1edc85c5b13fc51268ff45b62c03a2aa539799500dfef62edfe13353f96b1403

Analysis

max time kernel
0s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 22:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

51c389a4e213e4e2512227145415f44a.exe
Size

40KB
MD5

51c389a4e213e4e2512227145415f44a
SHA1

eebc4552594545e70db2c749fa1ebdd3f5dbec19
SHA256

1edc85c5b13fc51268ff45b62c03a2aa539799500dfef62edfe13353f96b1403
SHA512

3c5b7e20665746303f9ec7cbee38b3e4c62ed1009120e8322b879d4d8bf91311ec813549c13777aef090bbbb278bdc782261e39a0c18c41bae06a292b05c5c3b
SSDEEP

384:kqnuO1JCHYdHz4XpfHEI6/dDEPjaVC6fMbUyFm0tyXLBI89wvuAv1mwnA3Z3BXRt:kqnum1F6/789ujYTyLylze70wi3BEmes

Score

10^/10

evasion upx

Malware Config

Signatures

Modifies visibility of file extensions in Explorer 2 TTPs 3 IoCs

evasion

Hidden Files and Directories

T1564.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	backup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	51c389a4e213e4e2512227145415f44a.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	backup.exe

Executes dropped EXE 3 IoCs

pid	Process
1704	backup.exe
1996	backup.exe
2604	backup.exe

Loads dropped DLL 8 IoCs

pid	Process
2188	51c389a4e213e4e2512227145415f44a.exe
2188	51c389a4e213e4e2512227145415f44a.exe
2188	51c389a4e213e4e2512227145415f44a.exe
2188	51c389a4e213e4e2512227145415f44a.exe
2188	51c389a4e213e4e2512227145415f44a.exe
2188	51c389a4e213e4e2512227145415f44a.exe
2188	51c389a4e213e4e2512227145415f44a.exe
2188	51c389a4e213e4e2512227145415f44a.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000a000000013a21-5.dat	upx
behavioral1/memory/1996-25-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2484-87-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2188-79-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2620-76-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1700-121-0x0000000000500000-0x000000000051B000-memory.dmp	upx
behavioral1/memory/2100-189-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1700-201-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1196-239-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1052-254-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1728-291-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/548-315-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2580-368-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/580-392-0x00000000002A0000-0x00000000002BB000-memory.dmp	upx
behavioral1/memory/2344-415-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2672-424-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2072-510-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2308-544-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/3004-565-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2268-587-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1880-707-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2440-702-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/3060-696-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/936-686-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1348-678-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2008-670-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1084-662-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/580-647-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1784-638-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2928-603-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2816-596-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2816-594-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1712-578-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1712-576-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/3004-561-0x0000000000020000-0x000000000003B000-memory.dmp	upx
behavioral1/memory/3004-557-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1336-552-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/908-534-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/580-499-0x00000000002A0000-0x00000000002BB000-memory.dmp	upx
behavioral1/memory/1856-491-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/780-482-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1636-460-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1636-458-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1772-450-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2040-439-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1888-432-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2164-423-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2388-407-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2672-403-0x00000000004A0000-0x00000000004BB000-memory.dmp	upx
behavioral1/memory/2672-402-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1332-396-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1332-394-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2484-385-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2484-384-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2496-376-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2788-359-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2928-351-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1916-336-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/1916-335-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/580-334-0x00000000002A0000-0x00000000002BB000-memory.dmp	upx
behavioral1/memory/1604-327-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/548-320-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/880-308-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral1/memory/2840-301-0x0000000000400000-0x000000000041B000-memory.dmp	upx

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2188	51c389a4e213e4e2512227145415f44a.exe
1704	backup.exe
1996	backup.exe
2604	backup.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 1704	2188	51c389a4e213e4e2512227145415f44a.exe	234
PID 2188 wrote to memory of 1704	2188	51c389a4e213e4e2512227145415f44a.exe	234
PID 2188 wrote to memory of 1704	2188	51c389a4e213e4e2512227145415f44a.exe	234
PID 2188 wrote to memory of 1704	2188	51c389a4e213e4e2512227145415f44a.exe	234
PID 2188 wrote to memory of 1996	2188	51c389a4e213e4e2512227145415f44a.exe	232
PID 2188 wrote to memory of 1996	2188	51c389a4e213e4e2512227145415f44a.exe	232
PID 2188 wrote to memory of 1996	2188	51c389a4e213e4e2512227145415f44a.exe	232
PID 2188 wrote to memory of 1996	2188	51c389a4e213e4e2512227145415f44a.exe	232
PID 2188 wrote to memory of 2604	2188	51c389a4e213e4e2512227145415f44a.exe	231
PID 2188 wrote to memory of 2604	2188	51c389a4e213e4e2512227145415f44a.exe	231
PID 2188 wrote to memory of 2604	2188	51c389a4e213e4e2512227145415f44a.exe	231
PID 2188 wrote to memory of 2604	2188	51c389a4e213e4e2512227145415f44a.exe	231

System policy modification 1 TTPs 6 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer	51c389a4e213e4e2512227145415f44a.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1"	51c389a4e213e4e2512227145415f44a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer	backup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1"	backup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer	backup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1"	backup.exe

C:\Users\Admin\AppData\Local\Temp\51c389a4e213e4e2512227145415f44a.exe
"C:\Users\Admin\AppData\Local\Temp\51c389a4e213e4e2512227145415f44a.exe"
1⤵
- Modifies visibility of file extensions in Explorer
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
PID:2188
- C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe
  C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\
  2⤵
  PID:2484
- C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe
  C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\
  2⤵
  PID:2620
- C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe
  "C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\
  2⤵
  PID:2616
- C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe
  "C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\
  2⤵
  PID:2600
- C:\Users\Admin\AppData\Local\Temp\Low\backup.exe
  C:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2604
- C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe
  C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\
  2⤵
  - Modifies visibility of file extensions in Explorer
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - System policy modification
  PID:1996
- C:\Users\Admin\AppData\Local\Temp\1281866025\backup.exe
  C:\Users\Admin\AppData\Local\Temp\1281866025\backup.exe C:\Users\Admin\AppData\Local\Temp\1281866025\
  2⤵
  - Modifies visibility of file extensions in Explorer
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - System policy modification
  PID:1704

C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\
1⤵
PID:1728

C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\data.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\
1⤵
PID:2672
- C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\
  2⤵
  PID:2580
- C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\
  2⤵
  PID:1332
- C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\
  2⤵
  PID:2164
- C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\
  2⤵
  PID:2344
- C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\
  2⤵
  PID:2388
- C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\
  2⤵
  PID:2484
- - C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\
    3⤵
    PID:2468
- C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\
  2⤵
  PID:2496
- C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\
  2⤵
  PID:2788
- C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\update.exe
  "C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\
  2⤵
  PID:2928

C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\
1⤵
PID:1828

C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\
1⤵
PID:1856

C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\
1⤵
PID:3032

C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\
1⤵
PID:2308

C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\
1⤵
PID:2652

C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\
1⤵
PID:1784

C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\
1⤵
PID:1880
- C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\
  2⤵
  PID:936
- C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\update.exe
  "C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\update.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\
  2⤵
  PID:2440
- - C:\Program Files\Common Files\SpeechEngines\Microsoft\update.exe
    "C:\Program Files\Common Files\SpeechEngines\Microsoft\update.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\
    3⤵
    PID:1964
- C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\
  2⤵
  PID:3060
- C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\
  2⤵
  PID:1348
- C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\
  2⤵
  PID:2008
- C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\
  2⤵
  PID:1084

C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\
1⤵
PID:2236

C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\System Restore.exe
"C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\
1⤵
PID:2852

C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\
1⤵
PID:1712
- C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\update.exe
  "C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\update.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\
  2⤵
  PID:2508
- C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\
  2⤵
  PID:2076
- C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\
  2⤵
  PID:3052
- C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\
  2⤵
  PID:2516
- C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\
  2⤵
  PID:2756
- C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\backup.exe
  "C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\
  2⤵
  PID:2648

C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VC\
1⤵
PID:1896

C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VGX\
1⤵
PID:2016

C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\
1⤵
PID:2784

C:\Program Files\Common Files\Services\update.exe
"C:\Program Files\Common Files\Services\update.exe" C:\Program Files\Common Files\Services\
1⤵
PID:2556

C:\Program Files\Common Files\System\ado\en-US\backup.exe
"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\
1⤵
PID:1600

C:\Program Files\Common Files\System\de-DE\backup.exe
"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\
1⤵
PID:1172

C:\Program Files\Common Files\System\ado\ja-JP\backup.exe
"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\
1⤵
PID:2840

C:\Program Files\Common Files\System\en-US\backup.exe
"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\
1⤵
PID:2072

C:\Program Files\Common Files\System\fr-FR\backup.exe
"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\
1⤵
PID:2592

C:\Program Files\Common Files\System\ja-JP\backup.exe
"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\
1⤵
PID:2652

C:\Program Files\Common Files\System\msadc\backup.exe
"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\
1⤵
PID:2896
- C:\Program Files\Common Files\System\msadc\es-ES\backup.exe
  "C:\Program Files\Common Files\System\msadc\es-ES\backup.exe" C:\Program Files\Common Files\System\msadc\es-ES\
  2⤵
  PID:1080
- C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe
  "C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe" C:\Program Files\Common Files\System\msadc\ja-JP\
  2⤵
  PID:2872
- C:\Program Files\Common Files\System\msadc\it-IT\backup.exe
  "C:\Program Files\Common Files\System\msadc\it-IT\backup.exe" C:\Program Files\Common Files\System\msadc\it-IT\
  2⤵
  PID:1676
- C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe
  "C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe" C:\Program Files\Common Files\System\msadc\fr-FR\
  2⤵
  PID:1428
- C:\Program Files\Common Files\System\msadc\en-US\backup.exe
  "C:\Program Files\Common Files\System\msadc\en-US\backup.exe" C:\Program Files\Common Files\System\msadc\en-US\
  2⤵
  PID:2060
- C:\Program Files\Common Files\System\msadc\de-DE\backup.exe
  "C:\Program Files\Common Files\System\msadc\de-DE\backup.exe" C:\Program Files\Common Files\System\msadc\de-DE\
  2⤵
  PID:1660

C:\Program Files\Common Files\System\Ole DB\backup.exe
"C:\Program Files\Common Files\System\Ole DB\backup.exe" C:\Program Files\Common Files\System\Ole DB\
1⤵
PID:2088
- C:\Program Files\Common Files\System\Ole DB\de-DE\backup.exe
  "C:\Program Files\Common Files\System\Ole DB\de-DE\backup.exe" C:\Program Files\Common Files\System\Ole DB\de-DE\
  2⤵
  PID:1628
- C:\Program Files\Common Files\System\Ole DB\es-ES\backup.exe
  "C:\Program Files\Common Files\System\Ole DB\es-ES\backup.exe" C:\Program Files\Common Files\System\Ole DB\es-ES\
  2⤵
  PID:2116
- C:\Program Files\Common Files\System\Ole DB\it-IT\backup.exe
  "C:\Program Files\Common Files\System\Ole DB\it-IT\backup.exe" C:\Program Files\Common Files\System\Ole DB\it-IT\
  2⤵
  PID:2412
- C:\Program Files\Common Files\System\Ole DB\ja-JP\backup.exe
  "C:\Program Files\Common Files\System\Ole DB\ja-JP\backup.exe" C:\Program Files\Common Files\System\Ole DB\ja-JP\
  2⤵
  PID:956
- C:\Program Files\Common Files\System\Ole DB\fr-FR\backup.exe
  "C:\Program Files\Common Files\System\Ole DB\fr-FR\backup.exe" C:\Program Files\Common Files\System\Ole DB\fr-FR\
  2⤵
  PID:640
- C:\Program Files\Common Files\System\Ole DB\en-US\backup.exe
  "C:\Program Files\Common Files\System\Ole DB\en-US\backup.exe" C:\Program Files\Common Files\System\Ole DB\en-US\
  2⤵
  PID:1524

C:\Program Files\DVD Maker\backup.exe
"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\
1⤵
PID:1248
- C:\Program Files\DVD Maker\en-US\backup.exe
  "C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\
  2⤵
  PID:2408
- C:\Program Files\DVD Maker\es-ES\backup.exe
  "C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\
  2⤵
  PID:2936
- C:\Program Files\DVD Maker\fr-FR\backup.exe
  "C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\
  2⤵
  PID:1612
- C:\Program Files\DVD Maker\Shared\backup.exe
  "C:\Program Files\DVD Maker\Shared\backup.exe" C:\Program Files\DVD Maker\Shared\
  2⤵
  PID:2816
- - C:\Program Files\DVD Maker\Shared\DvdStyles\System Restore.exe
    "C:\Program Files\DVD Maker\Shared\DvdStyles\System Restore.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\
    3⤵
    PID:2572
  - - C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe
      "C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\
      4⤵
      PID:2560
  - - C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe
      "C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\
      4⤵
      PID:2468
  - - C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe
      "C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Full\
      4⤵
      PID:2044
  - - C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe
      "C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\
      4⤵
      PID:2052
    - - C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\backup.exe
        
        "C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\
        5⤵
        
        PID:2328
      - C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\backup.exe
        
        "C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\
        6⤵
        
        PID:2092
  - - C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe
      "C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\
      4⤵
      PID:2484
  - - C:\Program Files\DVD Maker\Shared\DvdStyles\Push\backup.exe
      "C:\Program Files\DVD Maker\Shared\DvdStyles\Push\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Push\
      4⤵
      PID:2336
  - - C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\backup.exe
      "C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\
      4⤵
      PID:2668
  - - C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\backup.exe
      "C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\
      4⤵
      PID:3016
  - - C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\backup.exe
      "C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\
      4⤵
      PID:2312
  - - C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\backup.exe
      "C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\
      4⤵
      PID:2408
  - - C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\backup.exe
      "C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\
      4⤵
      PID:3048
  - - C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\backup.exe
      "C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\
      4⤵
      PID:1404
  - - C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\backup.exe
      "C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\
      4⤵
      PID:3032
  - - C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\backup.exe
      "C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\
      4⤵
      PID:1500
  - - C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\backup.exe
      "C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\
      4⤵
      PID:1524
  - - C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe
      "C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\
      4⤵
      PID:1640
    - - C:\Program Files\7-Zip\Lang\backup.exe
        
        "C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\
        5⤵
        
        PID:2872
  - - C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe
      "C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\
      4⤵
      PID:308
    - - C:\PerfLogs\Admin\backup.exe
        
        C:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\
        5⤵
        
        PID:2016
  - - C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe
      "C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\
      4⤵
      PID:816
  - - C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\System Restore.exe
      "C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\System Restore.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\
      4⤵
      PID:944
  - - C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe
      "C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\
      4⤵
      PID:2568
    - - C:\Program Files\Java\jdk1.7.0_80\jre\lib\System Restore.exe
        
        "C:\Program Files\Java\jdk1.7.0_80\jre\lib\System Restore.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\
        5⤵
        
        PID:1544
      - C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\backup.exe
        
        "C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\
        6⤵
        
        PID:2420
      - C:\Program Files\Java\jdk1.7.0_80\jre\lib\applet\backup.exe
        
        "C:\Program Files\Java\jdk1.7.0_80\jre\lib\applet\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\applet\
        6⤵
        
        PID:2932
      - C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\System Restore.exe
        
        "C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\System Restore.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\
        6⤵
        
        PID:2520
      - C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\backup.exe
        
        "C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\
        6⤵
        
        PID:804
      - C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\backup.exe
        
        "C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\
        6⤵
        
        PID:2888
      - C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\backup.exe
        
        "C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\
        6⤵
        
        PID:2808
      - C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\backup.exe
        
        "C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\
        6⤵
        
        PID:1520
      - C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\backup.exe
        
        "C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\
        6⤵
        
        PID:328
      - C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\backup.exe
        
        "C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\
        6⤵
        
        PID:2296
      - C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\backup.exe
        
        "C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\
        6⤵
        
        PID:1680
      - C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\backup.exe
        
        "C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\
        6⤵
        
        PID:2484
- C:\Program Files\DVD Maker\ja-JP\backup.exe
  "C:\Program Files\DVD Maker\ja-JP\backup.exe" C:\Program Files\DVD Maker\ja-JP\
  2⤵
  PID:1652
- C:\Program Files\DVD Maker\it-IT\backup.exe
  "C:\Program Files\DVD Maker\it-IT\backup.exe" C:\Program Files\DVD Maker\it-IT\
  2⤵
  PID:1136
- C:\Program Files\DVD Maker\de-DE\backup.exe
  "C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\
  2⤵
  PID:1076

C:\Program Files\Google\backup.exe
"C:\Program Files\Google\backup.exe" C:\Program Files\Google\
1⤵
PID:356
- C:\Program Files\Google\Chrome\backup.exe
  "C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\
  2⤵
  PID:2424

C:\Program Files\Google\Chrome\Application\106.0.5249.119\backup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\
1⤵
PID:1820
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\backup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\update.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\update.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\backup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\System Restore.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\System Restore.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\
  2⤵
  PID:856
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\backup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\backup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\backup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\
  2⤵
  PID:2448

C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe
"C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\
1⤵
PID:760

C:\Program Files\Internet Explorer\backup.exe
"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\
1⤵
PID:748
- C:\Program Files\Internet Explorer\es-ES\update.exe
  "C:\Program Files\Internet Explorer\es-ES\update.exe" C:\Program Files\Internet Explorer\es-ES\
  2⤵
  PID:2844
- C:\Program Files\Internet Explorer\images\backup.exe
  "C:\Program Files\Internet Explorer\images\backup.exe" C:\Program Files\Internet Explorer\images\
  2⤵
  PID:1192
- C:\Program Files\Internet Explorer\ja-JP\update.exe
  "C:\Program Files\Internet Explorer\ja-JP\update.exe" C:\Program Files\Internet Explorer\ja-JP\
  2⤵
  PID:2996
- C:\Program Files\Internet Explorer\SIGNUP\backup.exe
  "C:\Program Files\Internet Explorer\SIGNUP\backup.exe" C:\Program Files\Internet Explorer\SIGNUP\
  2⤵
  PID:572
- C:\Program Files\Internet Explorer\it-IT\backup.exe
  "C:\Program Files\Internet Explorer\it-IT\backup.exe" C:\Program Files\Internet Explorer\it-IT\
  2⤵
  PID:960
- C:\Program Files\Internet Explorer\fr-FR\backup.exe
  "C:\Program Files\Internet Explorer\fr-FR\backup.exe" C:\Program Files\Internet Explorer\fr-FR\
  2⤵
  PID:1464
- C:\Program Files\Internet Explorer\en-US\backup.exe
  "C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\
  2⤵
  PID:1500
- C:\Program Files\Internet Explorer\de-DE\backup.exe
  "C:\Program Files\Internet Explorer\de-DE\backup.exe" C:\Program Files\Internet Explorer\de-DE\
  2⤵
  PID:2116

C:\Program Files\Java\backup.exe
"C:\Program Files\Java\backup.exe" C:\Program Files\Java\
1⤵
PID:2220
- C:\Program Files\Java\jdk1.7.0_80\backup.exe
  "C:\Program Files\Java\jdk1.7.0_80\backup.exe" C:\Program Files\Java\jdk1.7.0_80\
  2⤵
  PID:2268
- - C:\Program Files\Java\jdk1.7.0_80\include\backup.exe
    "C:\Program Files\Java\jdk1.7.0_80\include\backup.exe" C:\Program Files\Java\jdk1.7.0_80\include\
    3⤵
    PID:2640
  - - C:\Program Files\Java\jdk1.7.0_80\include\win32\backup.exe
      "C:\Program Files\Java\jdk1.7.0_80\include\win32\backup.exe" C:\Program Files\Java\jdk1.7.0_80\include\win32\
      4⤵
      PID:3052
    - - C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\backup.exe
        
        "C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\backup.exe" C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\
        5⤵
        
        PID:2904
- - C:\Program Files\Java\jdk1.7.0_80\jre\backup.exe
    "C:\Program Files\Java\jdk1.7.0_80\jre\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\
    3⤵
    PID:2568
  - - C:\Program Files\Java\jdk1.7.0_80\jre\bin\System Restore.exe
      "C:\Program Files\Java\jdk1.7.0_80\jre\bin\System Restore.exe" C:\Program Files\Java\jdk1.7.0_80\jre\bin\
      4⤵
      PID:2632
    - - C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\backup.exe
        
        "C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\
        5⤵
        
        PID:2184
    - - C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\backup.exe
        
        "C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\
        5⤵
        
        PID:1556
    - - C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\backup.exe
        
        "C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\
        5⤵
        
        PID:2416
- - C:\Program Files\Java\jdk1.7.0_80\lib\backup.exe
    "C:\Program Files\Java\jdk1.7.0_80\lib\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\
    3⤵
    PID:1696
- C:\Program Files\Java\jre7\backup.exe
  "C:\Program Files\Java\jre7\backup.exe" C:\Program Files\Java\jre7\
  2⤵
  PID:2088
- - C:\Program Files\Java\jre7\bin\backup.exe
    "C:\Program Files\Java\jre7\bin\backup.exe" C:\Program Files\Java\jre7\bin\
    3⤵
    PID:2028
  - - C:\Program Files\Java\jre7\bin\dtplugin\backup.exe
      "C:\Program Files\Java\jre7\bin\dtplugin\backup.exe" C:\Program Files\Java\jre7\bin\dtplugin\
      4⤵
      PID:2924
  - - C:\Program Files\Java\jre7\bin\plugin2\backup.exe
      "C:\Program Files\Java\jre7\bin\plugin2\backup.exe" C:\Program Files\Java\jre7\bin\plugin2\
      4⤵
      PID:2752
  - - C:\Program Files\Java\jre7\bin\server\backup.exe
      "C:\Program Files\Java\jre7\bin\server\backup.exe" C:\Program Files\Java\jre7\bin\server\
      4⤵
      PID:1744
- - C:\Program Files\Java\jre7\lib\backup.exe
    "C:\Program Files\Java\jre7\lib\backup.exe" C:\Program Files\Java\jre7\lib\
    3⤵
    PID:2892

C:\Program Files\Java\jdk1.7.0_80\bin\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\bin\backup.exe" C:\Program Files\Java\jdk1.7.0_80\bin\
1⤵
PID:2564

C:\Program Files\Java\jdk1.7.0_80\db\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\db\backup.exe" C:\Program Files\Java\jdk1.7.0_80\db\
1⤵
PID:2260
- C:\Program Files\Java\jdk1.7.0_80\db\bin\backup.exe
  "C:\Program Files\Java\jdk1.7.0_80\db\bin\backup.exe" C:\Program Files\Java\jdk1.7.0_80\db\bin\
  2⤵
  PID:2600
- C:\Program Files\Java\jdk1.7.0_80\db\lib\backup.exe
  "C:\Program Files\Java\jdk1.7.0_80\db\lib\backup.exe" C:\Program Files\Java\jdk1.7.0_80\db\lib\
  2⤵
  PID:2576

C:\Program Files\Google\Chrome\Application\backup.exe
"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\
1⤵
PID:2664

C:\Program Files (x86)\backup.exe
"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\
1⤵
PID:2544
- C:\Program Files (x86)\Adobe\backup.exe
  "C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\
  2⤵
  PID:1348
- - C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\
    3⤵
    PID:2484
  - - C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe
      "C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\
      4⤵
      PID:336
  - - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\System Restore.exe
      "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\
      4⤵
      PID:1524
    - - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe
        
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\
        5⤵
        
        PID:380
    - - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe
        
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\
        5⤵
        
        PID:1020
    - - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe
        
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\
        5⤵
        
        PID:2928
  - - C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe
      "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\
      4⤵
      PID:2648
    - - C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe
        
        "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\
        5⤵
        
        PID:900
      - C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe
        
        "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\
        6⤵
        
        PID:1772
    - - C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\data.exe
        
        "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\data.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\
        5⤵
        
        PID:2768
    - - C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe
        
        "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\
        5⤵
        
        PID:2132
    - - C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe
        
        "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\
        5⤵
        
        PID:2656
    - - C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe
        
        "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\
        5⤵
        
        PID:1804
- C:\Program Files (x86)\Common Files\backup.exe
  "C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\
  2⤵
  PID:2572
- C:\Program Files (x86)\Google\backup.exe
  "C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\
  2⤵
  PID:1284
- C:\Program Files (x86)\Internet Explorer\backup.exe
  "C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\
  2⤵
  PID:1628
- - C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe
    "C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe" C:\Program Files (x86)\Internet Explorer\de-DE\
    3⤵
    PID:1172
- - C:\Program Files (x86)\Internet Explorer\en-US\System Restore.exe
    "C:\Program Files (x86)\Internet Explorer\en-US\System Restore.exe" C:\Program Files (x86)\Internet Explorer\en-US\
    3⤵
    PID:2040
- - C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe
    "C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe" C:\Program Files (x86)\Internet Explorer\es-ES\
    3⤵
    PID:1068
- - C:\Program Files (x86)\Internet Explorer\fr-FR\backup.exe
    "C:\Program Files (x86)\Internet Explorer\fr-FR\backup.exe" C:\Program Files (x86)\Internet Explorer\fr-FR\
    3⤵
    PID:2660
- - C:\Program Files (x86)\Internet Explorer\it-IT\backup.exe
    "C:\Program Files (x86)\Internet Explorer\it-IT\backup.exe" C:\Program Files (x86)\Internet Explorer\it-IT\
    3⤵
    PID:2776
- - C:\Program Files (x86)\Internet Explorer\ja-JP\backup.exe
    "C:\Program Files (x86)\Internet Explorer\ja-JP\backup.exe" C:\Program Files (x86)\Internet Explorer\ja-JP\
    3⤵
    PID:2980
- - C:\Program Files (x86)\Internet Explorer\SIGNUP\backup.exe
    "C:\Program Files (x86)\Internet Explorer\SIGNUP\backup.exe" C:\Program Files (x86)\Internet Explorer\SIGNUP\
    3⤵
    PID:2804
- C:\Program Files (x86)\Microsoft Analysis Services\backup.exe
  "C:\Program Files (x86)\Microsoft Analysis Services\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\
  2⤵
  PID:2760
- - C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\backup.exe
    "C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\
    3⤵
    PID:2792
- C:\Program Files (x86)\Microsoft Office\backup.exe
  "C:\Program Files (x86)\Microsoft Office\backup.exe" C:\Program Files (x86)\Microsoft Office\
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe
  "C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe" C:\Program Files (x86)\Microsoft SQL Server Compact Edition\
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft Sync Framework\backup.exe
  "C:\Program Files (x86)\Microsoft Sync Framework\backup.exe" C:\Program Files (x86)\Microsoft Sync Framework\
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft Synchronization Services\backup.exe
  "C:\Program Files (x86)\Microsoft Synchronization Services\backup.exe" C:\Program Files (x86)\Microsoft Synchronization Services\
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft Visual Studio 8\backup.exe
  "C:\Program Files (x86)\Microsoft Visual Studio 8\backup.exe" C:\Program Files (x86)\Microsoft Visual Studio 8\
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft.NET\backup.exe
  "C:\Program Files (x86)\Microsoft.NET\backup.exe" C:\Program Files (x86)\Microsoft.NET\
  2⤵
  PID:2316
- C:\Program Files (x86)\Mozilla Maintenance Service\backup.exe
  "C:\Program Files (x86)\Mozilla Maintenance Service\backup.exe" C:\Program Files (x86)\Mozilla Maintenance Service\
  2⤵
  PID:2088
- C:\Program Files (x86)\MSBuild\backup.exe
  "C:\Program Files (x86)\MSBuild\backup.exe" C:\Program Files (x86)\MSBuild\
  2⤵
  PID:1972

C:\Program Files\Common Files\System\it-IT\backup.exe
"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\
1⤵
PID:2928

C:\Program Files\Common Files\System\es-ES\backup.exe
"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\
1⤵
PID:2908

C:\Program Files\Common Files\System\ado\it-IT\backup.exe
"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\
1⤵
PID:3048

C:\Program Files\Common Files\System\ado\fr-FR\backup.exe
"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\
1⤵
PID:908

C:\Program Files\Common Files\System\ado\es-ES\backup.exe
"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\
1⤵
PID:380

C:\Program Files\Common Files\System\ado\de-DE\data.exe
"C:\Program Files\Common Files\System\ado\de-DE\data.exe" C:\Program Files\Common Files\System\ado\de-DE\
1⤵
PID:2828

C:\Program Files\Common Files\System\ado\backup.exe
"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\
1⤵
PID:1768

C:\Program Files\Common Files\System\backup.exe
"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\
1⤵
PID:2552

C:\Program Files\Common Files\SpeechEngines\backup.exe
"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\
1⤵
PID:2440

C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\
1⤵
PID:1420

C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\
1⤵
PID:1716

C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\
1⤵
PID:896

C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\
1⤵
PID:1764

C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\
1⤵
PID:2820

C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\
1⤵
PID:1076

C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\
1⤵
PID:380

C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\
1⤵
PID:3008

C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\
1⤵
PID:3032

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\
1⤵
PID:2412

C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\
1⤵
PID:620

C:\Program Files\Microsoft Games\backup.exe
"C:\Program Files\Microsoft Games\backup.exe" C:\Program Files\Microsoft Games\
1⤵
PID:280
- C:\Program Files\Microsoft Games\Chess\backup.exe
  "C:\Program Files\Microsoft Games\Chess\backup.exe" C:\Program Files\Microsoft Games\Chess\
  2⤵
  PID:2348
- - C:\Program Files\Microsoft Games\Chess\de-DE\backup.exe
    "C:\Program Files\Microsoft Games\Chess\de-DE\backup.exe" C:\Program Files\Microsoft Games\Chess\de-DE\
    3⤵
    PID:2736
- - C:\Program Files\Microsoft Games\Chess\en-US\System Restore.exe
    "C:\Program Files\Microsoft Games\Chess\en-US\System Restore.exe" C:\Program Files\Microsoft Games\Chess\en-US\
    3⤵
    PID:2164
- - C:\Program Files\Microsoft Games\Chess\es-ES\backup.exe
    "C:\Program Files\Microsoft Games\Chess\es-ES\backup.exe" C:\Program Files\Microsoft Games\Chess\es-ES\
    3⤵
    PID:1868
- - C:\Program Files\Microsoft Games\Chess\fr-FR\backup.exe
    "C:\Program Files\Microsoft Games\Chess\fr-FR\backup.exe" C:\Program Files\Microsoft Games\Chess\fr-FR\
    3⤵
    PID:2968
- - C:\Program Files\Microsoft Games\Chess\it-IT\backup.exe
    "C:\Program Files\Microsoft Games\Chess\it-IT\backup.exe" C:\Program Files\Microsoft Games\Chess\it-IT\
    3⤵
    PID:2516
- - C:\Program Files\Microsoft Games\Chess\ja-JP\backup.exe
    "C:\Program Files\Microsoft Games\Chess\ja-JP\backup.exe" C:\Program Files\Microsoft Games\Chess\ja-JP\
    3⤵
    PID:1808
- C:\Program Files\Microsoft Games\FreeCell\backup.exe
  "C:\Program Files\Microsoft Games\FreeCell\backup.exe" C:\Program Files\Microsoft Games\FreeCell\
  2⤵
  PID:452
- C:\Program Files\Microsoft Games\Hearts\backup.exe
  "C:\Program Files\Microsoft Games\Hearts\backup.exe" C:\Program Files\Microsoft Games\Hearts\
  2⤵
  PID:2692
- C:\Program Files\Microsoft Games\Mahjong\backup.exe
  "C:\Program Files\Microsoft Games\Mahjong\backup.exe" C:\Program Files\Microsoft Games\Mahjong\
  2⤵
  PID:1640
- C:\Program Files\Microsoft Games\Minesweeper\data.exe
  "C:\Program Files\Microsoft Games\Minesweeper\data.exe" C:\Program Files\Microsoft Games\Minesweeper\
  2⤵
  PID:2764
- C:\Program Files\Microsoft Games\More Games\backup.exe
  "C:\Program Files\Microsoft Games\More Games\backup.exe" C:\Program Files\Microsoft Games\More Games\
  2⤵
  PID:2520
- C:\Program Files\Microsoft Games\Multiplayer\backup.exe
  "C:\Program Files\Microsoft Games\Multiplayer\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\
  2⤵
  PID:2564
- C:\Program Files\Microsoft Games\Purble Place\backup.exe
  "C:\Program Files\Microsoft Games\Purble Place\backup.exe" C:\Program Files\Microsoft Games\Purble Place\
  2⤵
  PID:2636

C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\
1⤵
PID:2352

C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\
1⤵
PID:2792

C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\
1⤵
PID:2464

C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\
1⤵
PID:2928

C:\Users\backup.exe
C:\Users\backup.exe C:\Users\
1⤵
PID:2840

C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\
1⤵
PID:2816

C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\
1⤵
PID:2268

C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\
1⤵
PID:1712

C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\
1⤵
PID:2944

C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\update.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\
1⤵
PID:3004

C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\
1⤵
PID:1336

C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\
1⤵
PID:908

C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\
1⤵
PID:1248

C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\
1⤵
PID:1912

C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\
1⤵
PID:2072

C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\
1⤵
PID:780

C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\data.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\
1⤵
PID:1636

C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\
1⤵
PID:1772

C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\
1⤵
PID:2040

C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\
1⤵
PID:1888

C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\
1⤵
PID:1916

C:\Program Files\Microsoft Office\backup.exe
"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\
1⤵
PID:2592

C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\System Restore.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\
1⤵
PID:1604

C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\
1⤵
PID:548

C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\
1⤵
PID:880

C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\
1⤵
PID:2840
- C:\Users\Admin\backup.exe
  C:\Users\Admin\backup.exe C:\Users\Admin\
  2⤵
  PID:1072
- - C:\Users\Admin\Contacts\backup.exe
    C:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\
    3⤵
    PID:2224
- - C:\Users\Admin\Desktop\backup.exe
    C:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\
    3⤵
    PID:2100
- - C:\Users\Admin\Documents\data.exe
    C:\Users\Admin\Documents\data.exe C:\Users\Admin\Documents\
    3⤵
    PID:2500
- - C:\Users\Admin\Downloads\backup.exe
    C:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\
    3⤵
    PID:1988
- - C:\Users\Admin\Favorites\backup.exe
    C:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\
    3⤵
    PID:2612
- - C:\Users\Admin\Links\backup.exe
    C:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\
    3⤵
    PID:1496
- - C:\Users\Admin\Music\backup.exe
    C:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\
    3⤵
    PID:2616
- - C:\Users\Admin\Pictures\backup.exe
    C:\Users\Admin\Pictures\backup.exe C:\Users\Admin\Pictures\
    3⤵
    PID:324
- - C:\Users\Admin\Saved Games\backup.exe
    "C:\Users\Admin\Saved Games\backup.exe" C:\Users\Admin\Saved Games\
    3⤵
    PID:2832
- C:\Users\Public\backup.exe
  C:\Users\Public\backup.exe C:\Users\Public\
  2⤵
  PID:2748

C:\Windows\backup.exe
C:\Windows\backup.exe C:\Windows\
1⤵
PID:2624

C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\
1⤵
PID:2304

C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\
1⤵
PID:1868

C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\
1⤵
PID:1376

C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\
1⤵
PID:1052

C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\
1⤵
PID:2204

C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\
1⤵
PID:580

C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\
1⤵
PID:1524
- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe
  "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\
  2⤵
  PID:3060
- - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\
    3⤵
    PID:1588
- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe
  "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\
  2⤵
  PID:2232
- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe
  "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\
  2⤵
  PID:1612
- - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\
    3⤵
    PID:2924
- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe
  "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\
  2⤵
  PID:764
- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe
  "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\
  2⤵
  PID:3032
- - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\update.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\
    3⤵
    PID:2304
- - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\
    3⤵
    PID:2700
- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe
  "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\
  2⤵
  PID:1280
- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe
  "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\
  2⤵
  PID:2652
- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe
  "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\
  2⤵
  PID:3016

C:\Program Files\Common Files\Microsoft Shared\System Restore.exe
"C:\Program Files\Common Files\Microsoft Shared\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\
1⤵
PID:2096

C:\Program Files\Common Files\backup.exe
"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\
1⤵
PID:2100

C:\Program Files\7-Zip\backup.exe
"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\
1⤵
PID:1640

C:\Program Files\data.exe
"C:\Program Files\data.exe" C:\Program Files\
1⤵
PID:1196
- C:\Program Files\Mozilla Firefox\backup.exe
  "C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\
  2⤵
  PID:816
- C:\Program Files\MSBuild\backup.exe
  "C:\Program Files\MSBuild\backup.exe" C:\Program Files\MSBuild\
  2⤵
  PID:1464
- C:\Program Files\Reference Assemblies\backup.exe
  "C:\Program Files\Reference Assemblies\backup.exe" C:\Program Files\Reference Assemblies\
  2⤵
  PID:2452
- C:\Program Files\VideoLAN\backup.exe
  "C:\Program Files\VideoLAN\backup.exe" C:\Program Files\VideoLAN\
  2⤵
  PID:2568
- C:\Program Files\Windows Defender\backup.exe
  "C:\Program Files\Windows Defender\backup.exe" C:\Program Files\Windows Defender\
  2⤵
  PID:2632
- C:\Program Files\Windows Journal\backup.exe
  "C:\Program Files\Windows Journal\backup.exe" C:\Program Files\Windows Journal\
  2⤵
  PID:976
- C:\Program Files\Windows Mail\backup.exe
  "C:\Program Files\Windows Mail\backup.exe" C:\Program Files\Windows Mail\
  2⤵
  PID:2812
- C:\Program Files\Windows Media Player\backup.exe
  "C:\Program Files\Windows Media Player\backup.exe" C:\Program Files\Windows Media Player\
  2⤵
  PID:2472
- C:\Program Files\Windows NT\backup.exe
  "C:\Program Files\Windows NT\backup.exe" C:\Program Files\Windows NT\
  2⤵
  PID:2024

C:\PerfLogs\backup.exe
C:\PerfLogs\backup.exe C:\PerfLogs\
1⤵
PID:308

C:\backup.exe
\backup.exe \
1⤵
PID:1700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Common Files\Microsoft Shared\System Restore.exe

Filesize
40KB

MD5
1b13e60f40641eb9ab2d993cdafd382c

SHA1
e3421a75a397c0fc6e1a553b446653a1a7e8b8de

SHA256
d34b4ed03be782588e9f544c8641ee8927b5aa3c262579163667db6d80352df9

SHA512
1afbe60d27c7c3ca68a49760df2cccde586ac3a9a91b78f4d69bdd7ecbf5792f8716e25e180e14b8d8017a62368e73c288eadeb368ffff8a02723c803896964e

Download Submit
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe

Filesize
40KB

MD5
db2190f32aef69bf9db2fe5dcc4aef84

SHA1
fed6b87420ef1c07ca863dad1247851ea93499b3

SHA256
ac56694fcee48cd82bfdd79acac14415ff4461d8b1b204683a6422b609fab68d

SHA512
c54435f88ae860c89e2e4b769542b4e21440e9266509cf7f69fa31fe58209302800a242fb2ee249071328de154385ebce5ca6e0b5fd47495c2b35fc008a847a3

Download Submit
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe

Filesize
40KB

MD5
55dcaef861bedbc4edbf52c2ebfeb30e

SHA1
bb02f1dbfe557612493ab46b203788080f0d3c59

SHA256
678789cc9bdd5a947105a1b2a6c91caeca05fccda5428c721a152ef85c530289

SHA512
e822ced39d5307d1be7f85413a254e60382e4bca459c7c14329bba8576f5f6c8b5ff6dab927073df8b9240776e617334578e438da05b3af6b71a4f5fa9e24171

Download Submit
C:\Program Files\Common Files\backup.exe

Filesize
40KB

MD5
387803d341217e9995ed40c5a2f0e157

SHA1
0eed7fcf1e0c6173e1e5d9642f7517434306df59

SHA256
54c1c16d10d548ade3933a4fce8c06c963e07b1adb73875447ec7b1baf315ba6

SHA512
07bebee60915e517f5d9ee737da40252b0b76cd90e6e984dac5ebc494cff00c39e751c7ddc08413271215ddf38dd6cc5e104824c951f3e07482ab75feeb96fb2

Download Submit
C:\Program Files\data.exe

Filesize
40KB

MD5
052d74465f190b2956b799da3f8fef67

SHA1
2361de8d197c69002ce0c84846176ad3f0f64f1b

SHA256
1ef0a57aec274bd004976fc1708106c06eb4eb098e7b99589116c92878388006

SHA512
e441f51d4b70ef733348f6652891f842728f8a8081321c0d76ae61d13c9693fb4e64f047797d857a04e27a9d1a4b6e2704ae4f564b89650d4701f413f98e603d

Download Submit
C:\backup.exe

Filesize
40KB

MD5
83dc756a3e544fb73e03ee1b144baeee

SHA1
4ff65e97bd14bb892862e69ba99824cf60dbee8b

SHA256
f074047e64f18025887e534558680badc982a4eb0aa42a1b725e2d49410171fc

SHA512
a2c8b96b9af87b4b45e3c570b9ebe547a2f25843e5628d597fc75104ba1a9b7ec23c3d0ce06814811ae3d1a6c21e42d026c5b1ed5d057c145df4b04ad58525f3

Download Submit
\Users\Admin\AppData\Local\Temp\1281866025\backup.exe

Filesize
40KB

MD5
be9d44e11fd5f01e76110868320db57d

SHA1
83f3a221e1c18b9839e54d741b64b61f5480325d

SHA256
a0eb6eada71e3ffa99e6ad8ddfda9cfbe36688f7edc4b5e4db7f754af3644a6b

SHA512
22058d1e19311cf4727718b8082f7f07046e9c4ffb60a69a050c0cfe8dd1784789b75e2e745611c52914a9d2a87675fa30626cad0df019be368b18e0e892ff62

Download Submit
memory/308-123-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/308-141-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/548-315-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/548-320-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/580-392-0x00000000002A0000-0x00000000002BB000-memory.dmp

Filesize
108KB

Download
memory/580-334-0x00000000002A0000-0x00000000002BB000-memory.dmp

Filesize
108KB

Download
memory/580-271-0x00000000002A0000-0x00000000002BB000-memory.dmp

Filesize
108KB

Download
memory/580-237-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/580-525-0x00000000002A0000-0x00000000002BB000-memory.dmp

Filesize
108KB

Download
memory/580-347-0x00000000002A0000-0x00000000002BB000-memory.dmp

Filesize
108KB

Download
memory/580-499-0x00000000002A0000-0x00000000002BB000-memory.dmp

Filesize
108KB

Download
memory/580-583-0x00000000002A0000-0x00000000002BB000-memory.dmp

Filesize
108KB

Download
memory/580-647-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/580-279-0x00000000002A0000-0x00000000002BB000-memory.dmp

Filesize
108KB

Download
memory/580-447-0x00000000002A0000-0x00000000002BB000-memory.dmp

Filesize
108KB

Download
memory/580-457-0x00000000002A0000-0x00000000002BB000-memory.dmp

Filesize
108KB

Download
memory/580-401-0x00000000002A0000-0x00000000002BB000-memory.dmp

Filesize
108KB

Download
memory/780-482-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/880-308-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/908-534-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/936-686-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1052-254-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1084-662-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1196-152-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1196-188-0x0000000000420000-0x000000000043B000-memory.dmp

Filesize
108KB

Download
memory/1196-239-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1332-394-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1332-396-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1336-552-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1348-678-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1376-263-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1524-218-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1604-327-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1636-460-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1636-458-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1640-184-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1700-201-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1700-121-0x0000000000500000-0x000000000051B000-memory.dmp

Filesize
108KB

Download
memory/1700-126-0x0000000000500000-0x000000000051B000-memory.dmp

Filesize
108KB

Download
memory/1704-199-0x0000000000360000-0x000000000037B000-memory.dmp

Filesize
108KB

Download
memory/1704-14-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1712-576-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1712-578-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1728-291-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1772-450-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1784-638-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1856-491-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1868-272-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1868-274-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1880-707-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1888-432-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1916-335-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1916-336-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1996-25-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1996-28-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2008-670-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2016-140-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2016-136-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2040-439-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2072-510-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2096-205-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2096-231-0x00000000002E0000-0x00000000002FB000-memory.dmp

Filesize
108KB

Download
memory/2096-297-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2100-270-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2100-203-0x0000000000290000-0x00000000002AB000-memory.dmp

Filesize
108KB

Download
memory/2100-189-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2164-423-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2188-110-0x00000000005E0000-0x00000000005FB000-memory.dmp

Filesize
108KB

Download
memory/2188-93-0x0000000000850000-0x0000000000851000-memory.dmp

Filesize
4KB

Download
memory/2188-0-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2188-72-0x00000000005E0000-0x00000000005FB000-memory.dmp

Filesize
108KB

Download
memory/2188-24-0x00000000005E0000-0x00000000005FB000-memory.dmp

Filesize
108KB

Download
memory/2188-162-0x00000000005E0000-0x00000000005FB000-memory.dmp

Filesize
108KB

Download
memory/2188-79-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2188-194-0x0000000000850000-0x0000000000851000-memory.dmp

Filesize
4KB

Download
memory/2188-48-0x00000000005E0000-0x00000000005FB000-memory.dmp

Filesize
108KB

Download
memory/2188-149-0x00000000005E0000-0x00000000005FB000-memory.dmp

Filesize
108KB

Download
memory/2188-39-0x00000000005E0000-0x00000000005FB000-memory.dmp

Filesize
108KB

Download
memory/2188-60-0x00000000005E0000-0x00000000005FB000-memory.dmp

Filesize
108KB

Download
memory/2204-243-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2268-587-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2304-283-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2308-544-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2344-415-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2388-407-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2440-702-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2484-384-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2484-87-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2484-385-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2496-376-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2580-368-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2600-52-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2604-40-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2620-76-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2672-403-0x00000000004A0000-0x00000000004BB000-memory.dmp

Filesize
108KB

Download
memory/2672-383-0x00000000004A0000-0x00000000004BB000-memory.dmp

Filesize
108KB

Download
memory/2672-424-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2672-402-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2788-359-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2816-596-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2816-594-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2840-301-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2872-177-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2928-351-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2928-603-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3004-565-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3004-557-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3004-559-0x0000000000020000-0x000000000003B000-memory.dmp

Filesize
108KB

Download
memory/3004-561-0x0000000000020000-0x000000000003B000-memory.dmp

Filesize
108KB

Download
memory/3060-696-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads