Analysis
-
max time kernel
185s -
max time network
190s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
23-11-2022 17:15
General
-
Target
db6479baa74a8fbfb7606384639e99afe90fa3dad1748e0645061b36eb0726ba.exe
-
Size
72KB
-
MD5
5505872d0f60163f41a49bf4b35ef60e
-
SHA1
2c1630ebbf4be959932586d30bc61e8cc2563d9e
-
SHA256
db6479baa74a8fbfb7606384639e99afe90fa3dad1748e0645061b36eb0726ba
-
SHA512
6778eafb23636ea214213fcb729d82b348df5508fe4c84ae1ba9be1483617e1dcf127890ad31de57d801ad93c13e1d38cf685fc5741e329acb538e051c5c514d
-
SSDEEP
768:rpQNwC3BEc4QEfu0Ei8XxNDINE3BEJwRr9l:teThavEjDWguK9l
Score
10/10
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 9 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\db6479baa74a8fbfb7606384639e99afe90fa3dad1748e0645061b36eb0726ba.exe"C:\Users\Admin\AppData\Local\Temp\db6479baa74a8fbfb7606384639e99afe90fa3dad1748e0645061b36eb0726ba.exe"1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\54635183\backup.exeC:\Users\Admin\AppData\Local\Temp\54635183\backup.exe C:\Users\Admin\AppData\Local\Temp\54635183\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\backup.exe\backup.exe \3⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\odt\backup.exeC:\odt\backup.exe C:\odt\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\DESIGNER\backup.exe"C:\Program Files\Common Files\DESIGNER\backup.exe" C:\Program Files\Common Files\DESIGNER\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\backup.exe"C:\Program Files\Common Files\microsoft shared\backup.exe" C:\Program Files\Common Files\microsoft shared\6⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe"C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe" C:\Program Files\Common Files\microsoft shared\ClickToRun\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ar-SA\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\bg-BG\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\da-DK\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\el-GR\update.exe"C:\Program Files\Common Files\microsoft shared\ink\el-GR\update.exe" C:\Program Files\Common Files\microsoft shared\ink\el-GR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\en-GB\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\es-ES\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\es-MX\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\es-MX\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\es-MX\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\et-EE\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fi-FI\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\fr-CA\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fr-CA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-CA\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-FR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\10⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\System Restore.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\System Restore.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\11⤵
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\update.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\update.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\9⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\9⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\9⤵
-
C:\Program Files\Common Files\microsoft shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\he-IL\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\hr-HR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\hu-HU\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\data.exe"C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\data.exe" C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
-
C:\Program Files\Common Files\microsoft shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ko-KR\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\data.exe"C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\data.exe" C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\8⤵
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\lt-LT\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\lv-LV\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\microsoft shared\ink\nb-NO\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\nb-NO\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\nl-NL\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\nl-NL\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\pl-PL\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\pl-PL\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\pt-BR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\pt-BR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\pt-BR\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\pt-PT\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\pt-PT\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\pt-PT\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\ro-RO\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ro-RO\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ro-RO\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\ru-RU\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ru-RU\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ru-RU\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\sk-SK\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\sk-SK\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\sk-SK\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\sl-SI\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\sl-SI\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\sl-SI\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\sv-SE\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\sv-SE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\sv-SE\8⤵
-
C:\Program Files\Common Files\microsoft shared\MSInfo\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\8⤵
-
C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\OFFICE16\backup.exe"C:\Program Files\Common Files\microsoft shared\OFFICE16\backup.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\update.exe"C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\update.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\7⤵
- Executes dropped EXE
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\Source Engine\backup.exe"C:\Program Files\Common Files\microsoft shared\Source Engine\backup.exe" C:\Program Files\Common Files\microsoft shared\Source Engine\7⤵
-
C:\Program Files\Common Files\microsoft shared\Stationery\backup.exe"C:\Program Files\Common Files\microsoft shared\Stationery\backup.exe" C:\Program Files\Common Files\microsoft shared\Stationery\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\microsoft shared\TextConv\backup.exe"C:\Program Files\Common Files\microsoft shared\TextConv\backup.exe" C:\Program Files\Common Files\microsoft shared\TextConv\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Common Files\microsoft shared\TextConv\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\TextConv\en-US\8⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\8⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\9⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\9⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\10⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\10⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\11⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\12⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\13⤵
-
C:\Program Files\Common Files\microsoft shared\Triedit\backup.exe"C:\Program Files\Common Files\microsoft shared\Triedit\backup.exe" C:\Program Files\Common Files\microsoft shared\Triedit\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\microsoft shared\Triedit\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\Triedit\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\Triedit\en-US\8⤵
-
C:\Program Files\Common Files\microsoft shared\VC\backup.exe"C:\Program Files\Common Files\microsoft shared\VC\backup.exe" C:\Program Files\Common Files\microsoft shared\VC\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\VGX\backup.exe"C:\Program Files\Common Files\microsoft shared\VGX\backup.exe" C:\Program Files\Common Files\microsoft shared\VGX\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\microsoft shared\VSTO\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\7⤵
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
- System policy modification
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
- System policy modification
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\7⤵
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
-
C:\Program Files\Common Files\System\msadc\backup.exe"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\7⤵
-
C:\Program Files\Common Files\System\msadc\de-DE\backup.exe"C:\Program Files\Common Files\System\msadc\de-DE\backup.exe" C:\Program Files\Common Files\System\msadc\de-DE\8⤵
-
C:\Program Files\Common Files\System\msadc\en-US\System Restore.exe"C:\Program Files\Common Files\System\msadc\en-US\System Restore.exe" C:\Program Files\Common Files\System\msadc\en-US\8⤵
-
C:\Program Files\Common Files\System\msadc\es-ES\backup.exe"C:\Program Files\Common Files\System\msadc\es-ES\backup.exe" C:\Program Files\Common Files\System\msadc\es-ES\8⤵
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\8⤵
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\9⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\9⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\9⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\9⤵
- System policy modification
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\9⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\9⤵
-
C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe"C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\8⤵
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Internet Explorer\de-DE\update.exe"C:\Program Files\Internet Explorer\de-DE\update.exe" C:\Program Files\Internet Explorer\de-DE\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\es-ES\backup.exe"C:\Program Files\Internet Explorer\es-ES\backup.exe" C:\Program Files\Internet Explorer\es-ES\6⤵
-
C:\Program Files\Internet Explorer\en-US\backup.exe"C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\6⤵
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\fr-FR\backup.exe"C:\Program Files\Internet Explorer\fr-FR\backup.exe" C:\Program Files\Internet Explorer\fr-FR\6⤵
- System policy modification
-
C:\Program Files\Internet Explorer\images\System Restore.exe"C:\Program Files\Internet Explorer\images\System Restore.exe" C:\Program Files\Internet Explorer\images\6⤵
- System policy modification
-
C:\Program Files\Internet Explorer\it-IT\backup.exe"C:\Program Files\Internet Explorer\it-IT\backup.exe" C:\Program Files\Internet Explorer\it-IT\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Internet Explorer\ja-JP\backup.exe"C:\Program Files\Internet Explorer\ja-JP\backup.exe" C:\Program Files\Internet Explorer\ja-JP\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Internet Explorer\SIGNUP\backup.exe"C:\Program Files\Internet Explorer\SIGNUP\backup.exe" C:\Program Files\Internet Explorer\SIGNUP\6⤵
-
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\10.0\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\10.0\6⤵
-
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\7⤵
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
- System policy modification
-
C:\Program Files\Java\jdk1.8.0_66\backup.exe"C:\Program Files\Java\jdk1.8.0_66\backup.exe" C:\Program Files\Java\jdk1.8.0_66\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Java\jdk1.8.0_66\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\bin\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Java\jdk1.8.0_66\db\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\db\lib\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\lib\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\lib\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Java\jdk1.8.0_66\include\backup.exe"C:\Program Files\Java\jdk1.8.0_66\include\backup.exe" C:\Program Files\Java\jdk1.8.0_66\include\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.8.0_66\include\win32\backup.exe"C:\Program Files\Java\jdk1.8.0_66\include\win32\backup.exe" C:\Program Files\Java\jdk1.8.0_66\include\win32\8⤵
-
C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\System Restore.exe"C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\System Restore.exe" C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\9⤵
-
C:\Program Files\Java\jdk1.8.0_66\jre\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\7⤵
-
C:\Program Files\Java\jdk1.8.0_66\jre\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\bin\8⤵
-
C:\Program Files\Java\jdk1.8.0_66\jre\bin\dtplugin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\bin\dtplugin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\bin\dtplugin\9⤵
-
C:\Program Files\Java\jdk1.8.0_66\jre\bin\plugin2\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\bin\plugin2\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\bin\plugin2\9⤵
-
C:\Program Files\Java\jdk1.8.0_66\jre\bin\server\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\bin\server\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\bin\server\9⤵
-
C:\Program Files\Java\jre1.8.0_66\backup.exe"C:\Program Files\Java\jre1.8.0_66\backup.exe" C:\Program Files\Java\jre1.8.0_66\6⤵
-
C:\Program Files\Java\jre1.8.0_66\bin\backup.exe"C:\Program Files\Java\jre1.8.0_66\bin\backup.exe" C:\Program Files\Java\jre1.8.0_66\bin\7⤵
-
C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\backup.exe"C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\backup.exe" C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\8⤵
-
C:\Program Files\Java\jre1.8.0_66\bin\plugin2\backup.exe"C:\Program Files\Java\jre1.8.0_66\bin\plugin2\backup.exe" C:\Program Files\Java\jre1.8.0_66\bin\plugin2\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Java\jre1.8.0_66\bin\server\backup.exe"C:\Program Files\Java\jre1.8.0_66\bin\server\backup.exe" C:\Program Files\Java\jre1.8.0_66\bin\server\8⤵
-
C:\Program Files\Java\jre1.8.0_66\lib\System Restore.exe"C:\Program Files\Java\jre1.8.0_66\lib\System Restore.exe" C:\Program Files\Java\jre1.8.0_66\lib\7⤵
-
C:\Program Files\Java\jre1.8.0_66\lib\amd64\backup.exe"C:\Program Files\Java\jre1.8.0_66\lib\amd64\backup.exe" C:\Program Files\Java\jre1.8.0_66\lib\amd64\8⤵
-
C:\Program Files\Java\jre1.8.0_66\lib\applet\backup.exe"C:\Program Files\Java\jre1.8.0_66\lib\applet\backup.exe" C:\Program Files\Java\jre1.8.0_66\lib\applet\8⤵
-
C:\Program Files\Microsoft Office\backup.exe"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\5⤵
-
C:\Program Files\Microsoft Office\Office16\backup.exe"C:\Program Files\Microsoft Office\Office16\backup.exe" C:\Program Files\Microsoft Office\Office16\6⤵
-
C:\Program Files\Microsoft Office\PackageManifests\backup.exe"C:\Program Files\Microsoft Office\PackageManifests\backup.exe" C:\Program Files\Microsoft Office\PackageManifests\6⤵
-
C:\Program Files\Microsoft Office\root\backup.exe"C:\Program Files\Microsoft Office\root\backup.exe" C:\Program Files\Microsoft Office\root\6⤵
-
C:\Program Files\Microsoft Office\root\Client\backup.exe"C:\Program Files\Microsoft Office\root\Client\backup.exe" C:\Program Files\Microsoft Office\root\Client\7⤵
-
C:\Program Files\Microsoft Office\root\Document Themes 16\backup.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\7⤵
-
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\backup.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\8⤵
-
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\System Restore.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\System Restore.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\8⤵
-
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\backup.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\8⤵
-
C:\Program Files\Microsoft Office\root\fre\backup.exe"C:\Program Files\Microsoft Office\root\fre\backup.exe" C:\Program Files\Microsoft Office\root\fre\7⤵
-
C:\Program Files\Microsoft Office 15\backup.exe"C:\Program Files\Microsoft Office 15\backup.exe" C:\Program Files\Microsoft Office 15\5⤵
-
C:\Program Files\Microsoft Office 15\ClientX64\backup.exe"C:\Program Files\Microsoft Office 15\ClientX64\backup.exe" C:\Program Files\Microsoft Office 15\ClientX64\6⤵
-
C:\Program Files\Mozilla Firefox\backup.exe"C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\5⤵
-
C:\Program Files\Mozilla Firefox\browser\backup.exe"C:\Program Files\Mozilla Firefox\browser\backup.exe" C:\Program Files\Mozilla Firefox\browser\6⤵
-
C:\Program Files\Mozilla Firefox\browser\features\backup.exe"C:\Program Files\Mozilla Firefox\browser\features\backup.exe" C:\Program Files\Mozilla Firefox\browser\features\7⤵
-
C:\Program Files\Mozilla Firefox\browser\VisualElements\backup.exe"C:\Program Files\Mozilla Firefox\browser\VisualElements\backup.exe" C:\Program Files\Mozilla Firefox\browser\VisualElements\7⤵
-
C:\Program Files\Mozilla Firefox\defaults\backup.exe"C:\Program Files\Mozilla Firefox\defaults\backup.exe" C:\Program Files\Mozilla Firefox\defaults\6⤵
-
C:\Program Files\Mozilla Firefox\fonts\backup.exe"C:\Program Files\Mozilla Firefox\fonts\backup.exe" C:\Program Files\Mozilla Firefox\fonts\6⤵
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\6⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\7⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\8⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\8⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\System Restore.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\System Restore.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\update.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\7⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\update.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\10⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\7⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\8⤵
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\ARM\backup.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\backup.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe"C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\7⤵
-
C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\8⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\System Restore.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\System Restore.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\7⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\data.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\data.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\8⤵
-
C:\Program Files (x86)\Common Files\Java\backup.exe"C:\Program Files (x86)\Common Files\Java\backup.exe" C:\Program Files (x86)\Common Files\Java\6⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Java\Java Update\data.exe"C:\Program Files (x86)\Common Files\Java\Java Update\data.exe" C:\Program Files (x86)\Common Files\Java\Java Update\7⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\6⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\7⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\7⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\7⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\8⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\8⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\8⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\8⤵
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Google\Policies\backup.exe"C:\Program Files (x86)\Google\Policies\backup.exe" C:\Program Files (x86)\Google\Policies\6⤵
-
C:\Program Files (x86)\Google\Temp\backup.exe"C:\Program Files (x86)\Google\Temp\backup.exe" C:\Program Files (x86)\Google\Temp\6⤵
-
C:\Program Files (x86)\Google\CrashReports\data.exe"C:\Program Files (x86)\Google\CrashReports\data.exe" C:\Program Files (x86)\Google\CrashReports\6⤵
-
C:\Program Files (x86)\Google\Update\backup.exe"C:\Program Files (x86)\Google\Update\backup.exe" C:\Program Files (x86)\Google\Update\6⤵
-
C:\Program Files (x86)\Google\Update\1.3.36.71\backup.exe"C:\Program Files (x86)\Google\Update\1.3.36.71\backup.exe" C:\Program Files (x86)\Google\Update\1.3.36.71\7⤵
-
C:\Program Files (x86)\Google\Update\Download\backup.exe"C:\Program Files (x86)\Google\Update\Download\backup.exe" C:\Program Files (x86)\Google\Update\Download\7⤵
-
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\backup.exe"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\backup.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\8⤵
-
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\backup.exe"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\backup.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\9⤵
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
-
C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe"C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe" C:\Program Files (x86)\Internet Explorer\de-DE\6⤵
-
C:\Program Files (x86)\Internet Explorer\en-US\backup.exe"C:\Program Files (x86)\Internet Explorer\en-US\backup.exe" C:\Program Files (x86)\Internet Explorer\en-US\6⤵
-
C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe"C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe" C:\Program Files (x86)\Internet Explorer\es-ES\6⤵
-
C:\Program Files (x86)\Internet Explorer\fr-FR\backup.exe"C:\Program Files (x86)\Internet Explorer\fr-FR\backup.exe" C:\Program Files (x86)\Internet Explorer\fr-FR\6⤵
-
C:\Program Files (x86)\Internet Explorer\it-IT\backup.exe"C:\Program Files (x86)\Internet Explorer\it-IT\backup.exe" C:\Program Files (x86)\Internet Explorer\it-IT\6⤵
-
C:\Program Files (x86)\Internet Explorer\images\backup.exe"C:\Program Files (x86)\Internet Explorer\images\backup.exe" C:\Program Files (x86)\Internet Explorer\images\6⤵
-
C:\Program Files (x86)\Internet Explorer\ja-JP\backup.exe"C:\Program Files (x86)\Internet Explorer\ja-JP\backup.exe" C:\Program Files (x86)\Internet Explorer\ja-JP\6⤵
-
C:\Program Files (x86)\Internet Explorer\SIGNUP\backup.exe"C:\Program Files (x86)\Internet Explorer\SIGNUP\backup.exe" C:\Program Files (x86)\Internet Explorer\SIGNUP\6⤵
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Users\Admin\3D Objects\backup.exe"C:\Users\Admin\3D Objects\backup.exe" C:\Users\Admin\3D Objects\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\6⤵
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Users\Admin\Favorites\backup.exeC:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\6⤵
-
C:\Users\Admin\Links\backup.exeC:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Users\Admin\Music\backup.exeC:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\6⤵
-
C:\Users\Admin\OneDrive\backup.exeC:\Users\Admin\OneDrive\backup.exe C:\Users\Admin\OneDrive\6⤵
- System policy modification
-
C:\Users\Admin\Pictures\backup.exeC:\Users\Admin\Pictures\backup.exe C:\Users\Admin\Pictures\6⤵
-
C:\Users\Admin\Pictures\Saved Pictures\backup.exe"C:\Users\Admin\Pictures\Saved Pictures\backup.exe" C:\Users\Admin\Pictures\Saved Pictures\7⤵
-
C:\Users\Admin\Pictures\Camera Roll\data.exe"C:\Users\Admin\Pictures\Camera Roll\data.exe" C:\Users\Admin\Pictures\Camera Roll\7⤵
-
C:\Users\Admin\Saved Games\backup.exe"C:\Users\Admin\Saved Games\backup.exe" C:\Users\Admin\Saved Games\6⤵
-
C:\Users\Admin\Searches\backup.exeC:\Users\Admin\Searches\backup.exe C:\Users\Admin\Searches\6⤵
-
C:\Users\Admin\Videos\backup.exeC:\Users\Admin\Videos\backup.exe C:\Users\Admin\Videos\6⤵
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
-
C:\Users\Public\Documents\backup.exeC:\Users\Public\Documents\backup.exe C:\Users\Public\Documents\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Public\Downloads\backup.exeC:\Users\Public\Downloads\backup.exe C:\Users\Public\Downloads\6⤵
-
C:\Users\Public\Music\System Restore.exe"C:\Users\Public\Music\System Restore.exe" C:\Users\Public\Music\6⤵
-
C:\Users\Public\Pictures\backup.exeC:\Users\Public\Pictures\backup.exe C:\Users\Public\Pictures\6⤵
-
C:\Users\Public\Videos\backup.exeC:\Users\Public\Videos\backup.exe C:\Users\Public\Videos\6⤵
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Windows directory
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\appcompat\backup.exeC:\Windows\appcompat\backup.exe C:\Windows\appcompat\5⤵
- Drops file in Windows directory
- System policy modification
-
C:\Windows\appcompat\appraiser\backup.exeC:\Windows\appcompat\appraiser\backup.exe C:\Windows\appcompat\appraiser\6⤵
- Drops file in Windows directory
-
C:\Windows\appcompat\encapsulation\backup.exeC:\Windows\appcompat\encapsulation\backup.exe C:\Windows\appcompat\encapsulation\6⤵
-
C:\Windows\appcompat\Programs\backup.exeC:\Windows\appcompat\Programs\backup.exe C:\Windows\appcompat\Programs\6⤵
-
C:\Windows\apppatch\backup.exeC:\Windows\apppatch\backup.exe C:\Windows\apppatch\5⤵
-
C:\Windows\apppatch\AppPatch64\backup.exeC:\Windows\apppatch\AppPatch64\backup.exe C:\Windows\apppatch\AppPatch64\6⤵
-
C:\Windows\apppatch\Custom\backup.exeC:\Windows\apppatch\Custom\backup.exe C:\Windows\apppatch\Custom\6⤵
-
C:\Windows\apppatch\Custom\Custom64\backup.exeC:\Windows\apppatch\Custom\Custom64\backup.exe C:\Windows\apppatch\Custom\Custom64\7⤵
-
C:\Windows\apppatch\de-DE\backup.exeC:\Windows\apppatch\de-DE\backup.exe C:\Windows\apppatch\de-DE\6⤵
-
C:\Windows\apppatch\CustomSDB\backup.exeC:\Windows\apppatch\CustomSDB\backup.exe C:\Windows\apppatch\CustomSDB\6⤵
-
C:\Windows\apppatch\en-US\backup.exeC:\Windows\apppatch\en-US\backup.exe C:\Windows\apppatch\en-US\6⤵
-
C:\Windows\apppatch\es-ES\backup.exeC:\Windows\apppatch\es-ES\backup.exe C:\Windows\apppatch\es-ES\6⤵
-
C:\Windows\apppatch\fr-FR\backup.exeC:\Windows\apppatch\fr-FR\backup.exe C:\Windows\apppatch\fr-FR\6⤵
-
C:\Windows\apppatch\ja-JP\backup.exeC:\Windows\apppatch\ja-JP\backup.exe C:\Windows\apppatch\ja-JP\6⤵
-
C:\Windows\AppReadiness\backup.exeC:\Windows\AppReadiness\backup.exe C:\Windows\AppReadiness\5⤵
-
C:\Windows\assembly\backup.exeC:\Windows\assembly\backup.exe C:\Windows\assembly\5⤵
-
C:\Windows\assembly\GAC\backup.exeC:\Windows\assembly\GAC\backup.exe C:\Windows\assembly\GAC\6⤵
-
C:\Windows\assembly\GAC\ADODB\backup.exeC:\Windows\assembly\GAC\ADODB\backup.exe C:\Windows\assembly\GAC\ADODB\7⤵
-
C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\8⤵
-
C:\Windows\assembly\GAC\Extensibility\System Restore.exe"C:\Windows\assembly\GAC\Extensibility\System Restore.exe" C:\Windows\assembly\GAC\Extensibility\7⤵
-
C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\8⤵
-
C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exeC:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe C:\Users\Admin\AppData\Local\Temp\acrocef_low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\update.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\update.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Java\jdk1.8.0_66\db\bin\backup.exe"C:\Program Files\Java\jdk1.8.0_66\db\bin\backup.exe" C:\Program Files\Java\jdk1.8.0_66\db\bin\1⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\backup.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\1⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\1⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\appcompat\appraiser\Telemetry\backup.exeC:\Windows\appcompat\appraiser\Telemetry\backup.exe C:\Windows\appcompat\appraiser\Telemetry\1⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\1⤵
-
C:\Program Files\Java\jdk1.8.0_66\jre\lib\applet\backup.exe"C:\Program Files\Java\jdk1.8.0_66\jre\lib\applet\backup.exe" C:\Program Files\Java\jdk1.8.0_66\jre\lib\applet\1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\PerfLogs\backup.exeFilesize
72KB
MD5d4385f50b6c77189049522593921a0c0
SHA1ab4a7e5df637aa8eaa49d60a71f280fbccd957f7
SHA256ce613ae162489e993d1045799cb7aa1d955986e0084c70f255735a647ee6df00
SHA5123d92fbfd981afc1adfc48f20f31a4952171f9271a27e48318c07d16d2b853177d1ee3ee52de60f7267def926abc2f2c6b342fafbce11f3a6ab82f1ea72f3ce19
-
C:\PerfLogs\backup.exeFilesize
72KB
MD5d4385f50b6c77189049522593921a0c0
SHA1ab4a7e5df637aa8eaa49d60a71f280fbccd957f7
SHA256ce613ae162489e993d1045799cb7aa1d955986e0084c70f255735a647ee6df00
SHA5123d92fbfd981afc1adfc48f20f31a4952171f9271a27e48318c07d16d2b853177d1ee3ee52de60f7267def926abc2f2c6b342fafbce11f3a6ab82f1ea72f3ce19
-
C:\Program Files\7-Zip\Lang\backup.exeFilesize
72KB
MD56402afc6184faf14c7f571922b443917
SHA11d8230a738b3a77dab662bb47f85d57f0f36eb0d
SHA25674ba9af47875a5d55b1da5b76ea43eda5bcc10f5e824f6191298cb97d4ff06ba
SHA512f2e5b2dfc63eb8962159a2c390cd188aacb597f773839ce34688e4f73e7d3a07a12f00f0738c0024bd3c0ce25b7fcf4f18af2605eb048c0c4cd324d34c216ae7
-
C:\Program Files\7-Zip\Lang\backup.exeFilesize
72KB
MD56402afc6184faf14c7f571922b443917
SHA11d8230a738b3a77dab662bb47f85d57f0f36eb0d
SHA25674ba9af47875a5d55b1da5b76ea43eda5bcc10f5e824f6191298cb97d4ff06ba
SHA512f2e5b2dfc63eb8962159a2c390cd188aacb597f773839ce34688e4f73e7d3a07a12f00f0738c0024bd3c0ce25b7fcf4f18af2605eb048c0c4cd324d34c216ae7
-
C:\Program Files\7-Zip\backup.exeFilesize
72KB
MD56c67e49b828d9910209769be064cd8e6
SHA19924220ba9b5bccf7e7db28540049c47b10af8e2
SHA25662020d8d989f2f93b2859b052290fffc6e75d865763dbad9d420b981868bb73c
SHA512b2de69646daf1bfa030d01c4e37a797935e1b327bfe5feb5e9b2dc78e288080af2a7bcd0d1f9c50a25e3b2795473dfcdcaa11b98a76b1997b2419ca31a698382
-
C:\Program Files\7-Zip\backup.exeFilesize
72KB
MD56c67e49b828d9910209769be064cd8e6
SHA19924220ba9b5bccf7e7db28540049c47b10af8e2
SHA25662020d8d989f2f93b2859b052290fffc6e75d865763dbad9d420b981868bb73c
SHA512b2de69646daf1bfa030d01c4e37a797935e1b327bfe5feb5e9b2dc78e288080af2a7bcd0d1f9c50a25e3b2795473dfcdcaa11b98a76b1997b2419ca31a698382
-
C:\Program Files\Common Files\DESIGNER\backup.exeFilesize
72KB
MD5f907089092d9df026d0f8c999407c7bb
SHA19ce483db8791a332cb2c99512148f4b07aebebec
SHA2566e870419b9c1d03597acaccea4938c656b4be0269a633704d58357714450631d
SHA51247178526fdb4fea81ac268802a04a6c16c93a15dd07b759ab91537056eb5dcb09722b0259932f4816064af357c7d9290e268bd523a0a9ad4dc1740d122a81093
-
C:\Program Files\Common Files\DESIGNER\backup.exeFilesize
72KB
MD5f907089092d9df026d0f8c999407c7bb
SHA19ce483db8791a332cb2c99512148f4b07aebebec
SHA2566e870419b9c1d03597acaccea4938c656b4be0269a633704d58357714450631d
SHA51247178526fdb4fea81ac268802a04a6c16c93a15dd07b759ab91537056eb5dcb09722b0259932f4816064af357c7d9290e268bd523a0a9ad4dc1740d122a81093
-
C:\Program Files\Common Files\backup.exeFilesize
72KB
MD59a4c563cf1fa2b72d40069f9907957fb
SHA10c66584ee376a772b61580218c8d877eff3612f2
SHA256e1b7b13615a02cba3b76564608f9ce867c2f423e3ebb0b60dec5ed583445e901
SHA5123d54184d5320a5acc26661cdf205cbc03abb939c5fa670693e85645c5225c2b761cf228db5d86d32969e62bfad892a51eeb0bae25d01fa364f113f04570f7914
-
C:\Program Files\Common Files\backup.exeFilesize
72KB
MD59a4c563cf1fa2b72d40069f9907957fb
SHA10c66584ee376a772b61580218c8d877eff3612f2
SHA256e1b7b13615a02cba3b76564608f9ce867c2f423e3ebb0b60dec5ed583445e901
SHA5123d54184d5320a5acc26661cdf205cbc03abb939c5fa670693e85645c5225c2b761cf228db5d86d32969e62bfad892a51eeb0bae25d01fa364f113f04570f7914
-
C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exeFilesize
72KB
MD5cfeb4d4202b493ff80d1b6945747507c
SHA1c7de42a207ddd87138c6d4f4890d60dbec6c7a3f
SHA256c97eaff379634f2214875187b983c4a4dfc751e71045d516575d969f39573e55
SHA512e86f147a339380c6eb37b6ab6345efec0d13a31e4e17e615543649cce281b0c2b53ae00bc3e815c8e884fa6ef6b8e30de2463b88991ffa4172be371ef7506e29
-
C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exeFilesize
72KB
MD5cfeb4d4202b493ff80d1b6945747507c
SHA1c7de42a207ddd87138c6d4f4890d60dbec6c7a3f
SHA256c97eaff379634f2214875187b983c4a4dfc751e71045d516575d969f39573e55
SHA512e86f147a339380c6eb37b6ab6345efec0d13a31e4e17e615543649cce281b0c2b53ae00bc3e815c8e884fa6ef6b8e30de2463b88991ffa4172be371ef7506e29
-
C:\Program Files\Common Files\microsoft shared\backup.exeFilesize
72KB
MD5f907089092d9df026d0f8c999407c7bb
SHA19ce483db8791a332cb2c99512148f4b07aebebec
SHA2566e870419b9c1d03597acaccea4938c656b4be0269a633704d58357714450631d
SHA51247178526fdb4fea81ac268802a04a6c16c93a15dd07b759ab91537056eb5dcb09722b0259932f4816064af357c7d9290e268bd523a0a9ad4dc1740d122a81093
-
C:\Program Files\Common Files\microsoft shared\backup.exeFilesize
72KB
MD5f907089092d9df026d0f8c999407c7bb
SHA19ce483db8791a332cb2c99512148f4b07aebebec
SHA2566e870419b9c1d03597acaccea4938c656b4be0269a633704d58357714450631d
SHA51247178526fdb4fea81ac268802a04a6c16c93a15dd07b759ab91537056eb5dcb09722b0259932f4816064af357c7d9290e268bd523a0a9ad4dc1740d122a81093
-
C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exeFilesize
72KB
MD514a378e4576c55c944b7ec91b923643c
SHA1820882e3f3f75d271cdde27769b7a65132cb11c7
SHA2560753804b6281fdbe1a5ea202aed04de1735bd34c824e0fc5a41c00f2e1518593
SHA512175424d807eeee6f3c4543724bb967b30b556c4abd4d09be912e83d5230605b263306d255e2ae7b0b88517f596a375c36366ac0a33e7344bdd7bd823ffab76b9
-
C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exeFilesize
72KB
MD514a378e4576c55c944b7ec91b923643c
SHA1820882e3f3f75d271cdde27769b7a65132cb11c7
SHA2560753804b6281fdbe1a5ea202aed04de1735bd34c824e0fc5a41c00f2e1518593
SHA512175424d807eeee6f3c4543724bb967b30b556c4abd4d09be912e83d5230605b263306d255e2ae7b0b88517f596a375c36366ac0a33e7344bdd7bd823ffab76b9
-
C:\Program Files\Common Files\microsoft shared\ink\backup.exeFilesize
72KB
MD5cfeb4d4202b493ff80d1b6945747507c
SHA1c7de42a207ddd87138c6d4f4890d60dbec6c7a3f
SHA256c97eaff379634f2214875187b983c4a4dfc751e71045d516575d969f39573e55
SHA512e86f147a339380c6eb37b6ab6345efec0d13a31e4e17e615543649cce281b0c2b53ae00bc3e815c8e884fa6ef6b8e30de2463b88991ffa4172be371ef7506e29
-
C:\Program Files\Common Files\microsoft shared\ink\backup.exeFilesize
72KB
MD5cfeb4d4202b493ff80d1b6945747507c
SHA1c7de42a207ddd87138c6d4f4890d60dbec6c7a3f
SHA256c97eaff379634f2214875187b983c4a4dfc751e71045d516575d969f39573e55
SHA512e86f147a339380c6eb37b6ab6345efec0d13a31e4e17e615543649cce281b0c2b53ae00bc3e815c8e884fa6ef6b8e30de2463b88991ffa4172be371ef7506e29
-
C:\Program Files\Common Files\microsoft shared\ink\bg-BG\backup.exeFilesize
72KB
MD5501ee5ade32c6c3acd863aa1a144d596
SHA1e57b1a80c31d250eaaa091a5fd1d7cbbdd90521a
SHA25685ed0eaba7684b553ef4f4f3ef86cccf1cea221358f12007f007036705a65d35
SHA5121833079f55cbebd2ed714a57a21251e17ff90e43365f3b9c221d0e2ce89e34c18f64f83c8d973038335125c50bec2d7453a70a35eb6722348f10247945e0826d
-
C:\Program Files\Common Files\microsoft shared\ink\bg-BG\backup.exeFilesize
72KB
MD5501ee5ade32c6c3acd863aa1a144d596
SHA1e57b1a80c31d250eaaa091a5fd1d7cbbdd90521a
SHA25685ed0eaba7684b553ef4f4f3ef86cccf1cea221358f12007f007036705a65d35
SHA5121833079f55cbebd2ed714a57a21251e17ff90e43365f3b9c221d0e2ce89e34c18f64f83c8d973038335125c50bec2d7453a70a35eb6722348f10247945e0826d
-
C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exeFilesize
72KB
MD5501ee5ade32c6c3acd863aa1a144d596
SHA1e57b1a80c31d250eaaa091a5fd1d7cbbdd90521a
SHA25685ed0eaba7684b553ef4f4f3ef86cccf1cea221358f12007f007036705a65d35
SHA5121833079f55cbebd2ed714a57a21251e17ff90e43365f3b9c221d0e2ce89e34c18f64f83c8d973038335125c50bec2d7453a70a35eb6722348f10247945e0826d
-
C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exeFilesize
72KB
MD5501ee5ade32c6c3acd863aa1a144d596
SHA1e57b1a80c31d250eaaa091a5fd1d7cbbdd90521a
SHA25685ed0eaba7684b553ef4f4f3ef86cccf1cea221358f12007f007036705a65d35
SHA5121833079f55cbebd2ed714a57a21251e17ff90e43365f3b9c221d0e2ce89e34c18f64f83c8d973038335125c50bec2d7453a70a35eb6722348f10247945e0826d
-
C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exeFilesize
72KB
MD5501ee5ade32c6c3acd863aa1a144d596
SHA1e57b1a80c31d250eaaa091a5fd1d7cbbdd90521a
SHA25685ed0eaba7684b553ef4f4f3ef86cccf1cea221358f12007f007036705a65d35
SHA5121833079f55cbebd2ed714a57a21251e17ff90e43365f3b9c221d0e2ce89e34c18f64f83c8d973038335125c50bec2d7453a70a35eb6722348f10247945e0826d
-
C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exeFilesize
72KB
MD5501ee5ade32c6c3acd863aa1a144d596
SHA1e57b1a80c31d250eaaa091a5fd1d7cbbdd90521a
SHA25685ed0eaba7684b553ef4f4f3ef86cccf1cea221358f12007f007036705a65d35
SHA5121833079f55cbebd2ed714a57a21251e17ff90e43365f3b9c221d0e2ce89e34c18f64f83c8d973038335125c50bec2d7453a70a35eb6722348f10247945e0826d
-
C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exeFilesize
72KB
MD5501ee5ade32c6c3acd863aa1a144d596
SHA1e57b1a80c31d250eaaa091a5fd1d7cbbdd90521a
SHA25685ed0eaba7684b553ef4f4f3ef86cccf1cea221358f12007f007036705a65d35
SHA5121833079f55cbebd2ed714a57a21251e17ff90e43365f3b9c221d0e2ce89e34c18f64f83c8d973038335125c50bec2d7453a70a35eb6722348f10247945e0826d
-
C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exeFilesize
72KB
MD5501ee5ade32c6c3acd863aa1a144d596
SHA1e57b1a80c31d250eaaa091a5fd1d7cbbdd90521a
SHA25685ed0eaba7684b553ef4f4f3ef86cccf1cea221358f12007f007036705a65d35
SHA5121833079f55cbebd2ed714a57a21251e17ff90e43365f3b9c221d0e2ce89e34c18f64f83c8d973038335125c50bec2d7453a70a35eb6722348f10247945e0826d
-
C:\Program Files\Common Files\microsoft shared\ink\el-GR\update.exeFilesize
72KB
MD560933024cbb94523251a85ad390b6622
SHA1dc9f15992d4ad1aba3f490c8ef46b004fbbbb3d5
SHA256d799500aafd347416ad59dbb90ad474e5d0a09b400edc3841ebad6447452fdc6
SHA5122d171b5634653a6f5358d7e905832ecad1be80b1bbc8b7ab150da8650012fcbe4a07c3550d299c43149c51d57cfa058af9f754595c1a4196ae2c6072599ee9ad
-
C:\Program Files\Common Files\microsoft shared\ink\el-GR\update.exeFilesize
72KB
MD560933024cbb94523251a85ad390b6622
SHA1dc9f15992d4ad1aba3f490c8ef46b004fbbbb3d5
SHA256d799500aafd347416ad59dbb90ad474e5d0a09b400edc3841ebad6447452fdc6
SHA5122d171b5634653a6f5358d7e905832ecad1be80b1bbc8b7ab150da8650012fcbe4a07c3550d299c43149c51d57cfa058af9f754595c1a4196ae2c6072599ee9ad
-
C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exeFilesize
72KB
MD560933024cbb94523251a85ad390b6622
SHA1dc9f15992d4ad1aba3f490c8ef46b004fbbbb3d5
SHA256d799500aafd347416ad59dbb90ad474e5d0a09b400edc3841ebad6447452fdc6
SHA5122d171b5634653a6f5358d7e905832ecad1be80b1bbc8b7ab150da8650012fcbe4a07c3550d299c43149c51d57cfa058af9f754595c1a4196ae2c6072599ee9ad
-
C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exeFilesize
72KB
MD560933024cbb94523251a85ad390b6622
SHA1dc9f15992d4ad1aba3f490c8ef46b004fbbbb3d5
SHA256d799500aafd347416ad59dbb90ad474e5d0a09b400edc3841ebad6447452fdc6
SHA5122d171b5634653a6f5358d7e905832ecad1be80b1bbc8b7ab150da8650012fcbe4a07c3550d299c43149c51d57cfa058af9f754595c1a4196ae2c6072599ee9ad
-
C:\Program Files\Common Files\microsoft shared\ink\en-US\backup.exeFilesize
72KB
MD560933024cbb94523251a85ad390b6622
SHA1dc9f15992d4ad1aba3f490c8ef46b004fbbbb3d5
SHA256d799500aafd347416ad59dbb90ad474e5d0a09b400edc3841ebad6447452fdc6
SHA5122d171b5634653a6f5358d7e905832ecad1be80b1bbc8b7ab150da8650012fcbe4a07c3550d299c43149c51d57cfa058af9f754595c1a4196ae2c6072599ee9ad
-
C:\Program Files\Common Files\microsoft shared\ink\en-US\backup.exeFilesize
72KB
MD560933024cbb94523251a85ad390b6622
SHA1dc9f15992d4ad1aba3f490c8ef46b004fbbbb3d5
SHA256d799500aafd347416ad59dbb90ad474e5d0a09b400edc3841ebad6447452fdc6
SHA5122d171b5634653a6f5358d7e905832ecad1be80b1bbc8b7ab150da8650012fcbe4a07c3550d299c43149c51d57cfa058af9f754595c1a4196ae2c6072599ee9ad
-
C:\Program Files\Common Files\microsoft shared\ink\es-ES\backup.exeFilesize
72KB
MD560933024cbb94523251a85ad390b6622
SHA1dc9f15992d4ad1aba3f490c8ef46b004fbbbb3d5
SHA256d799500aafd347416ad59dbb90ad474e5d0a09b400edc3841ebad6447452fdc6
SHA5122d171b5634653a6f5358d7e905832ecad1be80b1bbc8b7ab150da8650012fcbe4a07c3550d299c43149c51d57cfa058af9f754595c1a4196ae2c6072599ee9ad
-
C:\Program Files\Common Files\microsoft shared\ink\es-ES\backup.exeFilesize
72KB
MD560933024cbb94523251a85ad390b6622
SHA1dc9f15992d4ad1aba3f490c8ef46b004fbbbb3d5
SHA256d799500aafd347416ad59dbb90ad474e5d0a09b400edc3841ebad6447452fdc6
SHA5122d171b5634653a6f5358d7e905832ecad1be80b1bbc8b7ab150da8650012fcbe4a07c3550d299c43149c51d57cfa058af9f754595c1a4196ae2c6072599ee9ad
-
C:\Program Files\Common Files\microsoft shared\ink\es-MX\backup.exeFilesize
72KB
MD5dfd5d3d0911223b2a48c765183be06ef
SHA16b205746d5029fe89402b3eff8045ab5ff7f663d
SHA25608d8e9f86f6a50a2e2c9023e1332eb0f60ca394e6d0e19789e32962d198f0d83
SHA512851cf76d1665edf308b8969e9bfa282f4ecbb90d45a5ce8ff9f307296b36e0b97e600898d30242c3809002e76c0edfc6d5c18b0c9d881ffbbc28e285fc434677
-
C:\Program Files\Common Files\microsoft shared\ink\es-MX\backup.exeFilesize
72KB
MD5dfd5d3d0911223b2a48c765183be06ef
SHA16b205746d5029fe89402b3eff8045ab5ff7f663d
SHA25608d8e9f86f6a50a2e2c9023e1332eb0f60ca394e6d0e19789e32962d198f0d83
SHA512851cf76d1665edf308b8969e9bfa282f4ecbb90d45a5ce8ff9f307296b36e0b97e600898d30242c3809002e76c0edfc6d5c18b0c9d881ffbbc28e285fc434677
-
C:\Program Files\Common Files\microsoft shared\ink\et-EE\backup.exeFilesize
72KB
MD5dfd5d3d0911223b2a48c765183be06ef
SHA16b205746d5029fe89402b3eff8045ab5ff7f663d
SHA25608d8e9f86f6a50a2e2c9023e1332eb0f60ca394e6d0e19789e32962d198f0d83
SHA512851cf76d1665edf308b8969e9bfa282f4ecbb90d45a5ce8ff9f307296b36e0b97e600898d30242c3809002e76c0edfc6d5c18b0c9d881ffbbc28e285fc434677
-
C:\Program Files\Common Files\microsoft shared\ink\et-EE\backup.exeFilesize
72KB
MD5dfd5d3d0911223b2a48c765183be06ef
SHA16b205746d5029fe89402b3eff8045ab5ff7f663d
SHA25608d8e9f86f6a50a2e2c9023e1332eb0f60ca394e6d0e19789e32962d198f0d83
SHA512851cf76d1665edf308b8969e9bfa282f4ecbb90d45a5ce8ff9f307296b36e0b97e600898d30242c3809002e76c0edfc6d5c18b0c9d881ffbbc28e285fc434677
-
C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exeFilesize
72KB
MD57048f92bfeedf7cc57fb89bd3ab3a958
SHA10329040c9097bfcbb5574426570e9c1be442bfd5
SHA2568c9f5762c4c9e69e14c27d8015343f01a234923cd912f8a7328396ede83978f4
SHA5125b708ca07154299cb0683f74c4707c26a8bf319525d78fa608b3a72cd25d71a10397794e129f8321e281ec2a1ac36cb4749e2a42de3ebeb01e16c811cf43f81b
-
C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exeFilesize
72KB
MD57048f92bfeedf7cc57fb89bd3ab3a958
SHA10329040c9097bfcbb5574426570e9c1be442bfd5
SHA2568c9f5762c4c9e69e14c27d8015343f01a234923cd912f8a7328396ede83978f4
SHA5125b708ca07154299cb0683f74c4707c26a8bf319525d78fa608b3a72cd25d71a10397794e129f8321e281ec2a1ac36cb4749e2a42de3ebeb01e16c811cf43f81b
-
C:\Program Files\Common Files\microsoft shared\ink\fr-CA\backup.exeFilesize
72KB
MD57048f92bfeedf7cc57fb89bd3ab3a958
SHA10329040c9097bfcbb5574426570e9c1be442bfd5
SHA2568c9f5762c4c9e69e14c27d8015343f01a234923cd912f8a7328396ede83978f4
SHA5125b708ca07154299cb0683f74c4707c26a8bf319525d78fa608b3a72cd25d71a10397794e129f8321e281ec2a1ac36cb4749e2a42de3ebeb01e16c811cf43f81b
-
C:\Program Files\Common Files\microsoft shared\ink\fr-CA\backup.exeFilesize
72KB
MD57048f92bfeedf7cc57fb89bd3ab3a958
SHA10329040c9097bfcbb5574426570e9c1be442bfd5
SHA2568c9f5762c4c9e69e14c27d8015343f01a234923cd912f8a7328396ede83978f4
SHA5125b708ca07154299cb0683f74c4707c26a8bf319525d78fa608b3a72cd25d71a10397794e129f8321e281ec2a1ac36cb4749e2a42de3ebeb01e16c811cf43f81b
-
C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exeFilesize
72KB
MD57048f92bfeedf7cc57fb89bd3ab3a958
SHA10329040c9097bfcbb5574426570e9c1be442bfd5
SHA2568c9f5762c4c9e69e14c27d8015343f01a234923cd912f8a7328396ede83978f4
SHA5125b708ca07154299cb0683f74c4707c26a8bf319525d78fa608b3a72cd25d71a10397794e129f8321e281ec2a1ac36cb4749e2a42de3ebeb01e16c811cf43f81b
-
C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exeFilesize
72KB
MD57048f92bfeedf7cc57fb89bd3ab3a958
SHA10329040c9097bfcbb5574426570e9c1be442bfd5
SHA2568c9f5762c4c9e69e14c27d8015343f01a234923cd912f8a7328396ede83978f4
SHA5125b708ca07154299cb0683f74c4707c26a8bf319525d78fa608b3a72cd25d71a10397794e129f8321e281ec2a1ac36cb4749e2a42de3ebeb01e16c811cf43f81b
-
C:\Program Files\backup.exeFilesize
72KB
MD5d4385f50b6c77189049522593921a0c0
SHA1ab4a7e5df637aa8eaa49d60a71f280fbccd957f7
SHA256ce613ae162489e993d1045799cb7aa1d955986e0084c70f255735a647ee6df00
SHA5123d92fbfd981afc1adfc48f20f31a4952171f9271a27e48318c07d16d2b853177d1ee3ee52de60f7267def926abc2f2c6b342fafbce11f3a6ab82f1ea72f3ce19
-
C:\Program Files\backup.exeFilesize
72KB
MD5d4385f50b6c77189049522593921a0c0
SHA1ab4a7e5df637aa8eaa49d60a71f280fbccd957f7
SHA256ce613ae162489e993d1045799cb7aa1d955986e0084c70f255735a647ee6df00
SHA5123d92fbfd981afc1adfc48f20f31a4952171f9271a27e48318c07d16d2b853177d1ee3ee52de60f7267def926abc2f2c6b342fafbce11f3a6ab82f1ea72f3ce19
-
C:\Users\Admin\AppData\Local\Temp\54635183\backup.exeFilesize
72KB
MD50e9e318084dca32b6316be7776aac0af
SHA1b6113f9ddd51f56414a0858cbc8d407803d5b855
SHA2561db9257de77786c4953ec73c7a93356a342515db3337fa22848efcb1299ae8c2
SHA51212ff191d9c15492a163d0b2a4ee77ef1d8b127eeed37bda3612446939108c806db4942b07a109cf055d32821e153ebc1cb03c702e8309f56436a31f90e021e5f
-
C:\Users\Admin\AppData\Local\Temp\54635183\backup.exeFilesize
72KB
MD50e9e318084dca32b6316be7776aac0af
SHA1b6113f9ddd51f56414a0858cbc8d407803d5b855
SHA2561db9257de77786c4953ec73c7a93356a342515db3337fa22848efcb1299ae8c2
SHA51212ff191d9c15492a163d0b2a4ee77ef1d8b127eeed37bda3612446939108c806db4942b07a109cf055d32821e153ebc1cb03c702e8309f56436a31f90e021e5f
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeFilesize
72KB
MD538de83eca045bc6aaff71dc7c30ffdc3
SHA1d649db2914122aa68c08d74d24423ab2bfdba77e
SHA2565d195edd0d415882c4f92d6ddd3813b6ab652dfdb9e5ae288f0a936088549987
SHA5125811447e262a8e038d504b3a38cf5009a4ee2759ea96a1f5a242364e7f2696e0e24d23b055936130acbd6b7031b06702bebf41b02bd89aff84ea881250bfdef2
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeFilesize
72KB
MD538de83eca045bc6aaff71dc7c30ffdc3
SHA1d649db2914122aa68c08d74d24423ab2bfdba77e
SHA2565d195edd0d415882c4f92d6ddd3813b6ab652dfdb9e5ae288f0a936088549987
SHA5125811447e262a8e038d504b3a38cf5009a4ee2759ea96a1f5a242364e7f2696e0e24d23b055936130acbd6b7031b06702bebf41b02bd89aff84ea881250bfdef2
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exeFilesize
72KB
MD58fed347f7e98646ce375104df07a43ba
SHA157b950991934b8a687c64c4516e43f687e2b6901
SHA256deac0124149b56676b9c95340d99d5588265758582fd947531fc961bb49b9e14
SHA5128d1bf989a8306e2de526d4140b64b11363346ddf20d84a4a05df4f9dcfc2833b4a9ade45297baba58252efd6e372cd781cc928cdf0625ecb7d9a8ee2a209eb7c
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exeFilesize
72KB
MD58fed347f7e98646ce375104df07a43ba
SHA157b950991934b8a687c64c4516e43f687e2b6901
SHA256deac0124149b56676b9c95340d99d5588265758582fd947531fc961bb49b9e14
SHA5128d1bf989a8306e2de526d4140b64b11363346ddf20d84a4a05df4f9dcfc2833b4a9ade45297baba58252efd6e372cd781cc928cdf0625ecb7d9a8ee2a209eb7c
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exeFilesize
72KB
MD5f90d0ca5018e0a6048c7260f5e8606f5
SHA17b3c1d5d3be5f23f2aa57f17daba98d5457172d9
SHA25660addf051ec3d1249ed4e80ea1a623db1829edae2da8654a0872f4314367ebab
SHA5124863d11142a5ea469ba228ba51be8e96bee4fa72cd2db89a9414fbe0fccadd9ed2bed569e03f408af6c89ec08eafb57bb9131f00f522baec0d2e98520b5ac7b9
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exeFilesize
72KB
MD5f90d0ca5018e0a6048c7260f5e8606f5
SHA17b3c1d5d3be5f23f2aa57f17daba98d5457172d9
SHA25660addf051ec3d1249ed4e80ea1a623db1829edae2da8654a0872f4314367ebab
SHA5124863d11142a5ea469ba228ba51be8e96bee4fa72cd2db89a9414fbe0fccadd9ed2bed569e03f408af6c89ec08eafb57bb9131f00f522baec0d2e98520b5ac7b9
-
C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exeFilesize
72KB
MD5ed3829cb9b02f7317731337d7e0b2149
SHA1b40303de32a1ca33960c3bf1983ece3a13ae5638
SHA256bd6175560450345658c083cd9b5491ba22add9fee264b6755519292503e77cd2
SHA5121daf80bf16f662ae201e6a294eda54ff62fc26d8b434392a38f49c43d7da391b9fc864de9dea059183f51fe2c9d031aa98e177a9eeb1bdd65c3a5e74c5b2d378
-
C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exeFilesize
72KB
MD5ed3829cb9b02f7317731337d7e0b2149
SHA1b40303de32a1ca33960c3bf1983ece3a13ae5638
SHA256bd6175560450345658c083cd9b5491ba22add9fee264b6755519292503e77cd2
SHA5121daf80bf16f662ae201e6a294eda54ff62fc26d8b434392a38f49c43d7da391b9fc864de9dea059183f51fe2c9d031aa98e177a9eeb1bdd65c3a5e74c5b2d378
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\update.exeFilesize
72KB
MD5ed3829cb9b02f7317731337d7e0b2149
SHA1b40303de32a1ca33960c3bf1983ece3a13ae5638
SHA256bd6175560450345658c083cd9b5491ba22add9fee264b6755519292503e77cd2
SHA5121daf80bf16f662ae201e6a294eda54ff62fc26d8b434392a38f49c43d7da391b9fc864de9dea059183f51fe2c9d031aa98e177a9eeb1bdd65c3a5e74c5b2d378
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\update.exeFilesize
72KB
MD5ed3829cb9b02f7317731337d7e0b2149
SHA1b40303de32a1ca33960c3bf1983ece3a13ae5638
SHA256bd6175560450345658c083cd9b5491ba22add9fee264b6755519292503e77cd2
SHA5121daf80bf16f662ae201e6a294eda54ff62fc26d8b434392a38f49c43d7da391b9fc864de9dea059183f51fe2c9d031aa98e177a9eeb1bdd65c3a5e74c5b2d378
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeFilesize
72KB
MD5f90d0ca5018e0a6048c7260f5e8606f5
SHA17b3c1d5d3be5f23f2aa57f17daba98d5457172d9
SHA25660addf051ec3d1249ed4e80ea1a623db1829edae2da8654a0872f4314367ebab
SHA5124863d11142a5ea469ba228ba51be8e96bee4fa72cd2db89a9414fbe0fccadd9ed2bed569e03f408af6c89ec08eafb57bb9131f00f522baec0d2e98520b5ac7b9
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeFilesize
72KB
MD5f90d0ca5018e0a6048c7260f5e8606f5
SHA17b3c1d5d3be5f23f2aa57f17daba98d5457172d9
SHA25660addf051ec3d1249ed4e80ea1a623db1829edae2da8654a0872f4314367ebab
SHA5124863d11142a5ea469ba228ba51be8e96bee4fa72cd2db89a9414fbe0fccadd9ed2bed569e03f408af6c89ec08eafb57bb9131f00f522baec0d2e98520b5ac7b9
-
C:\backup.exeFilesize
72KB
MD586915a6873743aabc605750858076763
SHA1be9e79d4ef51683015336d7eb5134f03eba6ee23
SHA256fa587225f55a2072761eae3502581a6c5b5ada3f9b295210a841020ca73ee802
SHA512716b1bf2b49594e086543071298e850c97c8799a334ef69a19c1dd9f3ab0584f08dc87cf6e348c7dd7dac7a264f3c177be3a07c962d6c21fcbb98d91d1948d9a
-
C:\backup.exeFilesize
72KB
MD586915a6873743aabc605750858076763
SHA1be9e79d4ef51683015336d7eb5134f03eba6ee23
SHA256fa587225f55a2072761eae3502581a6c5b5ada3f9b295210a841020ca73ee802
SHA512716b1bf2b49594e086543071298e850c97c8799a334ef69a19c1dd9f3ab0584f08dc87cf6e348c7dd7dac7a264f3c177be3a07c962d6c21fcbb98d91d1948d9a
-
C:\odt\backup.exeFilesize
72KB
MD5d41b8cf2d7ec350275b85c8b1aaf1f26
SHA1bf33fde753afdfff632cc73c6f65e7d5c2cb434e
SHA25694088e33bfbd304dd8ac6b82967c3ec680e6c32fb39d7096289e449e336e8ea7
SHA51222d49a07f49c0260bbe77cf969c3f94e2fcf226ceb5d852d121e0fb2a7af7bb550b94b3506de81891f9156a89113f1da63e11729415aa788c37bcf34b99b22f1
-
C:\odt\backup.exeFilesize
72KB
MD5d41b8cf2d7ec350275b85c8b1aaf1f26
SHA1bf33fde753afdfff632cc73c6f65e7d5c2cb434e
SHA25694088e33bfbd304dd8ac6b82967c3ec680e6c32fb39d7096289e449e336e8ea7
SHA51222d49a07f49c0260bbe77cf969c3f94e2fcf226ceb5d852d121e0fb2a7af7bb550b94b3506de81891f9156a89113f1da63e11729415aa788c37bcf34b99b22f1
-
memory/384-310-0x0000000000000000-mapping.dmp
-
memory/456-209-0x0000000000000000-mapping.dmp
-
memory/712-239-0x0000000000000000-mapping.dmp
-
memory/792-234-0x0000000000000000-mapping.dmp
-
memory/856-360-0x0000000000000000-mapping.dmp
-
memory/1144-328-0x0000000000000000-mapping.dmp
-
memory/1216-294-0x0000000000000000-mapping.dmp
-
memory/1288-164-0x0000000000000000-mapping.dmp
-
memory/1316-331-0x0000000000000000-mapping.dmp
-
memory/1328-264-0x0000000000000000-mapping.dmp
-
memory/1340-354-0x0000000000000000-mapping.dmp
-
memory/1412-279-0x0000000000000000-mapping.dmp
-
memory/1420-380-0x0000000000000000-mapping.dmp
-
memory/1420-214-0x0000000000000000-mapping.dmp
-
memory/1616-139-0x0000000000000000-mapping.dmp
-
memory/1740-259-0x0000000000000000-mapping.dmp
-
memory/1756-297-0x0000000000000000-mapping.dmp
-
memory/1772-134-0x0000000000000000-mapping.dmp
-
memory/1904-244-0x0000000000000000-mapping.dmp
-
memory/1908-159-0x0000000000000000-mapping.dmp
-
memory/1992-254-0x0000000000000000-mapping.dmp
-
memory/2200-269-0x0000000000000000-mapping.dmp
-
memory/2532-335-0x0000000000000000-mapping.dmp
-
memory/2636-154-0x0000000000000000-mapping.dmp
-
memory/2692-306-0x0000000000000000-mapping.dmp
-
memory/2884-249-0x0000000000000000-mapping.dmp
-
memory/2932-358-0x0000000000000000-mapping.dmp
-
memory/2980-204-0x0000000000000000-mapping.dmp
-
memory/3192-355-0x0000000000000000-mapping.dmp
-
memory/3208-224-0x0000000000000000-mapping.dmp
-
memory/3348-362-0x0000000000000000-mapping.dmp
-
memory/3364-187-0x0000000000000000-mapping.dmp
-
memory/3364-361-0x0000000000000000-mapping.dmp
-
memory/3380-329-0x0000000000000000-mapping.dmp
-
memory/3412-313-0x0000000000000000-mapping.dmp
-
memory/3456-178-0x0000000000000000-mapping.dmp
-
memory/3552-332-0x0000000000000000-mapping.dmp
-
memory/3640-382-0x0000000000000000-mapping.dmp
-
memory/3668-219-0x0000000000000000-mapping.dmp
-
memory/3688-330-0x0000000000000000-mapping.dmp
-
memory/3704-174-0x0000000000000000-mapping.dmp
-
memory/3740-383-0x0000000000000000-mapping.dmp
-
memory/3884-334-0x0000000000000000-mapping.dmp
-
memory/3892-327-0x0000000000000000-mapping.dmp
-
memory/3988-167-0x0000000000000000-mapping.dmp
-
memory/4008-284-0x0000000000000000-mapping.dmp
-
memory/4204-229-0x0000000000000000-mapping.dmp
-
memory/4240-303-0x0000000000000000-mapping.dmp
-
memory/4336-311-0x0000000000000000-mapping.dmp
-
memory/4384-194-0x0000000000000000-mapping.dmp
-
memory/4396-309-0x0000000000000000-mapping.dmp
-
memory/4524-144-0x0000000000000000-mapping.dmp
-
memory/4572-300-0x0000000000000000-mapping.dmp
-
memory/4640-199-0x0000000000000000-mapping.dmp
-
memory/4696-274-0x0000000000000000-mapping.dmp
-
memory/4756-357-0x0000000000000000-mapping.dmp
-
memory/4780-289-0x0000000000000000-mapping.dmp
-
memory/4788-314-0x0000000000000000-mapping.dmp
-
memory/4904-312-0x0000000000000000-mapping.dmp
-
memory/4980-359-0x0000000000000000-mapping.dmp
-
memory/4984-356-0x0000000000000000-mapping.dmp
-
memory/4988-184-0x0000000000000000-mapping.dmp
-
memory/5028-333-0x0000000000000000-mapping.dmp
-
memory/5048-145-0x0000000000000000-mapping.dmp