3a21572b5d4ca5fb267b268e005956784d6aa00aad138c803aaa138dd9fa30c8

Analysis

max time kernel
2s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 01:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1f74da5be738a2d6cbb7802ea1ff0069.exe
Size

72KB
MD5

1f74da5be738a2d6cbb7802ea1ff0069
SHA1

a3264e84d428d0cec495a8845a43a17526d198c6
SHA256

3a21572b5d4ca5fb267b268e005956784d6aa00aad138c803aaa138dd9fa30c8
SHA512

ed8b68caee32c112e7f0372ca8b0305f2e3e0fe81e7c227dbf516d06c1fd9058a699d9424afdccb6674b55de4327865ba7e6a45b0f990fd7ff5b86dfbab88768
SSDEEP

384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf25:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrl

Score

10^/10

evasion

Malware Config

Signatures

Modifies visibility of file extensions in Explorer 2 TTPs 7 IoCs

evasion

Hidden Files and Directories

T1564.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	update.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	backup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	data.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	1f74da5be738a2d6cbb7802ea1ff0069.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	backup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	backup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	backup.exe

Disables RegEdit via registry modification 14 IoCs

evasion

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	backup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	1f74da5be738a2d6cbb7802ea1ff0069.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	data.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	backup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	backup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	backup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	data.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	update.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	update.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	backup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	1f74da5be738a2d6cbb7802ea1ff0069.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	backup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	backup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	backup.exe

Executes dropped EXE 7 IoCs

pid	Process
2900	backup.exe
1640	backup.exe
2860	backup.exe
2884	backup.exe
2828	update.exe
3056	backup.exe
2624	data.exe

Loads dropped DLL 16 IoCs

pid	Process
1692	1f74da5be738a2d6cbb7802ea1ff0069.exe
1692	1f74da5be738a2d6cbb7802ea1ff0069.exe
1692	1f74da5be738a2d6cbb7802ea1ff0069.exe
1692	1f74da5be738a2d6cbb7802ea1ff0069.exe
1692	backup.exe
1692	backup.exe
1692	backup.exe
1692	backup.exe
1692	backup.exe
2828	update.exe
2828	update.exe
2828	update.exe
1692	backup.exe
1692	backup.exe
1692	backup.exe
1692	backup.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
1692	1f74da5be738a2d6cbb7802ea1ff0069.exe
2900	backup.exe
1640	backup.exe
2860	data.exe
2884	backup.exe
2828	update.exe
3056	backup.exe
2624	data.exe

Suspicious use of WriteProcessMemory 31 IoCs

description	pid	Process	procid_target
PID 1692 wrote to memory of 2900	1692	1f74da5be738a2d6cbb7802ea1ff0069.exe	220
PID 1692 wrote to memory of 2900	1692	1f74da5be738a2d6cbb7802ea1ff0069.exe	220
PID 1692 wrote to memory of 2900	1692	1f74da5be738a2d6cbb7802ea1ff0069.exe	220
PID 1692 wrote to memory of 2900	1692	1f74da5be738a2d6cbb7802ea1ff0069.exe	220
PID 1692 wrote to memory of 1640	1692	1f74da5be738a2d6cbb7802ea1ff0069.exe	226
PID 1692 wrote to memory of 1640	1692	1f74da5be738a2d6cbb7802ea1ff0069.exe	226
PID 1692 wrote to memory of 1640	1692	1f74da5be738a2d6cbb7802ea1ff0069.exe	226
PID 1692 wrote to memory of 1640	1692	1f74da5be738a2d6cbb7802ea1ff0069.exe	226
PID 1692 wrote to memory of 2860	1692	backup.exe	218
PID 1692 wrote to memory of 2860	1692	backup.exe	218
PID 1692 wrote to memory of 2860	1692	backup.exe	218
PID 1692 wrote to memory of 2860	1692	backup.exe	218
PID 1692 wrote to memory of 2884	1692	backup.exe	28
PID 1692 wrote to memory of 2884	1692	backup.exe	28
PID 1692 wrote to memory of 2884	1692	backup.exe	28
PID 1692 wrote to memory of 2884	1692	backup.exe	28
PID 1692 wrote to memory of 2828	1692	backup.exe	29
PID 1692 wrote to memory of 2828	1692	backup.exe	29
PID 1692 wrote to memory of 2828	1692	backup.exe	29
PID 1692 wrote to memory of 2828	1692	backup.exe	29
PID 1692 wrote to memory of 2828	1692	backup.exe	29
PID 1692 wrote to memory of 2828	1692	backup.exe	29
PID 1692 wrote to memory of 2828	1692	backup.exe	29
PID 1692 wrote to memory of 3056	1692	backup.exe	308
PID 1692 wrote to memory of 3056	1692	backup.exe	308
PID 1692 wrote to memory of 3056	1692	backup.exe	308
PID 1692 wrote to memory of 3056	1692	backup.exe	308
PID 1692 wrote to memory of 2624	1692	backup.exe	301
PID 1692 wrote to memory of 2624	1692	backup.exe	301
PID 1692 wrote to memory of 2624	1692	backup.exe	301
PID 1692 wrote to memory of 2624	1692	backup.exe	301

System policy modification 1 TTPs 28 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer	backup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer	backup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	update.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1"	backup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer	data.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1"	data.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer	1f74da5be738a2d6cbb7802ea1ff0069.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System	backup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	backup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer	backup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	backup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer	backup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1"	backup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System	backup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System	update.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1"	1f74da5be738a2d6cbb7802ea1ff0069.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1"	update.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System	1f74da5be738a2d6cbb7802ea1ff0069.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	backup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	backup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1"	backup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer	update.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System	backup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System	data.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	data.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	1f74da5be738a2d6cbb7802ea1ff0069.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1"	backup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System	backup.exe

C:\Users\Admin\AppData\Local\Temp\1f74da5be738a2d6cbb7802ea1ff0069.exe
"C:\Users\Admin\AppData\Local\Temp\1f74da5be738a2d6cbb7802ea1ff0069.exe"
1⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
PID:1692
- C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe
  "C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\
  2⤵
  - Modifies visibility of file extensions in Explorer
  - Disables RegEdit via registry modification
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - System policy modification
  PID:2884
- C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\update.exe
  "C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\update.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\
  2⤵
  - Modifies visibility of file extensions in Explorer
  - Disables RegEdit via registry modification
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - System policy modification
  PID:2828
- C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe
  C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\
  2⤵
  PID:2624
- C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe
  C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\
  2⤵
  PID:3056
- C:\Users\Admin\AppData\Local\Temp\Low\backup.exe
  C:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe
  C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\
  2⤵
  PID:1640
- C:\Users\Admin\AppData\Local\Temp\3525688609\backup.exe
  C:\Users\Admin\AppData\Local\Temp\3525688609\backup.exe C:\Users\Admin\AppData\Local\Temp\3525688609\
  2⤵
  - Modifies visibility of file extensions in Explorer
  - Disables RegEdit via registry modification
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - System policy modification
  PID:2900

C:\PerfLogs\Admin\backup.exe
C:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\
1⤵
PID:2868

C:\Program Files\7-Zip\Lang\backup.exe
"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\
1⤵
PID:2196

C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\
1⤵
PID:1732

C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\
1⤵
PID:1984
- C:\Program Files (x86)\Common Files\microsoft shared\DAO\System Restore.exe
  "C:\Program Files (x86)\Common Files\microsoft shared\DAO\System Restore.exe" C:\Program Files (x86)\Common Files\microsoft shared\DAO\
  2⤵
  PID:2196

C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\update.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\
1⤵
PID:1668
- C:\Program Files\Internet Explorer\de-DE\backup.exe
  "C:\Program Files\Internet Explorer\de-DE\backup.exe" C:\Program Files\Internet Explorer\de-DE\
  2⤵
  PID:2332
- C:\Program Files\Internet Explorer\en-US\backup.exe
  "C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\
  2⤵
  PID:3036
- C:\Program Files\Internet Explorer\es-ES\update.exe
  "C:\Program Files\Internet Explorer\es-ES\update.exe" C:\Program Files\Internet Explorer\es-ES\
  2⤵
  PID:1996

C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\
1⤵
PID:2504

C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\System Restore.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\
1⤵
PID:2332

C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\
1⤵
PID:1788
- C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\System Restore.exe
  "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\
  2⤵
  PID:1520
- - C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\
    3⤵
    PID:2024
- - C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\
    3⤵
    PID:1888
- - C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\backup.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\
    3⤵
    PID:1780
- C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\backup.exe
  "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\
  2⤵
  PID:2288

C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\
1⤵
PID:1884

C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\System Restore.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\
1⤵
PID:1996

C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\
1⤵
PID:640

C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\
1⤵
PID:2208

C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\update.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\
1⤵
PID:2400
- C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\
  2⤵
  PID:3048
- C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\
  2⤵
  PID:2124
- C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\
  2⤵
  PID:2104
- C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\
  2⤵
  PID:2816
- C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\
  2⤵
  PID:2724
- C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\
  2⤵
  PID:2776
- C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\
  2⤵
  PID:2132
- C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\
  2⤵
  PID:1588
- C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\
  2⤵
  PID:1544

C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\
1⤵
PID:2432

C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\
1⤵
PID:2612

C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\
1⤵
PID:2684

C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\
1⤵
PID:3028

C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\data.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\
1⤵
PID:1932

C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\
1⤵
PID:1560

C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\data.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\
1⤵
PID:2544

C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\
1⤵
PID:1936

C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\
1⤵
PID:2728

C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\
1⤵
PID:1804

C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\
1⤵
PID:584
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\backup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\
  2⤵
  PID:672
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\backup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\
    3⤵
    PID:616

C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\
1⤵
PID:1660

C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\
1⤵
PID:616

C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\
1⤵
PID:1780

C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\
1⤵
PID:1496
- C:\Program Files\Common Files\System\ado\backup.exe
  "C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\
  2⤵
  PID:2476
- - C:\Program Files\Common Files\System\ado\de-DE\backup.exe
    "C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\
    3⤵
    PID:1160
- - C:\Program Files\Common Files\System\ado\en-US\backup.exe
    "C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\
    3⤵
    PID:2172
- - C:\Program Files\Common Files\System\ado\es-ES\backup.exe
    "C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\
    3⤵
    PID:1888
- - C:\Program Files\Common Files\System\ado\fr-FR\update.exe
    "C:\Program Files\Common Files\System\ado\fr-FR\update.exe" C:\Program Files\Common Files\System\ado\fr-FR\
    3⤵
    PID:400
- - C:\Program Files\Common Files\System\ado\it-IT\backup.exe
    "C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\
    3⤵
    PID:2424
- - C:\Program Files\Common Files\System\ado\ja-JP\backup.exe
    "C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\
    3⤵
    PID:1608
- C:\Program Files\Common Files\System\de-DE\data.exe
  "C:\Program Files\Common Files\System\de-DE\data.exe" C:\Program Files\Common Files\System\de-DE\
  2⤵
  PID:1944
- C:\Program Files\Common Files\System\en-US\backup.exe
  "C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\
  2⤵
  PID:2044
- C:\Program Files\Common Files\System\es-ES\backup.exe
  "C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\
  2⤵
  PID:2028
- C:\Program Files\Common Files\System\fr-FR\backup.exe
  "C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\
  2⤵
  PID:2004
- C:\Program Files\Common Files\System\it-IT\update.exe
  "C:\Program Files\Common Files\System\it-IT\update.exe" C:\Program Files\Common Files\System\it-IT\
  2⤵
  PID:688
- C:\Program Files\Common Files\System\ja-JP\backup.exe
  "C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\
  2⤵
  PID:536
- C:\Program Files\Common Files\System\msadc\backup.exe
  "C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\
  2⤵
  PID:2140
- - C:\Program Files\Common Files\System\msadc\de-DE\backup.exe
    "C:\Program Files\Common Files\System\msadc\de-DE\backup.exe" C:\Program Files\Common Files\System\msadc\de-DE\
    3⤵
    PID:1344
- - C:\Program Files\Common Files\System\msadc\en-US\backup.exe
    "C:\Program Files\Common Files\System\msadc\en-US\backup.exe" C:\Program Files\Common Files\System\msadc\en-US\
    3⤵
    PID:964
- - C:\Program Files\Common Files\System\msadc\es-ES\backup.exe
    "C:\Program Files\Common Files\System\msadc\es-ES\backup.exe" C:\Program Files\Common Files\System\msadc\es-ES\
    3⤵
    PID:2124
- - C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe
    "C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe" C:\Program Files\Common Files\System\msadc\fr-FR\
    3⤵
    PID:2696
- - C:\Program Files\Common Files\System\msadc\it-IT\backup.exe
    "C:\Program Files\Common Files\System\msadc\it-IT\backup.exe" C:\Program Files\Common Files\System\msadc\it-IT\
    3⤵
    PID:2764
- - C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe
    "C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe" C:\Program Files\Common Files\System\msadc\ja-JP\
    3⤵
    PID:2768

C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\
1⤵
PID:696

C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\
1⤵
PID:868

C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\
1⤵
PID:2020
- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe
  "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\
  2⤵
  PID:2436

C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\
1⤵
PID:1684

C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\
1⤵
PID:2436

C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\
1⤵
PID:1608

C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\
1⤵
PID:1944

C:\Program Files\Common Files\Microsoft Shared\MSInfo\System Restore.exe
"C:\Program Files\Common Files\Microsoft Shared\MSInfo\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\
1⤵
PID:964
- C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\
  2⤵
  PID:2028
- C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\
  2⤵
  PID:2004
- C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\
  2⤵
  PID:688
- C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\
  2⤵
  PID:1752
- C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\data.exe
  "C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\data.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\
  2⤵
  PID:3040
- C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\
  2⤵
  PID:2316

C:\Program Files\Common Files\Microsoft Shared\OFFICE14\System Restore.exe
"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\
1⤵
PID:2696
- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\
  2⤵
  PID:1620

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\
1⤵
PID:1628

C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\
1⤵
PID:2904

C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\
1⤵
PID:2720
- C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\
  2⤵
  PID:2796
- C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\
  2⤵
  PID:2940
- C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\
  2⤵
  PID:2620
- C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\System Restore.exe
  "C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\
  2⤵
  PID:2752
- C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\
  2⤵
  PID:2432
- C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\
  2⤵
  PID:2612

C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\update.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\
1⤵
PID:2224

C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\
1⤵
PID:2676
- C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\
  2⤵
  PID:2728
- C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\
  2⤵
  PID:2448
- C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\
  2⤵
  PID:1932
- C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\
  2⤵
  PID:1560
- C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\
  2⤵
  PID:2672
- C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\
  2⤵
  PID:1828

C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\
1⤵
PID:1316
- C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\System Restore.exe
  "C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\
  2⤵
  PID:1064
- - C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\backup.exe
    "C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\
    3⤵
    PID:2196

C:\Program Files\Common Files\SpeechEngines\backup.exe
"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\
1⤵
PID:616
- C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe
  "C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\
  2⤵
  PID:1152

C:\Program Files\Common Files\System\backup.exe
"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\
1⤵
PID:1496
- C:\Program Files\Common Files\System\Ole DB\backup.exe
  "C:\Program Files\Common Files\System\Ole DB\backup.exe" C:\Program Files\Common Files\System\Ole DB\
  2⤵
  PID:2896
- - C:\Program Files\Common Files\System\Ole DB\de-DE\backup.exe
    "C:\Program Files\Common Files\System\Ole DB\de-DE\backup.exe" C:\Program Files\Common Files\System\Ole DB\de-DE\
    3⤵
    PID:2808
- - C:\Program Files\Common Files\System\Ole DB\it-IT\backup.exe
    "C:\Program Files\Common Files\System\Ole DB\it-IT\backup.exe" C:\Program Files\Common Files\System\Ole DB\it-IT\
    3⤵
    PID:3012
- - C:\Program Files\Common Files\System\Ole DB\ja-JP\backup.exe
    "C:\Program Files\Common Files\System\Ole DB\ja-JP\backup.exe" C:\Program Files\Common Files\System\Ole DB\ja-JP\
    3⤵
    PID:2788
- - C:\Program Files\Common Files\System\Ole DB\fr-FR\backup.exe
    "C:\Program Files\Common Files\System\Ole DB\fr-FR\backup.exe" C:\Program Files\Common Files\System\Ole DB\fr-FR\
    3⤵
    PID:3056
- - C:\Program Files\Common Files\System\Ole DB\es-ES\backup.exe
    "C:\Program Files\Common Files\System\Ole DB\es-ES\backup.exe" C:\Program Files\Common Files\System\Ole DB\es-ES\
    3⤵
    PID:1756
- - C:\Program Files\Common Files\System\Ole DB\en-US\backup.exe
    "C:\Program Files\Common Files\System\Ole DB\en-US\backup.exe" C:\Program Files\Common Files\System\Ole DB\en-US\
    3⤵
    PID:2844

C:\Program Files\Common Files\Services\backup.exe
"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\
1⤵
PID:488

C:\Program Files\DVD Maker\backup.exe
"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\
1⤵
PID:2592
- C:\Program Files\DVD Maker\de-DE\backup.exe
  "C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\
  2⤵
  PID:3060
- C:\Program Files\DVD Maker\en-US\backup.exe
  "C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\
  2⤵
  PID:1060
- C:\Program Files\DVD Maker\es-ES\backup.exe
  "C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\
  2⤵
  PID:1616
- C:\Program Files\DVD Maker\ja-JP\backup.exe
  "C:\Program Files\DVD Maker\ja-JP\backup.exe" C:\Program Files\DVD Maker\ja-JP\
  2⤵
  PID:2164
- C:\Program Files\DVD Maker\Shared\System Restore.exe
  "C:\Program Files\DVD Maker\Shared\System Restore.exe" C:\Program Files\DVD Maker\Shared\
  2⤵
  PID:2536
- - C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe
    "C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\
    3⤵
    PID:1652
  - - C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe
      "C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\
      4⤵
      PID:608
  - - C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe
      "C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\
      4⤵
      PID:1248
  - - C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe
      "C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\
      4⤵
      PID:2196
  - - C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe
      "C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Full\
      4⤵
      PID:672
  - - C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe
      "C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\
      4⤵
      PID:1400
  - - C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe
      "C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\
      4⤵
      PID:616
  - - C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\update.exe
      "C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\update.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\
      4⤵
      PID:2396
  - - C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe
      "C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\
      4⤵
      PID:2224
  - - C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe
      "C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\
      4⤵
      PID:1160
  - - C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe
      "C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\
      4⤵
      PID:2172
  - - C:\Program Files\DVD Maker\Shared\DvdStyles\Push\backup.exe
      "C:\Program Files\DVD Maker\Shared\DvdStyles\Push\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Push\
      4⤵
      PID:1888
  - - C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\backup.exe
      "C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\
      4⤵
      PID:1412
  - - C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\backup.exe
      "C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\
      4⤵
      PID:2444
  - - C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\backup.exe
      "C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\
      4⤵
      PID:696
  - - C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\backup.exe
      "C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\
      4⤵
      PID:1944
  - - C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\backup.exe
      "C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\
      4⤵
      PID:2044
  - - C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\backup.exe
      "C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\
      4⤵
      PID:2168
  - - C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\backup.exe
      "C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\
      4⤵
      PID:3000
  - - C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\backup.exe
      "C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\
      4⤵
      PID:2184
  - - C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\backup.exe
      "C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\
      4⤵
      PID:1612
- C:\Program Files\DVD Maker\it-IT\update.exe
  "C:\Program Files\DVD Maker\it-IT\update.exe" C:\Program Files\DVD Maker\it-IT\
  2⤵
  PID:2236
- C:\Program Files\DVD Maker\fr-FR\data.exe
  "C:\Program Files\DVD Maker\fr-FR\data.exe" C:\Program Files\DVD Maker\fr-FR\
  2⤵
  PID:2916

C:\Program Files (x86)\backup.exe
"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\
1⤵
PID:2004
- C:\Program Files (x86)\Adobe\backup.exe
  "C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\
  2⤵
  PID:892
- - C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\
    3⤵
    PID:2932
  - - C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe
      "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\
      4⤵
      PID:2696
    - - C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe
        
        "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\
        5⤵
        
        PID:2664
      - C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe
        
        "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\
        6⤵
        
        PID:2868
    - - C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe
        
        "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\
        5⤵
        
        PID:2304
    - - C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe
        
        "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\
        5⤵
        
        PID:616
      - C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\data.exe
        
        "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\data.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\
        6⤵
        
        PID:1412
      - C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\backup.exe
        
        "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\
        6⤵
        
        PID:1312
        
        C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\backup.exe
        
        "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\
        7⤵
        
        PID:1588
        
        C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\backup.exe
        
        "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\
        8⤵
        
        PID:3056
    - - C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe
        
        "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\
        5⤵
        
        PID:2728
      - C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\backup.exe
        
        "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\
        6⤵
        
        PID:1788
    - - C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\data.exe
        
        "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\data.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\
        5⤵
        Modifies visibility of file extensions in Explorer
        Disables RegEdit via registry modification
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        System policy modification
        
        PID:2624
  - - C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe
      "C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\
      4⤵
      PID:2816
    - - C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe
        
        "C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\
        5⤵
        
        PID:2928
- C:\Program Files (x86)\Common Files\backup.exe
  "C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\
  2⤵
  PID:2128
- - C:\Program Files (x86)\Common Files\Adobe\backup.exe
    "C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\
    3⤵
    PID:2724
  - - C:\Program Files (x86)\Common Files\Adobe\Acrobat\update.exe
      "C:\Program Files (x86)\Common Files\Adobe\Acrobat\update.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\
      4⤵
      PID:2996
  - - C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe
      "C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\
      4⤵
      PID:1704
    - - C:\Program Files (x86)\Common Files\Adobe\Help\en_US\backup.exe
        
        "C:\Program Files (x86)\Common Files\Adobe\Help\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\
        5⤵
        
        PID:2404
      - C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\backup.exe
        
        "C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\
        6⤵
        
        PID:1344
        
        C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\backup.exe
        
        "C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\
        7⤵
        
        PID:2848
  - - C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe
      "C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Updater6\
      4⤵
      PID:2668
- - C:\Program Files (x86)\Common Files\microsoft shared\backup.exe
    "C:\Program Files (x86)\Common Files\microsoft shared\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\
    3⤵
    PID:1984
  - - C:\Program Files (x86)\Common Files\microsoft shared\DW\backup.exe
      "C:\Program Files (x86)\Common Files\microsoft shared\DW\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\DW\
      4⤵
      PID:2992
  - - C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\backup.exe
      "C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\
      4⤵
      PID:1612
    - - C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\1033\backup.exe
        
        "C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\1033\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\1033\
        5⤵
        
        PID:2320
  - - C:\Program Files (x86)\Common Files\microsoft shared\EURO\backup.exe
      "C:\Program Files (x86)\Common Files\microsoft shared\EURO\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\EURO\
      4⤵
      PID:628
  - - C:\Program Files (x86)\Common Files\microsoft shared\Filters\backup.exe
      "C:\Program Files (x86)\Common Files\microsoft shared\Filters\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Filters\
      4⤵
      PID:3036
  - - C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\backup.exe
      "C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\
      4⤵
      PID:2304
  - - C:\Program Files (x86)\Common Files\microsoft shared\Help\backup.exe
      "C:\Program Files (x86)\Common Files\microsoft shared\Help\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\
      4⤵
      PID:1644
  - - C:\Program Files (x86)\Common Files\microsoft shared\ink\backup.exe
      "C:\Program Files (x86)\Common Files\microsoft shared\ink\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\
      4⤵
      PID:2736
  - - C:\Program Files (x86)\Common Files\microsoft shared\MSClientDataMgr\backup.exe
      "C:\Program Files (x86)\Common Files\microsoft shared\MSClientDataMgr\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSClientDataMgr\
      4⤵
      PID:1292
  - - C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\backup.exe
      "C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\
      4⤵
      PID:1400
  - - C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\backup.exe
      "C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\
      4⤵
      PID:536
  - - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\backup.exe
      "C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\
      4⤵
      PID:3048
- - C:\Program Files (x86)\Common Files\DESIGNER\backup.exe
    "C:\Program Files (x86)\Common Files\DESIGNER\backup.exe" C:\Program Files (x86)\Common Files\DESIGNER\
    3⤵
    PID:2876
- - C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe
    "C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\
    3⤵
    PID:1208
- - C:\Program Files (x86)\Common Files\Services\backup.exe
    "C:\Program Files (x86)\Common Files\Services\backup.exe" C:\Program Files (x86)\Common Files\Services\
    3⤵
    PID:868
- - C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe
    "C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe" C:\Program Files (x86)\Common Files\SpeechEngines\
    3⤵
    PID:1812
- - C:\Program Files (x86)\Common Files\System\backup.exe
    "C:\Program Files (x86)\Common Files\System\backup.exe" C:\Program Files (x86)\Common Files\System\
    3⤵
    PID:2236
- C:\Program Files (x86)\Google\backup.exe
  "C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\
  2⤵
  PID:3024
- - C:\Program Files (x86)\Google\CrashReports\backup.exe
    "C:\Program Files (x86)\Google\CrashReports\backup.exe" C:\Program Files (x86)\Google\CrashReports\
    3⤵
    PID:2896
- - C:\Program Files (x86)\Google\Temp\backup.exe
    "C:\Program Files (x86)\Google\Temp\backup.exe" C:\Program Files (x86)\Google\Temp\
    3⤵
    PID:1804
- - C:\Program Files (x86)\Google\Update\backup.exe
    "C:\Program Files (x86)\Google\Update\backup.exe" C:\Program Files (x86)\Google\Update\
    3⤵
    PID:2972
  - - C:\Program Files (x86)\Google\Update\1.3.36.151\backup.exe
      "C:\Program Files (x86)\Google\Update\1.3.36.151\backup.exe" C:\Program Files (x86)\Google\Update\1.3.36.151\
      4⤵
      PID:1012
  - - C:\Program Files (x86)\Google\Update\Download\backup.exe
      "C:\Program Files (x86)\Google\Update\Download\backup.exe" C:\Program Files (x86)\Google\Update\Download\
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:1692
  - - C:\Program Files (x86)\Google\Update\Install\backup.exe
      "C:\Program Files (x86)\Google\Update\Install\backup.exe" C:\Program Files (x86)\Google\Update\Install\
      4⤵
      PID:2700
  - - C:\Program Files (x86)\Google\Update\Offline\backup.exe
      "C:\Program Files (x86)\Google\Update\Offline\backup.exe" C:\Program Files (x86)\Google\Update\Offline\
      4⤵
      PID:1728
- C:\Program Files (x86)\Internet Explorer\backup.exe
  "C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft Analysis Services\backup.exe
  "C:\Program Files (x86)\Microsoft Analysis Services\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft Office\backup.exe
  "C:\Program Files (x86)\Microsoft Office\backup.exe" C:\Program Files (x86)\Microsoft Office\
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe
  "C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe" C:\Program Files (x86)\Microsoft SQL Server Compact Edition\
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft Sync Framework\backup.exe
  "C:\Program Files (x86)\Microsoft Sync Framework\backup.exe" C:\Program Files (x86)\Microsoft Sync Framework\
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft Synchronization Services\backup.exe
  "C:\Program Files (x86)\Microsoft Synchronization Services\backup.exe" C:\Program Files (x86)\Microsoft Synchronization Services\
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft Visual Studio 8\backup.exe
  "C:\Program Files (x86)\Microsoft Visual Studio 8\backup.exe" C:\Program Files (x86)\Microsoft Visual Studio 8\
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft.NET\backup.exe
  "C:\Program Files (x86)\Microsoft.NET\backup.exe" C:\Program Files (x86)\Microsoft.NET\
  2⤵
  PID:2876
- C:\Program Files (x86)\Mozilla Maintenance Service\backup.exe
  "C:\Program Files (x86)\Mozilla Maintenance Service\backup.exe" C:\Program Files (x86)\Mozilla Maintenance Service\
  2⤵
  PID:880

C:\Program Files\Google\backup.exe
"C:\Program Files\Google\backup.exe" C:\Program Files\Google\
1⤵
PID:1628
- C:\Program Files\Google\Chrome\backup.exe
  "C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\
  2⤵
  PID:2760
- - C:\Program Files\Google\Chrome\Application\backup.exe
    "C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\
    3⤵
    PID:1776
  - - C:\Program Files\Google\Chrome\Application\106.0.5249.119\backup.exe
      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\
      4⤵
      PID:2732
    - - C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\backup.exe
        
        "C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\
        5⤵
        
        PID:2656
    - - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\update.exe
        
        "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\update.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\
        5⤵
        
        PID:3060
    - - C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\backup.exe
        
        "C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\
        5⤵
        
        PID:584
    - - C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\backup.exe
        
        "C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\
        5⤵
        
        PID:1988
    - - C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\update.exe
        
        "C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\update.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\
        5⤵
        
        PID:2284
    - - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\update.exe
        
        "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\update.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\
        5⤵
        
        PID:2704
    - - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\backup.exe
        
        "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\
        5⤵
        
        PID:948
      - C:\Program Files\Common Files\Microsoft Shared\backup.exe
        
        "C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\
        6⤵
        
        PID:1272
  - - C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe
      "C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\
      4⤵
      PID:2224

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\System Restore.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\
1⤵
PID:1724
- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe
  "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\
  2⤵
  PID:2668
- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe
  "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\
  2⤵
  PID:2524
- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\data.exe
  "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\data.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\
  2⤵
  PID:2268
- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe
  "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\
  2⤵
  PID:1616
- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe
  "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\
  2⤵
  PID:2236
- - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\
    3⤵
    PID:1740
- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe
  "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\
  2⤵
  PID:808
- - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\
    3⤵
    PID:868
  - - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe
      "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\
      4⤵
      PID:2020
- - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\
    3⤵
    PID:748
- - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\
    3⤵
    PID:2416
- - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\update.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\
    3⤵
    PID:3040
  - - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\backup.exe
      "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\
      4⤵
      PID:2844
- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe
  "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\
  2⤵
  PID:852
- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe
  "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\
  2⤵
  PID:2100
- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe
  "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\
  2⤵
  - Modifies visibility of file extensions in Explorer
  - Disables RegEdit via registry modification
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - System policy modification
  PID:1640
- - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\backup.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\
    3⤵
    PID:2736
- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe
  "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\
  2⤵
  PID:2912
- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe
  "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\
  2⤵
  PID:776

C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\
1⤵
PID:2356

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\
1⤵
PID:2872

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\
1⤵
PID:2964

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\backup.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\
1⤵
PID:2008

C:\Program Files\Internet Explorer\backup.exe
"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\
1⤵
PID:1668
- C:\Program Files\Internet Explorer\fr-FR\backup.exe
  "C:\Program Files\Internet Explorer\fr-FR\backup.exe" C:\Program Files\Internet Explorer\fr-FR\
  2⤵
  PID:1328
- C:\Program Files\Internet Explorer\images\backup.exe
  "C:\Program Files\Internet Explorer\images\backup.exe" C:\Program Files\Internet Explorer\images\
  2⤵
  PID:2776
- C:\Program Files\Internet Explorer\ja-JP\backup.exe
  "C:\Program Files\Internet Explorer\ja-JP\backup.exe" C:\Program Files\Internet Explorer\ja-JP\
  2⤵
  PID:1164
- C:\Program Files\Internet Explorer\SIGNUP\backup.exe
  "C:\Program Files\Internet Explorer\SIGNUP\backup.exe" C:\Program Files\Internet Explorer\SIGNUP\
  2⤵
  PID:2332
- C:\Program Files\Internet Explorer\it-IT\backup.exe
  "C:\Program Files\Internet Explorer\it-IT\backup.exe" C:\Program Files\Internet Explorer\it-IT\
  2⤵
  PID:864

C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VGX\
1⤵
PID:1652

C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VC\
1⤵
PID:848

C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\
1⤵
PID:2196

C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\
1⤵
PID:1972

C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\
1⤵
PID:2956

C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\
1⤵
PID:1340

C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\
1⤵
PID:1516

C:\Program Files\Common Files\backup.exe
"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\
1⤵
PID:948

C:\Program Files\7-Zip\System Restore.exe
"C:\Program Files\7-Zip\System Restore.exe" C:\Program Files\7-Zip\
1⤵
PID:1288

C:\Program Files\backup.exe
"C:\Program Files\backup.exe" C:\Program Files\
1⤵
PID:2540
- C:\Program Files\Java\backup.exe
  "C:\Program Files\Java\backup.exe" C:\Program Files\Java\
  2⤵
  PID:2316
- - C:\Program Files\Java\jdk1.7.0_80\backup.exe
    "C:\Program Files\Java\jdk1.7.0_80\backup.exe" C:\Program Files\Java\jdk1.7.0_80\
    3⤵
    PID:2888
  - - C:\Program Files\Java\jdk1.7.0_80\bin\backup.exe
      "C:\Program Files\Java\jdk1.7.0_80\bin\backup.exe" C:\Program Files\Java\jdk1.7.0_80\bin\
      4⤵
      PID:2500
  - - C:\Program Files\Java\jdk1.7.0_80\db\backup.exe
      "C:\Program Files\Java\jdk1.7.0_80\db\backup.exe" C:\Program Files\Java\jdk1.7.0_80\db\
      4⤵
      PID:1700
    - - C:\Program Files\Java\jdk1.7.0_80\db\bin\backup.exe
        
        "C:\Program Files\Java\jdk1.7.0_80\db\bin\backup.exe" C:\Program Files\Java\jdk1.7.0_80\db\bin\
        5⤵
        
        PID:2368
    - - C:\Program Files\Java\jdk1.7.0_80\db\lib\data.exe
        
        "C:\Program Files\Java\jdk1.7.0_80\db\lib\data.exe" C:\Program Files\Java\jdk1.7.0_80\db\lib\
        5⤵
        
        PID:2640
  - - C:\Program Files\Java\jdk1.7.0_80\include\backup.exe
      "C:\Program Files\Java\jdk1.7.0_80\include\backup.exe" C:\Program Files\Java\jdk1.7.0_80\include\
      4⤵
      PID:2232
    - - C:\Program Files\Java\jdk1.7.0_80\include\win32\backup.exe
        
        "C:\Program Files\Java\jdk1.7.0_80\include\win32\backup.exe" C:\Program Files\Java\jdk1.7.0_80\include\win32\
        5⤵
        
        PID:2952
      - C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\backup.exe
        
        "C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\backup.exe" C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\
        6⤵
        
        PID:2112
  - - C:\Program Files\Java\jdk1.7.0_80\jre\backup.exe
      "C:\Program Files\Java\jdk1.7.0_80\jre\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\
      4⤵
      PID:2688
  - - C:\Program Files\Java\jdk1.7.0_80\lib\backup.exe
      "C:\Program Files\Java\jdk1.7.0_80\lib\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\
      4⤵
      PID:1124
    - - C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\backup.exe
        
        "C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\
        5⤵
        
        PID:1364
      - C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\update.exe
        
        "C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\update.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\
        6⤵
        
        PID:1944
        
        C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\backup.exe
        
        "C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\
        7⤵
        
        PID:2992
        
        C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\backup.exe
        
        "C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\
        7⤵
        
        PID:1968
      - C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\backup.exe
        
        "C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\
        6⤵
        
        PID:1756
      - C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\backup.exe
        
        "C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\
        6⤵
        
        PID:1848
      - C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\backup.exe
        
        "C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\
        6⤵
        
        PID:2008
      - C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\backup.exe
        
        "C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\
        6⤵
        
        PID:1092
    - - C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\backup.exe
        
        "C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\
        5⤵
        
        PID:344
      - C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\backup.exe
        
        "C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\
        6⤵
        
        PID:1576
      - C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\backup.exe
        
        "C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\
        6⤵
        
        PID:2052
      - C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\backup.exe
        
        "C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\
        6⤵
        
        PID:2316
- - C:\Program Files\Java\jre7\backup.exe
    "C:\Program Files\Java\jre7\backup.exe" C:\Program Files\Java\jre7\
    3⤵
    PID:2548
  - - C:\Program Files\Java\jre7\bin\backup.exe
      "C:\Program Files\Java\jre7\bin\backup.exe" C:\Program Files\Java\jre7\bin\
      4⤵
      PID:2000
    - - C:\Program Files\Java\jre7\bin\dtplugin\backup.exe
        
        "C:\Program Files\Java\jre7\bin\dtplugin\backup.exe" C:\Program Files\Java\jre7\bin\dtplugin\
        5⤵
        
        PID:2560
    - - C:\Program Files\Java\jre7\bin\plugin2\backup.exe
        
        "C:\Program Files\Java\jre7\bin\plugin2\backup.exe" C:\Program Files\Java\jre7\bin\plugin2\
        5⤵
        
        PID:2880
    - - C:\Program Files\Java\jre7\bin\server\backup.exe
        
        "C:\Program Files\Java\jre7\bin\server\backup.exe" C:\Program Files\Java\jre7\bin\server\
        5⤵
        
        PID:964
  - - C:\Program Files\Java\jre7\lib\backup.exe
      "C:\Program Files\Java\jre7\lib\backup.exe" C:\Program Files\Java\jre7\lib\
      4⤵
      PID:2804
- C:\Program Files\Microsoft Games\backup.exe
  "C:\Program Files\Microsoft Games\backup.exe" C:\Program Files\Microsoft Games\
  2⤵
  PID:2820
- - C:\Program Files\Microsoft Games\Chess\backup.exe
    "C:\Program Files\Microsoft Games\Chess\backup.exe" C:\Program Files\Microsoft Games\Chess\
    3⤵
    PID:2072
  - - C:\Program Files\Microsoft Games\Chess\de-DE\backup.exe
      "C:\Program Files\Microsoft Games\Chess\de-DE\backup.exe" C:\Program Files\Microsoft Games\Chess\de-DE\
      4⤵
      PID:2552
  - - C:\Program Files\Microsoft Games\Chess\en-US\backup.exe
      "C:\Program Files\Microsoft Games\Chess\en-US\backup.exe" C:\Program Files\Microsoft Games\Chess\en-US\
      4⤵
      PID:2876
  - - C:\Program Files\Microsoft Games\Chess\es-ES\backup.exe
      "C:\Program Files\Microsoft Games\Chess\es-ES\backup.exe" C:\Program Files\Microsoft Games\Chess\es-ES\
      4⤵
      PID:2764
  - - C:\Program Files\Microsoft Games\Chess\fr-FR\backup.exe
      "C:\Program Files\Microsoft Games\Chess\fr-FR\backup.exe" C:\Program Files\Microsoft Games\Chess\fr-FR\
      4⤵
      PID:1768
  - - C:\Program Files\Microsoft Games\Chess\it-IT\backup.exe
      "C:\Program Files\Microsoft Games\Chess\it-IT\backup.exe" C:\Program Files\Microsoft Games\Chess\it-IT\
      4⤵
      PID:1164
  - - C:\Program Files\Microsoft Games\Chess\ja-JP\backup.exe
      "C:\Program Files\Microsoft Games\Chess\ja-JP\backup.exe" C:\Program Files\Microsoft Games\Chess\ja-JP\
      4⤵
      PID:2364
- - C:\Program Files\Microsoft Games\FreeCell\backup.exe
    "C:\Program Files\Microsoft Games\FreeCell\backup.exe" C:\Program Files\Microsoft Games\FreeCell\
    3⤵
    PID:2132
- - C:\Program Files\Microsoft Games\Hearts\backup.exe
    "C:\Program Files\Microsoft Games\Hearts\backup.exe" C:\Program Files\Microsoft Games\Hearts\
    3⤵
    PID:1620
- - C:\Program Files\Microsoft Games\Mahjong\backup.exe
    "C:\Program Files\Microsoft Games\Mahjong\backup.exe" C:\Program Files\Microsoft Games\Mahjong\
    3⤵
    PID:2012
- - C:\Program Files\Microsoft Games\Minesweeper\backup.exe
    "C:\Program Files\Microsoft Games\Minesweeper\backup.exe" C:\Program Files\Microsoft Games\Minesweeper\
    3⤵
    PID:2096
- - C:\Program Files\Microsoft Games\More Games\backup.exe
    "C:\Program Files\Microsoft Games\More Games\backup.exe" C:\Program Files\Microsoft Games\More Games\
    3⤵
    PID:2272
- - C:\Program Files\Microsoft Games\Multiplayer\backup.exe
    "C:\Program Files\Microsoft Games\Multiplayer\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\
    3⤵
    PID:388
- - C:\Program Files\Microsoft Games\Purble Place\backup.exe
    "C:\Program Files\Microsoft Games\Purble Place\backup.exe" C:\Program Files\Microsoft Games\Purble Place\
    3⤵
    PID:1356
- - C:\Program Files\Microsoft Games\Solitaire\backup.exe
    "C:\Program Files\Microsoft Games\Solitaire\backup.exe" C:\Program Files\Microsoft Games\Solitaire\
    3⤵
    PID:3040
- C:\Program Files\Microsoft Office\backup.exe
  "C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\
  2⤵
  PID:2592
- - C:\Program Files\Microsoft Office\Office14\backup.exe
    "C:\Program Files\Microsoft Office\Office14\backup.exe" C:\Program Files\Microsoft Office\Office14\
    3⤵
    PID:1616
- C:\Program Files\Mozilla Firefox\backup.exe
  "C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\
  2⤵
  PID:2596
- C:\Program Files\MSBuild\backup.exe
  "C:\Program Files\MSBuild\backup.exe" C:\Program Files\MSBuild\
  2⤵
  PID:1536
- C:\Program Files\Reference Assemblies\backup.exe
  "C:\Program Files\Reference Assemblies\backup.exe" C:\Program Files\Reference Assemblies\
  2⤵
  PID:2756
- C:\Program Files\VideoLAN\backup.exe
  "C:\Program Files\VideoLAN\backup.exe" C:\Program Files\VideoLAN\
  2⤵
  PID:2680
- C:\Program Files\Windows Defender\backup.exe
  "C:\Program Files\Windows Defender\backup.exe" C:\Program Files\Windows Defender\
  2⤵
  PID:1736
- C:\Program Files\Windows Journal\backup.exe
  "C:\Program Files\Windows Journal\backup.exe" C:\Program Files\Windows Journal\
  2⤵
  PID:2152
- C:\Program Files\Windows Mail\backup.exe
  "C:\Program Files\Windows Mail\backup.exe" C:\Program Files\Windows Mail\
  2⤵
  PID:3020
- C:\Program Files\Windows Media Player\backup.exe
  "C:\Program Files\Windows Media Player\backup.exe" C:\Program Files\Windows Media Player\
  2⤵
  PID:2664

C:\PerfLogs\System Restore.exe
"C:\PerfLogs\System Restore.exe" C:\PerfLogs\
1⤵
PID:2228

C:\backup.exe
\backup.exe \
1⤵
PID:2660
- C:\Users\backup.exe
  C:\Users\backup.exe C:\Users\
  2⤵
  PID:1620
- - C:\Users\Admin\backup.exe
    C:\Users\Admin\backup.exe C:\Users\Admin\
    3⤵
    PID:2700
  - - C:\Users\Admin\Contacts\backup.exe
      C:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\
      4⤵
      PID:1496
  - - C:\Users\Admin\Desktop\backup.exe
      C:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\
      4⤵
      PID:1848
  - - C:\Users\Admin\Downloads\backup.exe
      C:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\
      4⤵
      PID:388
  - - C:\Users\Admin\Favorites\backup.exe
      C:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\
      4⤵
      PID:2380
  - - C:\Users\Admin\Links\backup.exe
      C:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\
      4⤵
      PID:2420
  - - C:\Users\Admin\Music\backup.exe
      C:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\
      4⤵
      PID:2020
  - - C:\Users\Admin\Pictures\backup.exe
      C:\Users\Admin\Pictures\backup.exe C:\Users\Admin\Pictures\
      4⤵
      PID:2992
  - - C:\Users\Admin\Saved Games\backup.exe
      "C:\Users\Admin\Saved Games\backup.exe" C:\Users\Admin\Saved Games\
      4⤵
      PID:1544
  - - C:\Users\Admin\Searches\backup.exe
      C:\Users\Admin\Searches\backup.exe C:\Users\Admin\Searches\
      4⤵
      PID:2364
  - - C:\Users\Admin\Videos\backup.exe
      C:\Users\Admin\Videos\backup.exe C:\Users\Admin\Videos\
      4⤵
      PID:2752
  - - C:\Users\Admin\Documents\data.exe
      C:\Users\Admin\Documents\data.exe C:\Users\Admin\Documents\
      4⤵
      PID:2916
- - C:\Users\Public\backup.exe
    C:\Users\Public\backup.exe C:\Users\Public\
    3⤵
    PID:3028
  - - C:\Users\Public\Documents\backup.exe
      C:\Users\Public\Documents\backup.exe C:\Users\Public\Documents\
      4⤵
      PID:2676
  - - C:\Users\Public\Downloads\backup.exe
      C:\Users\Public\Downloads\backup.exe C:\Users\Public\Downloads\
      4⤵
      PID:488
  - - C:\Users\Public\Music\backup.exe
      C:\Users\Public\Music\backup.exe C:\Users\Public\Music\
      4⤵
      PID:1064
    - - C:\Users\Public\Music\Sample Music\backup.exe
        
        "C:\Users\Public\Music\Sample Music\backup.exe" C:\Users\Public\Music\Sample Music\
        5⤵
        
        PID:1724
  - - C:\Users\Public\Pictures\backup.exe
      C:\Users\Public\Pictures\backup.exe C:\Users\Public\Pictures\
      4⤵
      PID:868
    - - C:\Users\Public\Pictures\Sample Pictures\backup.exe
        
        "C:\Users\Public\Pictures\Sample Pictures\backup.exe" C:\Users\Public\Pictures\Sample Pictures\
        5⤵
        
        PID:1576
  - - C:\Users\Public\Recorded TV\backup.exe
      "C:\Users\Public\Recorded TV\backup.exe" C:\Users\Public\Recorded TV\
      4⤵
      PID:536
    - - C:\Users\Public\Recorded TV\Sample Media\backup.exe
        
        "C:\Users\Public\Recorded TV\Sample Media\backup.exe" C:\Users\Public\Recorded TV\Sample Media\
        5⤵
        
        PID:1328
  - - C:\Users\Public\Videos\backup.exe
      C:\Users\Public\Videos\backup.exe C:\Users\Public\Videos\
      4⤵
      PID:2608
    - - C:\Users\Public\Videos\Sample Videos\backup.exe
        
        "C:\Users\Public\Videos\Sample Videos\backup.exe" C:\Users\Public\Videos\Sample Videos\
        5⤵
        
        PID:2268
- C:\Windows\backup.exe
  C:\Windows\backup.exe C:\Windows\
  2⤵
  - Modifies visibility of file extensions in Explorer
  - Disables RegEdit via registry modification
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - System policy modification
  PID:3056
- - C:\Windows\addins\backup.exe
    C:\Windows\addins\backup.exe C:\Windows\addins\
    3⤵
    PID:2856
- - C:\Windows\AppCompat\backup.exe
    C:\Windows\AppCompat\backup.exe C:\Windows\AppCompat\
    3⤵
    PID:1500
- - C:\Windows\AppPatch\backup.exe
    C:\Windows\AppPatch\backup.exe C:\Windows\AppPatch\
    3⤵
    PID:2500
  - - C:\Windows\AppPatch\AppPatch64\update.exe
      C:\Windows\AppPatch\AppPatch64\update.exe C:\Windows\AppPatch\AppPatch64\
      4⤵
      PID:2480
  - - C:\Windows\AppPatch\Custom\backup.exe
      C:\Windows\AppPatch\Custom\backup.exe C:\Windows\AppPatch\Custom\
      4⤵
      PID:1700
  - - C:\Windows\AppPatch\de-DE\backup.exe
      C:\Windows\AppPatch\de-DE\backup.exe C:\Windows\AppPatch\de-DE\
      4⤵
      PID:2228
  - - C:\Windows\AppPatch\en-US\backup.exe
      C:\Windows\AppPatch\en-US\backup.exe C:\Windows\AppPatch\en-US\
      4⤵
      PID:2960
  - - C:\Windows\AppPatch\es-ES\backup.exe
      C:\Windows\AppPatch\es-ES\backup.exe C:\Windows\AppPatch\es-ES\
      4⤵
      PID:2324
  - - C:\Windows\AppPatch\fr-FR\backup.exe
      C:\Windows\AppPatch\fr-FR\backup.exe C:\Windows\AppPatch\fr-FR\
      4⤵
      PID:2404
  - - C:\Windows\AppPatch\it-IT\backup.exe
      C:\Windows\AppPatch\it-IT\backup.exe C:\Windows\AppPatch\it-IT\
      4⤵
      PID:1820
  - - C:\Windows\AppPatch\ja-JP\backup.exe
      C:\Windows\AppPatch\ja-JP\backup.exe C:\Windows\AppPatch\ja-JP\
      4⤵
      PID:2200
- - C:\Windows\assembly\backup.exe
    C:\Windows\assembly\backup.exe C:\Windows\assembly\
    3⤵
    PID:2800
- - C:\Windows\Branding\backup.exe
    C:\Windows\Branding\backup.exe C:\Windows\Branding\
    3⤵
    PID:3016
- - C:\Windows\CSC\backup.exe
    C:\Windows\CSC\backup.exe C:\Windows\CSC\
    3⤵
    PID:2560
- - C:\Windows\Cursors\backup.exe
    C:\Windows\Cursors\backup.exe C:\Windows\Cursors\
    3⤵
    PID:2208
- - C:\Windows\debug\backup.exe
    C:\Windows\debug\backup.exe C:\Windows\debug\
    3⤵
    PID:760
- - C:\Windows\de-DE\backup.exe
    C:\Windows\de-DE\backup.exe C:\Windows\de-DE\
    3⤵
    PID:556
- - C:\Windows\DigitalLocker\System Restore.exe
    "C:\Windows\DigitalLocker\System Restore.exe" C:\Windows\DigitalLocker\
    3⤵
    PID:2600
- - C:\Windows\Downloaded Program Files\backup.exe
    "C:\Windows\Downloaded Program Files\backup.exe" C:\Windows\Downloaded Program Files\
    3⤵
    PID:2148

C:\Program Files (x86)\Common Files\Adobe AIR\Versions\backup.exe
"C:\Program Files (x86)\Common Files\Adobe AIR\Versions\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\Versions\
1⤵
PID:2560
- C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\backup.exe
  "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\
  2⤵
  PID:324

C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\
1⤵
PID:1832

C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\
1⤵
PID:1988

C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\
1⤵
PID:556

C:\Program Files\Java\jdk1.7.0_80\jre\lib\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\jre\lib\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\
1⤵
PID:1048
- C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\System Restore.exe
  "C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\System Restore.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\
  2⤵
  PID:3036
- C:\Program Files\Java\jdk1.7.0_80\jre\lib\applet\backup.exe
  "C:\Program Files\Java\jdk1.7.0_80\jre\lib\applet\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\applet\
  2⤵
  PID:1516
- C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\backup.exe
  "C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\
  2⤵
  PID:2284
- C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\backup.exe
  "C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\
  2⤵
  PID:1152
- C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\backup.exe
  "C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\
  2⤵
  PID:756
- C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\backup.exe
  "C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\
  2⤵
  PID:932
- C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\backup.exe
  "C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\
  2⤵
  PID:2944
- - C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\backup.exe
    "C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\
    3⤵
    PID:2120
- C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\backup.exe
  "C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\
  2⤵
  PID:1828
- C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\data.exe
  "C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\data.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2860
- C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\data.exe
  "C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\data.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\
  2⤵
  PID:2924
- C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\backup.exe
  "C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\
  2⤵
  PID:1824

C:\Program Files\Java\jdk1.7.0_80\jre\bin\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\jre\bin\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\bin\
1⤵
PID:2012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Common Files\Microsoft Shared\backup.exe

Filesize
72KB

MD5
d3f78b6284b3958b50fce1ffa650f153

SHA1
a0171930c09ef4222a15409994c5bc98ff36078e

SHA256
5fab66f7f0b14d48368a25ad0f9a60b7941be45a8a32a4176d0c9bfdea2311c0

SHA512
4bfacb045b039bec6fa973e6dfe356b5c4164575c327de93ddced9763467fc8e527f762210c9f9811a31a7b0fce0a2360837d0ef72af63e947fc0ff531c09a4d

Download Submit
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe

Filesize
72KB

MD5
1d023074c6ad03d7b8072ff1f6c34528

SHA1
2a08bf3b03a7d840ed2b7e1e18f676bb911980f9

SHA256
4df0ebeaafd5853e19783971909bcc329973caa2c6d448df7a75cd4c9eab0bd9

SHA512
d3d87f52d86a63c468b4319a58004b337e2d50733212452dc1408e27e78f1b8da7eabe0de792ec2adb892da336e27f066a35bf4369dd9ff2ee291a7ca8297ed1

Download Submit
C:\Program Files\Common Files\backup.exe

Filesize
72KB

MD5
2bc2ef31b90b920eaba510432469c36c

SHA1
56cb39921a9ab41794cffbae90639c8dc8b5667f

SHA256
8d7717d3f7b06101ab2c657f5061ed1c86d6438dad23ee21ad889ad9c52bc841

SHA512
147d31b81b4df2894772cc70118563f710e4ec1ca88994809f6a927a620d7b553026cbc2645c5ebb9e50738f591add799187dd243d6c7a06430f964977798ff6

Download Submit
C:\Program Files\backup.exe

Filesize
72KB

MD5
fe13cb91da68133c4498c7aee1cfd063

SHA1
dd34b071954e275843d4fe5da28bd54d1f8b8aab

SHA256
e27a93968b22a6d57246bb0c73ea5ed52b3a048a988bb443dfae49b76da1920f

SHA512
5046eb9ede02e6dea0f3d20dfe17bdec6bd09b27d7143820e732abe63ceb35161c28d3b8471b897c603b76e8cb0bb47183ca0ef527a29e238383d351d39db284

Download Submit
C:\Users\Admin\AppData\Local\Temp\3525688609\backup.exe

Filesize
72KB

MD5
116d74f57e642152701bac9196bf6e80

SHA1
1992ca51da6160a2ef1dc172ea1c9abaf0ae44e6

SHA256
f740cb2f63e90c1f69aa08d47fae179036750afb7b86ce3fa22ee331d04e04d0

SHA512
d411450d3221aaa054985320d175b881969b3f44cc1eea1e6240a53dba281597df998a20fe46ee0f85feca886ff4bb4ab05bac76351185cf7edf9a08c0ebcf97

Download Submit
C:\Users\Admin\AppData\Local\Temp\Low\backup.exe

Filesize
72KB

MD5
5d078d566849d216a89aef7296d9903e

SHA1
2d08fa0a4fd57108933c2c3bab58aaca8e202263

SHA256
9808049d86380076f8a3aee5a4e5e58ea5517965454aeca0a56eb4266500b8d4

SHA512
44ec906c1d365efabea43e17f9f694e94a837c4d165f92975df2d812856a13422b828e738bcc39b605d9c6ce1ccf84663951135a8f059f447074a167648f6a70

Download Submit
C:\Users\Admin\AppData\Local\Temp\temp.zip

Filesize
22B

MD5
76cdb2bad9582d23c1f6f4d868218d6c

SHA1
b04f3ee8f5e43fa3b162981b50bb72fe1acabb33

SHA256
8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85

SHA512
5e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f

Download Submit
\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe

Filesize
72KB

MD5
3f2412939ce88dd0b29f2ef182f4b5dd

SHA1
fd3269eec998d4d79973c22dac18a55b2c01feb0

SHA256
c069d88f3c2e7919443310eed4573b10dbf08df0adfbfedf7b3b8463dbef8fce

SHA512
c6b1b004cf0779638ed916b0711b4cdf3f9a64fcc6f5524815a813ba0087bbd536c7a8f51b664dfb9cd435c457bfee8d58715b7d8bf6ee93e1196f2fb6aa834a

Download Submit
memory/1692-122-0x0000000003570000-0x0000000003571000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads