13f3dad3c306a78266420e73d822bfeaa968a81a2
SHA256da47421c118ac26c2ce675f89d12144284a13150c5b52c2e098870e79d2b65dc
SHA5122efa4148a4a652bf3d3a5d8e5d7a9613e40c1a14dc736c5c3ab53b40c2877abf2a3f1e98f5b3cd946f92b708117614686935b966e7a58b714987ee5e61d29a42
-
C:\Users\Admin\AppData\Local\Temp\720023746\backup.exeFilesize
72KB
MD5e4759f2c5fc424c74aa29de42b93f59e
SHA1dcc24d735a586290d5894974cc1896586256dea0
SHA2568556adaa2b52563d57f27bda7249ec68d78797f76a6c512472188eaa04afe82b
SHA5125f649d6ccf62ea8d53b77e5b314f9a21881d1fcd042ba516c869cd8f1c6ebe18740543690e438d90c0ee98d61238d3d43fade32e04fcde2f22e80f5bd539c8db
-
C:\Users\Admin\AppData\Local\Temp\720023746\backup.exeFilesize
72KB
MD5e4759f2c5fc424c74aa29de42b93f59e
SHA1dcc24d735a586290d5894974cc1896586256dea0
SHA2568556adaa2b52563d57f27bda7249ec68d78797f76a6c512472188eaa04afe82b
SHA5125f649d6ccf62ea8d53b77e5b314f9a21881d1fcd042ba516c869cd8f1c6ebe18740543690e438d90c0ee98d61238d3d43fade32e04fcde2f22e80f5bd539c8db
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeFilesize
72KB
MD5b161b3cd9985e172870ac8704eea87c2
SHA15e9851b32af4c1e5835842024928ea74ce665b6f
SHA2561793eb84a68ca1f9e70719e06fcac44d3c7d710efe13d59fa56fbf0ad6193398
SHA512c3e8886d003dbac6cae76780e4c7d1cca1bd2d1c9d501d3026326199d5692a1baeeed230a2176aad7e1558169ad60ae3a64f71ca4b287b4119b8619f1fb5ecc2
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeFilesize
72KB
MD5b161b3cd9985e172870ac8704eea87c2
SHA15e9851b32af4c1e5835842024928ea74ce665b6f
SHA2561793eb84a68ca1f9e70719e06fcac44d3c7d710efe13d59fa56fbf0ad6193398
SHA512c3e8886d003dbac6cae76780e4c7d1cca1bd2d1c9d501d3026326199d5692a1baeeed230a2176aad7e1558169ad60ae3a64f71ca4b287b4119b8619f1fb5ecc2
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\data.exeFilesize
72KB
MD5b161b3cd9985e172870ac8704eea87c2
SHA15e9851b32af4c1e5835842024928ea74ce665b6f
SHA2561793eb84a68ca1f9e70719e06fcac44d3c7d710efe13d59fa56fbf0ad6193398
SHA512c3e8886d003dbac6cae76780e4c7d1cca1bd2d1c9d501d3026326199d5692a1baeeed230a2176aad7e1558169ad60ae3a64f71ca4b287b4119b8619f1fb5ecc2
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\data.exeFilesize
72KB
MD5b161b3cd9985e172870ac8704eea87c2
SHA15e9851b32af4c1e5835842024928ea74ce665b6f
SHA2561793eb84a68ca1f9e70719e06fcac44d3c7d710efe13d59fa56fbf0ad6193398
SHA512c3e8886d003dbac6cae76780e4c7d1cca1bd2d1c9d501d3026326199d5692a1baeeed230a2176aad7e1558169ad60ae3a64f71ca4b287b4119b8619f1fb5ecc2
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\data.exeFilesize
72KB
MD5b161b3cd9985e172870ac8704eea87c2
SHA15e9851b32af4c1e5835842024928ea74ce665b6f
SHA2561793eb84a68ca1f9e70719e06fcac44d3c7d710efe13d59fa56fbf0ad6193398
SHA512c3e8886d003dbac6cae76780e4c7d1cca1bd2d1c9d501d3026326199d5692a1baeeed230a2176aad7e1558169ad60ae3a64f71ca4b287b4119b8619f1fb5ecc2
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\data.exeFilesize
72KB
MD5b161b3cd9985e172870ac8704eea87c2
SHA15e9851b32af4c1e5835842024928ea74ce665b6f
SHA2561793eb84a68ca1f9e70719e06fcac44d3c7d710efe13d59fa56fbf0ad6193398
SHA512c3e8886d003dbac6cae76780e4c7d1cca1bd2d1c9d501d3026326199d5692a1baeeed230a2176aad7e1558169ad60ae3a64f71ca4b287b4119b8619f1fb5ecc2
-
C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exeFilesize
72KB
MD5e4759f2c5fc424c74aa29de42b93f59e
SHA1dcc24d735a586290d5894974cc1896586256dea0
SHA2568556adaa2b52563d57f27bda7249ec68d78797f76a6c512472188eaa04afe82b
SHA5125f649d6ccf62ea8d53b77e5b314f9a21881d1fcd042ba516c869cd8f1c6ebe18740543690e438d90c0ee98d61238d3d43fade32e04fcde2f22e80f5bd539c8db
-
C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exeFilesize
72KB
MD5e4759f2c5fc424c74aa29de42b93f59e
SHA1dcc24d735a586290d5894974cc1896586256dea0
SHA2568556adaa2b52563d57f27bda7249ec68d78797f76a6c512472188eaa04afe82b
SHA5125f649d6ccf62ea8d53b77e5b314f9a21881d1fcd042ba516c869cd8f1c6ebe18740543690e438d90c0ee98d61238d3d43fade32e04fcde2f22e80f5bd539c8db
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeFilesize
72KB
MD5e4759f2c5fc424c74aa29de42b93f59e
SHA1dcc24d735a586290d5894974cc1896586256dea0
SHA2568556adaa2b52563d57f27bda7249ec68d78797f76a6c512472188eaa04afe82b
SHA5125f649d6ccf62ea8d53b77e5b314f9a21881d1fcd042ba516c869cd8f1c6ebe18740543690e438d90c0ee98d61238d3d43fade32e04fcde2f22e80f5bd539c8db
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeFilesize
72KB
MD5e4759f2c5fc424c74aa29de42b93f59e
SHA1dcc24d735a586290d5894974cc1896586256dea0
SHA2568556adaa2b52563d57f27bda7249ec68d78797f76a6c512472188eaa04afe82b
SHA5125f649d6ccf62ea8d53b77e5b314f9a21881d1fcd042ba516c869cd8f1c6ebe18740543690e438d90c0ee98d61238d3d43fade32e04fcde2f22e80f5bd539c8db
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeFilesize
72KB
MD5b161b3cd9985e172870ac8704eea87c2
SHA15e9851b32af4c1e5835842024928ea74ce665b6f
SHA2561793eb84a68ca1f9e70719e06fcac44d3c7d710efe13d59fa56fbf0ad6193398
SHA512c3e8886d003dbac6cae76780e4c7d1cca1bd2d1c9d501d3026326199d5692a1baeeed230a2176aad7e1558169ad60ae3a64f71ca4b287b4119b8619f1fb5ecc2
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeFilesize
72KB
MD5b161b3cd9985e172870ac8704eea87c2
SHA15e9851b32af4c1e5835842024928ea74ce665b6f
SHA2561793eb84a68ca1f9e70719e06fcac44d3c7d710efe13d59fa56fbf0ad6193398
SHA512c3e8886d003dbac6cae76780e4c7d1cca1bd2d1c9d501d3026326199d5692a1baeeed230a2176aad7e1558169ad60ae3a64f71ca4b287b4119b8619f1fb5ecc2
-
C:\Users\backup.exeFilesize
72KB
MD5abeb9ad9b6b7755873a0c0c5e56e28dd
SHA18af6e2f81aec4862bb5fcbb4b93952ed998493b5
SHA25692bd8f1df87353a7ca465b7bde56e1d8b91be46e2da58e243a9942e07468260d
SHA5129bb75f7a763f49f101d6687c7c736fd4c1e7b00235a2b61712c07b29f5b80065114a89b76bb8a78f2e637c6f4964f093e117be7b5ead922bc65dcac3588789ca
-
C:\Users\backup.exeFilesize
72KB
MD5abeb9ad9b6b7755873a0c0c5e56e28dd
SHA18af6e2f81aec4862bb5fcbb4b93952ed998493b5
SHA25692bd8f1df87353a7ca465b7bde56e1d8b91be46e2da58e243a9942e07468260d
SHA5129bb75f7a763f49f101d6687c7c736fd4c1e7b00235a2b61712c07b29f5b80065114a89b76bb8a78f2e637c6f4964f093e117be7b5ead922bc65dcac3588789ca
-
C:\backup.exeFilesize
72KB
MD5508c7ae1ef8bf29b3578302dbcab0c42
SHA1fd330a4f45fa8412c591229388d4e5ad0407a51c
SHA2560803eee11eeeb98cf1af81d66e912be0100fc98cd001110c50790aa88a578f77
SHA5127433355ddfde4f2d8d13834bde156890593ed2bb0b076dc5b48c5c74dc9763c178695947332e9cb3da436975db8122db08236ab5fe5ce02c793ea305153494b4
-
C:\backup.exeFilesize
72KB
MD5508c7ae1ef8bf29b3578302dbcab0c42
SHA1fd330a4f45fa8412c591229388d4e5ad0407a51c
SHA2560803eee11eeeb98cf1af81d66e912be0100fc98cd001110c50790aa88a578f77
SHA5127433355ddfde4f2d8d13834bde156890593ed2bb0b076dc5b48c5c74dc9763c178695947332e9cb3da436975db8122db08236ab5fe5ce02c793ea305153494b4
-
C:\odt\backup.exeFilesize
72KB
MD51cdbb70045555bfc603cd3ab1dccae5e
SHA1428f48f133eee76f581f03e0c694a485513f5b8e
SHA2567c0fd29e4cf9db64eac7c0bf053f7cb75a436128fa81245c16a8a0ba663efd4e
SHA51237cf8728c5fdbe75a4464ba9d3a03b75a4ae904885964ee17c609844cf319b9e49dde141eebaba98a1ac373a734a92f16ac64c165e49f7ba4ac0156654b50db7
-
C:\odt\backup.exeFilesize
72KB
MD51cdbb70045555bfc603cd3ab1dccae5e
SHA1428f48f133eee76f581f03e0c694a485513f5b8e
SHA2567c0fd29e4cf9db64eac7c0bf053f7cb75a436128fa81245c16a8a0ba663efd4e
SHA51237cf8728c5fdbe75a4464ba9d3a03b75a4ae904885964ee17c609844cf319b9e49dde141eebaba98a1ac373a734a92f16ac64c165e49f7ba4ac0156654b50db7
-
memory/592-214-0x0000000000000000-mapping.dmp
-
memory/676-307-0x0000000000000000-mapping.dmp
-
memory/740-321-0x0000000000000000-mapping.dmp
-
memory/900-325-0x0000000000000000-mapping.dmp
-
memory/1316-351-0x0000000000000000-mapping.dmp
-
memory/1468-209-0x0000000000000000-mapping.dmp
-
memory/1500-288-0x0000000000000000-mapping.dmp
-
memory/1780-253-0x0000000000000000-mapping.dmp
-
memory/1848-329-0x0000000000000000-mapping.dmp
-
memory/1908-296-0x0000000000000000-mapping.dmp
-
memory/2128-365-0x0000000000000000-mapping.dmp
-
memory/2172-268-0x0000000000000000-mapping.dmp
-
memory/2188-154-0x0000000000000000-mapping.dmp
-
memory/2224-352-0x0000000000000000-mapping.dmp
-
memory/2240-342-0x0000000000000000-mapping.dmp
-
memory/2276-326-0x0000000000000000-mapping.dmp
-
memory/2360-282-0x0000000000000000-mapping.dmp
-
memory/2832-287-0x0000000000000000-mapping.dmp
-
memory/2840-379-0x0000000000000000-mapping.dmp
-
memory/2868-229-0x0000000000000000-mapping.dmp
-
memory/2968-312-0x0000000000000000-mapping.dmp
-
memory/3036-159-0x0000000000000000-mapping.dmp
-
memory/3232-300-0x0000000000000000-mapping.dmp
-
memory/3384-184-0x0000000000000000-mapping.dmp
-
memory/3488-219-0x0000000000000000-mapping.dmp
-
memory/3556-377-0x0000000000000000-mapping.dmp
-
memory/3604-204-0x0000000000000000-mapping.dmp
-
memory/3688-269-0x0000000000000000-mapping.dmp
-
memory/3720-289-0x0000000000000000-mapping.dmp
-
memory/3804-372-0x0000000000000000-mapping.dmp
-
memory/3808-174-0x0000000000000000-mapping.dmp
-
memory/3824-189-0x0000000000000000-mapping.dmp
-
memory/3824-348-0x0000000000000000-mapping.dmp
-
memory/3852-240-0x0000000000000000-mapping.dmp
-
memory/3892-194-0x0000000000000000-mapping.dmp
-
memory/3996-363-0x0000000000000000-mapping.dmp
-
memory/4040-374-0x0000000000000000-mapping.dmp
-
memory/4092-373-0x0000000000000000-mapping.dmp
-
memory/4160-134-0x0000000000000000-mapping.dmp
-
memory/4200-364-0x0000000000000000-mapping.dmp
-
memory/4260-328-0x0000000000000000-mapping.dmp
-
memory/4316-164-0x0000000000000000-mapping.dmp
-
memory/4368-311-0x0000000000000000-mapping.dmp
-
memory/4412-179-0x0000000000000000-mapping.dmp
-
memory/4412-336-0x0000000000000000-mapping.dmp
-
memory/4460-324-0x0000000000000000-mapping.dmp
-
memory/4508-346-0x0000000000000000-mapping.dmp
-
memory/4516-249-0x0000000000000000-mapping.dmp
-
memory/4528-254-0x0000000000000000-mapping.dmp
-
memory/4532-224-0x0000000000000000-mapping.dmp
-
memory/4540-251-0x0000000000000000-mapping.dmp
-
memory/4568-139-0x0000000000000000-mapping.dmp
-
memory/4612-149-0x0000000000000000-mapping.dmp
-
memory/4704-144-0x0000000000000000-mapping.dmp
-
memory/4736-327-0x0000000000000000-mapping.dmp
-
memory/4744-357-0x0000000000000000-mapping.dmp
-
memory/4812-230-0x0000000000000000-mapping.dmp
-
memory/4932-255-0x0000000000000000-mapping.dmp
-
memory/4956-165-0x0000000000000000-mapping.dmp
-
memory/4992-199-0x0000000000000000-mapping.dmp
-
memory/5016-292-0x0000000000000000-mapping.dmp
-
memory/5024-239-0x0000000000000000-mapping.dmp
-
memory/5088-334-0x0000000000000000-mapping.dmp
-
memory/5116-290-0x0000000000000000-mapping.dmp