Analysis
-
max time kernel
151s -
max time network
44s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
23-11-2022 17:07
General
-
Target
1aae335e9dae66979aee2cc95b15586f91f206661f72adf53504ef930981b373.exe
-
Size
72KB
-
MD5
05a67ee4b686016eff13ec74c30a5f25
-
SHA1
2070eb5b4b241be40625884f22097644204b4285
-
SHA256
1aae335e9dae66979aee2cc95b15586f91f206661f72adf53504ef930981b373
-
SHA512
9e3f45baa00aca533d6432c8c0acb1a25c63ad9f71c22abe235dafd830c5f86e16f9fbfaea18e97c7899b16230b5b75feaff2c326f7c587aa48c33e2fe8d59c7
-
SSDEEP
384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf21:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrp
Score
10/10
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 11 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1aae335e9dae66979aee2cc95b15586f91f206661f72adf53504ef930981b373.exe"C:\Users\Admin\AppData\Local\Temp\1aae335e9dae66979aee2cc95b15586f91f206661f72adf53504ef930981b373.exe"1⤵
- Disables RegEdit via registry modification
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2265615860\backup.exeC:\Users\Admin\AppData\Local\Temp\2265615860\backup.exe C:\Users\Admin\AppData\Local\Temp\2265615860\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\backup.exe\backup.exe \3⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\PerfLogs\Admin\backup.exeC:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\backup.exe"C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\data.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\data.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\8⤵
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\7⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VC\7⤵
-
C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VGX\7⤵
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\9⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
-
C:\Program Files\Common Files\SpeechEngines\backup.exe"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\6⤵
-
C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe"C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\System\update.exe"C:\Program Files\Common Files\System\update.exe" C:\Program Files\Common Files\System\6⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
-
C:\Program Files\Common Files\System\ado\es-ES\System Restore.exe"C:\Program Files\Common Files\System\ado\es-ES\System Restore.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
-
C:\Program Files\Common Files\System\ado\it-IT\update.exe"C:\Program Files\Common Files\System\ado\it-IT\update.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
- System policy modification
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\System\it-IT\update.exe"C:\Program Files\Common Files\System\it-IT\update.exe" C:\Program Files\Common Files\System\it-IT\7⤵
-
C:\Program Files\Common Files\System\ja-JP\update.exe"C:\Program Files\Common Files\System\ja-JP\update.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
-
C:\Program Files\Common Files\System\msadc\update.exe"C:\Program Files\Common Files\System\msadc\update.exe" C:\Program Files\Common Files\System\msadc\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\msadc\de-DE\backup.exe"C:\Program Files\Common Files\System\msadc\de-DE\backup.exe" C:\Program Files\Common Files\System\msadc\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\System\msadc\en-US\backup.exe"C:\Program Files\Common Files\System\msadc\en-US\backup.exe" C:\Program Files\Common Files\System\msadc\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\System\msadc\es-ES\backup.exe"C:\Program Files\Common Files\System\msadc\es-ES\backup.exe" C:\Program Files\Common Files\System\msadc\es-ES\8⤵
-
C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe"C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe" C:\Program Files\Common Files\System\msadc\fr-FR\8⤵
-
C:\Program Files\Common Files\System\msadc\it-IT\backup.exe"C:\Program Files\Common Files\System\msadc\it-IT\backup.exe" C:\Program Files\Common Files\System\msadc\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe"C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe" C:\Program Files\Common Files\System\msadc\ja-JP\8⤵
-
C:\Program Files\Common Files\System\Ole DB\backup.exe"C:\Program Files\Common Files\System\Ole DB\backup.exe" C:\Program Files\Common Files\System\Ole DB\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\Ole DB\de-DE\backup.exe"C:\Program Files\Common Files\System\Ole DB\de-DE\backup.exe" C:\Program Files\Common Files\System\Ole DB\de-DE\8⤵
- System policy modification
-
C:\Program Files\Common Files\System\Ole DB\en-US\backup.exe"C:\Program Files\Common Files\System\Ole DB\en-US\backup.exe" C:\Program Files\Common Files\System\Ole DB\en-US\8⤵
- System policy modification
-
C:\Program Files\Common Files\System\Ole DB\es-ES\backup.exe"C:\Program Files\Common Files\System\Ole DB\es-ES\backup.exe" C:\Program Files\Common Files\System\Ole DB\es-ES\8⤵
-
C:\Program Files\Common Files\System\Ole DB\fr-FR\backup.exe"C:\Program Files\Common Files\System\Ole DB\fr-FR\backup.exe" C:\Program Files\Common Files\System\Ole DB\fr-FR\8⤵
- System policy modification
-
C:\Program Files\Common Files\System\Ole DB\it-IT\backup.exe"C:\Program Files\Common Files\System\Ole DB\it-IT\backup.exe" C:\Program Files\Common Files\System\Ole DB\it-IT\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\System\Ole DB\ja-JP\backup.exe"C:\Program Files\Common Files\System\Ole DB\ja-JP\backup.exe" C:\Program Files\Common Files\System\Ole DB\ja-JP\8⤵
-
C:\Program Files\DVD Maker\backup.exe"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\5⤵
- Drops file in Program Files directory
-
C:\Program Files\DVD Maker\de-DE\backup.exe"C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\6⤵
- Disables RegEdit via registry modification
-
C:\Program Files\DVD Maker\en-US\backup.exe"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\6⤵
- Disables RegEdit via registry modification
-
C:\Program Files\DVD Maker\es-ES\backup.exe"C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\6⤵
- System policy modification
-
C:\Program Files\DVD Maker\fr-FR\backup.exe"C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\6⤵
-
C:\Program Files\DVD Maker\it-IT\backup.exe"C:\Program Files\DVD Maker\it-IT\backup.exe" C:\Program Files\DVD Maker\it-IT\6⤵
-
C:\Program Files\DVD Maker\ja-JP\backup.exe"C:\Program Files\DVD Maker\ja-JP\backup.exe" C:\Program Files\DVD Maker\ja-JP\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\DVD Maker\Shared\backup.exe"C:\Program Files\DVD Maker\Shared\backup.exe" C:\Program Files\DVD Maker\Shared\6⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Full\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\data.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\data.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Push\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Push\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Push\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\8⤵
- System policy modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\System Restore.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\System Restore.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\8⤵
- System policy modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\data.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\data.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\8⤵
- System policy modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\8⤵
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\System Restore.exe"C:\Program Files\Google\Chrome\System Restore.exe" C:\Program Files\Google\Chrome\6⤵
- System policy modification
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\7⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\8⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\9⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\9⤵
- System policy modification
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\9⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\9⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\9⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\10⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\11⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Google\Chrome\Application\Dictionaries\backup.exe"C:\Program Files\Google\Chrome\Application\Dictionaries\backup.exe" C:\Program Files\Google\Chrome\Application\Dictionaries\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe"C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\8⤵
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Internet Explorer\de-DE\backup.exe"C:\Program Files\Internet Explorer\de-DE\backup.exe" C:\Program Files\Internet Explorer\de-DE\6⤵
-
C:\Program Files\Internet Explorer\en-US\backup.exe"C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\6⤵
-
C:\Program Files\Internet Explorer\es-ES\backup.exe"C:\Program Files\Internet Explorer\es-ES\backup.exe" C:\Program Files\Internet Explorer\es-ES\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\Internet Explorer\fr-FR\backup.exe"C:\Program Files\Internet Explorer\fr-FR\backup.exe" C:\Program Files\Internet Explorer\fr-FR\6⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Internet Explorer\images\backup.exe"C:\Program Files\Internet Explorer\images\backup.exe" C:\Program Files\Internet Explorer\images\6⤵
-
C:\Program Files\Internet Explorer\it-IT\backup.exe"C:\Program Files\Internet Explorer\it-IT\backup.exe" C:\Program Files\Internet Explorer\it-IT\6⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Internet Explorer\ja-JP\backup.exe"C:\Program Files\Internet Explorer\ja-JP\backup.exe" C:\Program Files\Internet Explorer\ja-JP\6⤵
- System policy modification
-
C:\Program Files\Internet Explorer\SIGNUP\data.exe"C:\Program Files\Internet Explorer\SIGNUP\data.exe" C:\Program Files\Internet Explorer\SIGNUP\6⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.7.0_80\backup.exe"C:\Program Files\Java\jdk1.7.0_80\backup.exe" C:\Program Files\Java\jdk1.7.0_80\6⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.7.0_80\bin\backup.exe"C:\Program Files\Java\jdk1.7.0_80\bin\backup.exe" C:\Program Files\Java\jdk1.7.0_80\bin\7⤵
- System policy modification
-
C:\Program Files\Java\jdk1.7.0_80\db\backup.exe"C:\Program Files\Java\jdk1.7.0_80\db\backup.exe" C:\Program Files\Java\jdk1.7.0_80\db\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.7.0_80\db\bin\backup.exe"C:\Program Files\Java\jdk1.7.0_80\db\bin\backup.exe" C:\Program Files\Java\jdk1.7.0_80\db\bin\8⤵
- System policy modification
-
C:\Program Files\Java\jdk1.7.0_80\db\lib\System Restore.exe"C:\Program Files\Java\jdk1.7.0_80\db\lib\System Restore.exe" C:\Program Files\Java\jdk1.7.0_80\db\lib\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Java\jdk1.7.0_80\include\data.exe"C:\Program Files\Java\jdk1.7.0_80\include\data.exe" C:\Program Files\Java\jdk1.7.0_80\include\7⤵
-
C:\Program Files\Java\jdk1.7.0_80\include\win32\backup.exe"C:\Program Files\Java\jdk1.7.0_80\include\win32\backup.exe" C:\Program Files\Java\jdk1.7.0_80\include\win32\8⤵
- System policy modification
-
C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\backup.exe"C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\backup.exe" C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\9⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files\Java\jdk1.7.0_80\jre\data.exe"C:\Program Files\Java\jdk1.7.0_80\jre\data.exe" C:\Program Files\Java\jdk1.7.0_80\jre\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.7.0_80\jre\bin\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\bin\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\bin\8⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\9⤵
-
C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\9⤵
-
C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\9⤵
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\8⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\9⤵
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\applet\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\applet\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\applet\9⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\9⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\9⤵
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\9⤵
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\9⤵
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\9⤵
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\System Restore.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\System Restore.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\9⤵
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\9⤵
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\9⤵
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\9⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\7⤵
-
C:\Program Files\Java\jre7\System Restore.exe"C:\Program Files\Java\jre7\System Restore.exe" C:\Program Files\Java\jre7\6⤵
-
C:\Program Files\Java\jre7\bin\backup.exe"C:\Program Files\Java\jre7\bin\backup.exe" C:\Program Files\Java\jre7\bin\7⤵
-
C:\Program Files\Java\jre7\lib\backup.exe"C:\Program Files\Java\jre7\lib\backup.exe" C:\Program Files\Java\jre7\lib\7⤵
-
C:\Program Files\Microsoft Games\backup.exe"C:\Program Files\Microsoft Games\backup.exe" C:\Program Files\Microsoft Games\5⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Microsoft Games\Chess\backup.exe"C:\Program Files\Microsoft Games\Chess\backup.exe" C:\Program Files\Microsoft Games\Chess\6⤵
-
C:\Program Files\Microsoft Office\backup.exe"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\5⤵
-
C:\Program Files\Mozilla Firefox\backup.exe"C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\5⤵
-
C:\Program Files\MSBuild\backup.exe"C:\Program Files\MSBuild\backup.exe" C:\Program Files\MSBuild\5⤵
-
C:\Program Files\Reference Assemblies\data.exe"C:\Program Files\Reference Assemblies\data.exe" C:\Program Files\Reference Assemblies\5⤵
-
C:\Program Files\VideoLAN\backup.exe"C:\Program Files\VideoLAN\backup.exe" C:\Program Files\VideoLAN\5⤵
-
C:\Program Files\Windows Defender\backup.exe"C:\Program Files\Windows Defender\backup.exe" C:\Program Files\Windows Defender\5⤵
-
C:\Program Files\Windows Journal\backup.exe"C:\Program Files\Windows Journal\backup.exe" C:\Program Files\Windows Journal\5⤵
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\8⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\9⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\8⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\9⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\10⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\9⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\10⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\11⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\9⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\10⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\9⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\10⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\9⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\10⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\11⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\8⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\9⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\10⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\10⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\11⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\11⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\11⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\update.exe"C:\Program Files (x86)\Common Files\Adobe\update.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
-
C:\Program Files (x86)\Common Files\Adobe\Help\System Restore.exe"C:\Program Files (x86)\Common Files\Adobe\Help\System Restore.exe" C:\Program Files (x86)\Common Files\Adobe\Help\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\8⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\10⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Updater6\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\6⤵
-
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\Versions\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\Versions\7⤵
-
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\8⤵
-
C:\Program Files (x86)\Common Files\DESIGNER\data.exe"C:\Program Files (x86)\Common Files\DESIGNER\data.exe" C:\Program Files (x86)\Common Files\DESIGNER\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\microsoft shared\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\6⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\microsoft shared\DAO\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\DAO\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\DAO\7⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\DW\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\DW\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\DW\7⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\System Restore.exe"C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\System Restore.exe" C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\7⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\1033\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\1033\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\1033\8⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\microsoft shared\EURO\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\EURO\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\EURO\7⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\Filters\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Filters\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Filters\7⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\7⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\8⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\8⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\8⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\8⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\8⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\8⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\8⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\update.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\update.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\1.0\System Restore.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\1.0\System Restore.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\1.0\8⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\8⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\update.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\update.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\8⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\8⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\8⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\update.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\update.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\8⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\HWRCustomization\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\HWRCustomization\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\HWRCustomization\8⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\MSClientDataMgr\System Restore.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSClientDataMgr\System Restore.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSClientDataMgr\7⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\System Restore.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\System Restore.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\7⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\7⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\7⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\7⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\Portal\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Portal\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Portal\7⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\PROOF\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\PROOF\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\PROOF\7⤵
-
C:\Program Files (x86)\Common Files\Services\backup.exe"C:\Program Files (x86)\Common Files\Services\backup.exe" C:\Program Files (x86)\Common Files\Services\6⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe"C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe" C:\Program Files (x86)\Common Files\SpeechEngines\6⤵
-
C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\backup.exe"C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\7⤵
-
C:\Program Files (x86)\Common Files\System\update.exe"C:\Program Files (x86)\Common Files\System\update.exe" C:\Program Files (x86)\Common Files\System\6⤵
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Google\CrashReports\backup.exe"C:\Program Files (x86)\Google\CrashReports\backup.exe" C:\Program Files (x86)\Google\CrashReports\6⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Google\Policies\backup.exe"C:\Program Files (x86)\Google\Policies\backup.exe" C:\Program Files (x86)\Google\Policies\6⤵
-
C:\Program Files (x86)\Google\Temp\backup.exe"C:\Program Files (x86)\Google\Temp\backup.exe" C:\Program Files (x86)\Google\Temp\6⤵
-
C:\Program Files (x86)\Google\Update\backup.exe"C:\Program Files (x86)\Google\Update\backup.exe" C:\Program Files (x86)\Google\Update\6⤵
- System policy modification
-
C:\Program Files (x86)\Google\Update\1.3.36.71\backup.exe"C:\Program Files (x86)\Google\Update\1.3.36.71\backup.exe" C:\Program Files (x86)\Google\Update\1.3.36.71\7⤵
- System policy modification
-
C:\Program Files (x86)\Google\Update\Download\backup.exe"C:\Program Files (x86)\Google\Update\Download\backup.exe" C:\Program Files (x86)\Google\Update\Download\7⤵
-
C:\Program Files (x86)\Google\Update\Install\backup.exe"C:\Program Files (x86)\Google\Update\Install\backup.exe" C:\Program Files (x86)\Google\Update\Install\7⤵
-
C:\Program Files (x86)\Google\Update\Offline\backup.exe"C:\Program Files (x86)\Google\Update\Offline\backup.exe" C:\Program Files (x86)\Google\Update\Offline\7⤵
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
-
C:\Program Files (x86)\Microsoft Analysis Services\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\5⤵
-
C:\Program Files (x86)\Microsoft Office\backup.exe"C:\Program Files (x86)\Microsoft Office\backup.exe" C:\Program Files (x86)\Microsoft Office\5⤵
-
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe"C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe" C:\Program Files (x86)\Microsoft SQL Server Compact Edition\5⤵
-
C:\Program Files (x86)\Microsoft Sync Framework\backup.exe"C:\Program Files (x86)\Microsoft Sync Framework\backup.exe" C:\Program Files (x86)\Microsoft Sync Framework\5⤵
-
C:\Program Files (x86)\Microsoft Synchronization Services\backup.exe"C:\Program Files (x86)\Microsoft Synchronization Services\backup.exe" C:\Program Files (x86)\Microsoft Synchronization Services\5⤵
-
C:\Program Files (x86)\Microsoft Visual Studio 8\backup.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\backup.exe" C:\Program Files (x86)\Microsoft Visual Studio 8\5⤵
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\6⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
-
C:\Users\Admin\Favorites\backup.exeC:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\6⤵
-
C:\Users\Admin\Links\backup.exeC:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Admin\Music\backup.exeC:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Admin\Pictures\backup.exeC:\Users\Admin\Pictures\backup.exe C:\Users\Admin\Pictures\6⤵
-
C:\Users\Admin\Saved Games\backup.exe"C:\Users\Admin\Saved Games\backup.exe" C:\Users\Admin\Saved Games\6⤵
-
C:\Users\Admin\Searches\backup.exeC:\Users\Admin\Searches\backup.exe C:\Users\Admin\Searches\6⤵
-
C:\Users\Admin\Videos\backup.exeC:\Users\Admin\Videos\backup.exe C:\Users\Admin\Videos\6⤵
- Disables RegEdit via registry modification
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Users\Public\Documents\backup.exeC:\Users\Public\Documents\backup.exe C:\Users\Public\Documents\6⤵
-
C:\Users\Public\Downloads\backup.exeC:\Users\Public\Downloads\backup.exe C:\Users\Public\Downloads\6⤵
-
C:\Users\Public\Music\backup.exeC:\Users\Public\Music\backup.exe C:\Users\Public\Music\6⤵
-
C:\Users\Public\Pictures\update.exeC:\Users\Public\Pictures\update.exe C:\Users\Public\Pictures\6⤵
-
C:\Users\Public\Recorded TV\backup.exe"C:\Users\Public\Recorded TV\backup.exe" C:\Users\Public\Recorded TV\6⤵
-
C:\Users\Public\Videos\data.exeC:\Users\Public\Videos\data.exe C:\Users\Public\Videos\6⤵
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
- Drops file in Windows directory
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Windows\AppCompat\backup.exeC:\Windows\AppCompat\backup.exe C:\Windows\AppCompat\5⤵
-
C:\Windows\AppPatch\backup.exeC:\Windows\AppPatch\backup.exe C:\Windows\AppPatch\5⤵
-
C:\Windows\assembly\backup.exeC:\Windows\assembly\backup.exe C:\Windows\assembly\5⤵
-
C:\Windows\Branding\backup.exeC:\Windows\Branding\backup.exe C:\Windows\Branding\5⤵
-
C:\Windows\CSC\backup.exeC:\Windows\CSC\backup.exe C:\Windows\CSC\5⤵
-
C:\Windows\Cursors\backup.exeC:\Windows\Cursors\backup.exe C:\Windows\Cursors\5⤵
-
C:\Windows\debug\backup.exeC:\Windows\debug\backup.exe C:\Windows\debug\5⤵
-
C:\Windows\de-DE\backup.exeC:\Windows\de-DE\backup.exe C:\Windows\de-DE\5⤵
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\data.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\data.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeC:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\PerfLogs\Admin\backup.exeFilesize
72KB
MD5f59eae995d1125e0dea26bab48d2785e
SHA1f99a18f53cfe1d7e3daeca2fe9f5b0ff420db7a9
SHA256a2992a2275d53613fba0994ff3df18f09ae975f916fd0d90db6e2cfffd3f7309
SHA512711a424fb79e7a115906a1b65b8a71d19c85622caf1035e065502496611ab1e38522529f3b8c4a03d0d02c9ec8db6f24551ac8eb91bed2fe31283f0fa963f060
-
C:\PerfLogs\backup.exeFilesize
72KB
MD5b76d997dbe4dc0a90f2229aa6236507d
SHA109ce005b4327039f05de6b116f31f15b69d072b7
SHA25612494a2e977d5d968247320ee21e114896fef5fad917571d9564427156872feb
SHA512f3096b95e0aa0a2d436e0e9fbd6e5be97b57ed2af39c547f5e26dabb2a2d049d2384bebbca68c19a4331769b0468f97e934551304b983aa583e6c94abd5df4e4
-
C:\PerfLogs\backup.exeFilesize
72KB
MD5b76d997dbe4dc0a90f2229aa6236507d
SHA109ce005b4327039f05de6b116f31f15b69d072b7
SHA25612494a2e977d5d968247320ee21e114896fef5fad917571d9564427156872feb
SHA512f3096b95e0aa0a2d436e0e9fbd6e5be97b57ed2af39c547f5e26dabb2a2d049d2384bebbca68c19a4331769b0468f97e934551304b983aa583e6c94abd5df4e4
-
C:\Program Files\7-Zip\Lang\backup.exeFilesize
72KB
MD51f1e83f0ecec4fcd5bd9eafe1e558260
SHA1fd110eb23ba8962f2a716ff1e432b9c05e01fb92
SHA256273bd82c4cc12a0c6af91b496dabd8335fc3cd947c1016acbd5fa8073ea9124b
SHA512fccce69b304b3cb761fdd9044791f39a5de4c22ff97b589696feef0e1d89e08ee8bcffa0dd4b2940f2e0a76a097215dbf362b11de9627ff26d307b4cde793be0
-
C:\Program Files\7-Zip\backup.exeFilesize
72KB
MD59d5a1af8dafef5a0f55ac6fa73889c45
SHA11e323aefafe7e3aa0a9a4b70830f31c80bff65bb
SHA25628e500f68c8003b8ce94075dae9eeda7d82c91aa344d95f9965c4e4a7dca5b4e
SHA5124550541cbf25a24270b4ba440beaa31e85a08c80f18ac2f60da3f098837c1b4c0b12c5d71bcb07b0109f0ea2b718050e7dfa6b28ea69a126380e9bc4bf17daf1
-
C:\Program Files\7-Zip\backup.exeFilesize
72KB
MD59d5a1af8dafef5a0f55ac6fa73889c45
SHA11e323aefafe7e3aa0a9a4b70830f31c80bff65bb
SHA25628e500f68c8003b8ce94075dae9eeda7d82c91aa344d95f9965c4e4a7dca5b4e
SHA5124550541cbf25a24270b4ba440beaa31e85a08c80f18ac2f60da3f098837c1b4c0b12c5d71bcb07b0109f0ea2b718050e7dfa6b28ea69a126380e9bc4bf17daf1
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exeFilesize
72KB
MD587fbe7c0f9320cd6c664fd99c177b510
SHA18a2e6b38be1e5334d3f49741258427ddfc4c62eb
SHA2568f1d19948d8e935fa281ff4a42dfeacd2d6abd30e6caf2fa14c72dcfeb786253
SHA512fb5b5cf4b781282d09c4ed0276e0247453254466f6b2a53fcbec9a73e97d76e3c5496bdcb3a5d08b58f31ac60912940eeb27f8518260aa58d22cd3b699f77c4a
-
C:\Program Files\Common Files\Microsoft Shared\backup.exeFilesize
72KB
MD51f1e83f0ecec4fcd5bd9eafe1e558260
SHA1fd110eb23ba8962f2a716ff1e432b9c05e01fb92
SHA256273bd82c4cc12a0c6af91b496dabd8335fc3cd947c1016acbd5fa8073ea9124b
SHA512fccce69b304b3cb761fdd9044791f39a5de4c22ff97b589696feef0e1d89e08ee8bcffa0dd4b2940f2e0a76a097215dbf362b11de9627ff26d307b4cde793be0
-
C:\Program Files\Common Files\Microsoft Shared\backup.exeFilesize
72KB
MD51f1e83f0ecec4fcd5bd9eafe1e558260
SHA1fd110eb23ba8962f2a716ff1e432b9c05e01fb92
SHA256273bd82c4cc12a0c6af91b496dabd8335fc3cd947c1016acbd5fa8073ea9124b
SHA512fccce69b304b3cb761fdd9044791f39a5de4c22ff97b589696feef0e1d89e08ee8bcffa0dd4b2940f2e0a76a097215dbf362b11de9627ff26d307b4cde793be0
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exeFilesize
72KB
MD5066f90bed950b4860b7e44b2eb8cc137
SHA1749b37b90751296922f921f83ce9da2fe0ed76b9
SHA256de7307d45a752a2e026bd780300e9b8da90a8f22c2d2012ab7b04388e4d17c50
SHA5126c3b3d6ca967f8f46b332ab33717cfa0236bb6e9814ef8d6d082c6548f9728ad410c5db3889622703d363bb093d92dab35e4f8cfdfc0b805305f7895c81c80dd
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exeFilesize
72KB
MD587fbe7c0f9320cd6c664fd99c177b510
SHA18a2e6b38be1e5334d3f49741258427ddfc4c62eb
SHA2568f1d19948d8e935fa281ff4a42dfeacd2d6abd30e6caf2fa14c72dcfeb786253
SHA512fb5b5cf4b781282d09c4ed0276e0247453254466f6b2a53fcbec9a73e97d76e3c5496bdcb3a5d08b58f31ac60912940eeb27f8518260aa58d22cd3b699f77c4a
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exeFilesize
72KB
MD587fbe7c0f9320cd6c664fd99c177b510
SHA18a2e6b38be1e5334d3f49741258427ddfc4c62eb
SHA2568f1d19948d8e935fa281ff4a42dfeacd2d6abd30e6caf2fa14c72dcfeb786253
SHA512fb5b5cf4b781282d09c4ed0276e0247453254466f6b2a53fcbec9a73e97d76e3c5496bdcb3a5d08b58f31ac60912940eeb27f8518260aa58d22cd3b699f77c4a
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exeFilesize
72KB
MD58445cf3ec33f48fde818b03e0f0eff75
SHA1778fc10085e2ee5e34deedba7f7b6dc7a4d0ab34
SHA256ad4772202c907c62bde90e88b83615f0c2a80356ac2e014bcb8afcc779c9c38f
SHA512357d084444f057b26d5da8533d17c5289c44238fd4bce8cd4aebf75f096ff555a855650bee2f78c5631e7e3b67d1ec588067c2738c37dea1ae014e2b3ca82d2c
-
C:\Program Files\Common Files\backup.exeFilesize
72KB
MD59d5a1af8dafef5a0f55ac6fa73889c45
SHA11e323aefafe7e3aa0a9a4b70830f31c80bff65bb
SHA25628e500f68c8003b8ce94075dae9eeda7d82c91aa344d95f9965c4e4a7dca5b4e
SHA5124550541cbf25a24270b4ba440beaa31e85a08c80f18ac2f60da3f098837c1b4c0b12c5d71bcb07b0109f0ea2b718050e7dfa6b28ea69a126380e9bc4bf17daf1
-
C:\Program Files\Common Files\backup.exeFilesize
72KB
MD59d5a1af8dafef5a0f55ac6fa73889c45
SHA11e323aefafe7e3aa0a9a4b70830f31c80bff65bb
SHA25628e500f68c8003b8ce94075dae9eeda7d82c91aa344d95f9965c4e4a7dca5b4e
SHA5124550541cbf25a24270b4ba440beaa31e85a08c80f18ac2f60da3f098837c1b4c0b12c5d71bcb07b0109f0ea2b718050e7dfa6b28ea69a126380e9bc4bf17daf1
-
C:\Program Files\backup.exeFilesize
72KB
MD5b76d997dbe4dc0a90f2229aa6236507d
SHA109ce005b4327039f05de6b116f31f15b69d072b7
SHA25612494a2e977d5d968247320ee21e114896fef5fad917571d9564427156872feb
SHA512f3096b95e0aa0a2d436e0e9fbd6e5be97b57ed2af39c547f5e26dabb2a2d049d2384bebbca68c19a4331769b0468f97e934551304b983aa583e6c94abd5df4e4
-
C:\Program Files\backup.exeFilesize
72KB
MD5b76d997dbe4dc0a90f2229aa6236507d
SHA109ce005b4327039f05de6b116f31f15b69d072b7
SHA25612494a2e977d5d968247320ee21e114896fef5fad917571d9564427156872feb
SHA512f3096b95e0aa0a2d436e0e9fbd6e5be97b57ed2af39c547f5e26dabb2a2d049d2384bebbca68c19a4331769b0468f97e934551304b983aa583e6c94abd5df4e4
-
C:\Users\Admin\AppData\Local\Temp\2265615860\backup.exeFilesize
72KB
MD5669017b6442078db54042844db49dff5
SHA1a699124ee96d1db25a857e183b20c0a9e74388a0
SHA25671780d0c600c7eb7b1d6782ad5bb9cab527d4af1ddd33d17d8984b5a139eaadc
SHA512c86832164b5501708742b2a503dd160fa201d088af2dcf6922a47ce76c45ccdb93f22032e5da1e05086cd0dcd002ff006df75d909e6294fe264b8a084a37d352
-
C:\Users\Admin\AppData\Local\Temp\2265615860\backup.exeFilesize
72KB
MD5669017b6442078db54042844db49dff5
SHA1a699124ee96d1db25a857e183b20c0a9e74388a0
SHA25671780d0c600c7eb7b1d6782ad5bb9cab527d4af1ddd33d17d8984b5a139eaadc
SHA512c86832164b5501708742b2a503dd160fa201d088af2dcf6922a47ce76c45ccdb93f22032e5da1e05086cd0dcd002ff006df75d909e6294fe264b8a084a37d352
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeFilesize
72KB
MD5669017b6442078db54042844db49dff5
SHA1a699124ee96d1db25a857e183b20c0a9e74388a0
SHA25671780d0c600c7eb7b1d6782ad5bb9cab527d4af1ddd33d17d8984b5a139eaadc
SHA512c86832164b5501708742b2a503dd160fa201d088af2dcf6922a47ce76c45ccdb93f22032e5da1e05086cd0dcd002ff006df75d909e6294fe264b8a084a37d352
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exeFilesize
72KB
MD5669017b6442078db54042844db49dff5
SHA1a699124ee96d1db25a857e183b20c0a9e74388a0
SHA25671780d0c600c7eb7b1d6782ad5bb9cab527d4af1ddd33d17d8984b5a139eaadc
SHA512c86832164b5501708742b2a503dd160fa201d088af2dcf6922a47ce76c45ccdb93f22032e5da1e05086cd0dcd002ff006df75d909e6294fe264b8a084a37d352
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exeFilesize
72KB
MD5669017b6442078db54042844db49dff5
SHA1a699124ee96d1db25a857e183b20c0a9e74388a0
SHA25671780d0c600c7eb7b1d6782ad5bb9cab527d4af1ddd33d17d8984b5a139eaadc
SHA512c86832164b5501708742b2a503dd160fa201d088af2dcf6922a47ce76c45ccdb93f22032e5da1e05086cd0dcd002ff006df75d909e6294fe264b8a084a37d352
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeFilesize
72KB
MD5669017b6442078db54042844db49dff5
SHA1a699124ee96d1db25a857e183b20c0a9e74388a0
SHA25671780d0c600c7eb7b1d6782ad5bb9cab527d4af1ddd33d17d8984b5a139eaadc
SHA512c86832164b5501708742b2a503dd160fa201d088af2dcf6922a47ce76c45ccdb93f22032e5da1e05086cd0dcd002ff006df75d909e6294fe264b8a084a37d352
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\data.exeFilesize
72KB
MD5669017b6442078db54042844db49dff5
SHA1a699124ee96d1db25a857e183b20c0a9e74388a0
SHA25671780d0c600c7eb7b1d6782ad5bb9cab527d4af1ddd33d17d8984b5a139eaadc
SHA512c86832164b5501708742b2a503dd160fa201d088af2dcf6922a47ce76c45ccdb93f22032e5da1e05086cd0dcd002ff006df75d909e6294fe264b8a084a37d352
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeFilesize
72KB
MD5669017b6442078db54042844db49dff5
SHA1a699124ee96d1db25a857e183b20c0a9e74388a0
SHA25671780d0c600c7eb7b1d6782ad5bb9cab527d4af1ddd33d17d8984b5a139eaadc
SHA512c86832164b5501708742b2a503dd160fa201d088af2dcf6922a47ce76c45ccdb93f22032e5da1e05086cd0dcd002ff006df75d909e6294fe264b8a084a37d352
-
C:\backup.exeFilesize
72KB
MD5f4abe2feac3601689bdb3c24cf1fd254
SHA1b25f1b8bb21e569db0bf0f2c77021bdf17d9fcc7
SHA256d5b7bdb3a2c6a895502f52f214e411b975136f3c01718336114dcdfdec64673d
SHA5128228fb98710f43cedf05a4bfe0ad7a904c03508124d95e71683a9f14cb567d6c10f72de4078bffa653d78bc211a88ede92a0688f3ee70454ef098d173cbc20fb
-
C:\backup.exeFilesize
72KB
MD5f4abe2feac3601689bdb3c24cf1fd254
SHA1b25f1b8bb21e569db0bf0f2c77021bdf17d9fcc7
SHA256d5b7bdb3a2c6a895502f52f214e411b975136f3c01718336114dcdfdec64673d
SHA5128228fb98710f43cedf05a4bfe0ad7a904c03508124d95e71683a9f14cb567d6c10f72de4078bffa653d78bc211a88ede92a0688f3ee70454ef098d173cbc20fb
-
\PerfLogs\Admin\backup.exeFilesize
72KB
MD5f59eae995d1125e0dea26bab48d2785e
SHA1f99a18f53cfe1d7e3daeca2fe9f5b0ff420db7a9
SHA256a2992a2275d53613fba0994ff3df18f09ae975f916fd0d90db6e2cfffd3f7309
SHA512711a424fb79e7a115906a1b65b8a71d19c85622caf1035e065502496611ab1e38522529f3b8c4a03d0d02c9ec8db6f24551ac8eb91bed2fe31283f0fa963f060
-
\PerfLogs\Admin\backup.exeFilesize
72KB
MD5f59eae995d1125e0dea26bab48d2785e
SHA1f99a18f53cfe1d7e3daeca2fe9f5b0ff420db7a9
SHA256a2992a2275d53613fba0994ff3df18f09ae975f916fd0d90db6e2cfffd3f7309
SHA512711a424fb79e7a115906a1b65b8a71d19c85622caf1035e065502496611ab1e38522529f3b8c4a03d0d02c9ec8db6f24551ac8eb91bed2fe31283f0fa963f060
-
\PerfLogs\backup.exeFilesize
72KB
MD5b76d997dbe4dc0a90f2229aa6236507d
SHA109ce005b4327039f05de6b116f31f15b69d072b7
SHA25612494a2e977d5d968247320ee21e114896fef5fad917571d9564427156872feb
SHA512f3096b95e0aa0a2d436e0e9fbd6e5be97b57ed2af39c547f5e26dabb2a2d049d2384bebbca68c19a4331769b0468f97e934551304b983aa583e6c94abd5df4e4
-
\PerfLogs\backup.exeFilesize
72KB
MD5b76d997dbe4dc0a90f2229aa6236507d
SHA109ce005b4327039f05de6b116f31f15b69d072b7
SHA25612494a2e977d5d968247320ee21e114896fef5fad917571d9564427156872feb
SHA512f3096b95e0aa0a2d436e0e9fbd6e5be97b57ed2af39c547f5e26dabb2a2d049d2384bebbca68c19a4331769b0468f97e934551304b983aa583e6c94abd5df4e4
-
\Program Files\7-Zip\Lang\backup.exeFilesize
72KB
MD51f1e83f0ecec4fcd5bd9eafe1e558260
SHA1fd110eb23ba8962f2a716ff1e432b9c05e01fb92
SHA256273bd82c4cc12a0c6af91b496dabd8335fc3cd947c1016acbd5fa8073ea9124b
SHA512fccce69b304b3cb761fdd9044791f39a5de4c22ff97b589696feef0e1d89e08ee8bcffa0dd4b2940f2e0a76a097215dbf362b11de9627ff26d307b4cde793be0
-
\Program Files\7-Zip\Lang\backup.exeFilesize
72KB
MD51f1e83f0ecec4fcd5bd9eafe1e558260
SHA1fd110eb23ba8962f2a716ff1e432b9c05e01fb92
SHA256273bd82c4cc12a0c6af91b496dabd8335fc3cd947c1016acbd5fa8073ea9124b
SHA512fccce69b304b3cb761fdd9044791f39a5de4c22ff97b589696feef0e1d89e08ee8bcffa0dd4b2940f2e0a76a097215dbf362b11de9627ff26d307b4cde793be0
-
\Program Files\7-Zip\backup.exeFilesize
72KB
MD59d5a1af8dafef5a0f55ac6fa73889c45
SHA11e323aefafe7e3aa0a9a4b70830f31c80bff65bb
SHA25628e500f68c8003b8ce94075dae9eeda7d82c91aa344d95f9965c4e4a7dca5b4e
SHA5124550541cbf25a24270b4ba440beaa31e85a08c80f18ac2f60da3f098837c1b4c0b12c5d71bcb07b0109f0ea2b718050e7dfa6b28ea69a126380e9bc4bf17daf1
-
\Program Files\7-Zip\backup.exeFilesize
72KB
MD59d5a1af8dafef5a0f55ac6fa73889c45
SHA11e323aefafe7e3aa0a9a4b70830f31c80bff65bb
SHA25628e500f68c8003b8ce94075dae9eeda7d82c91aa344d95f9965c4e4a7dca5b4e
SHA5124550541cbf25a24270b4ba440beaa31e85a08c80f18ac2f60da3f098837c1b4c0b12c5d71bcb07b0109f0ea2b718050e7dfa6b28ea69a126380e9bc4bf17daf1
-
\Program Files\Common Files\Microsoft Shared\Filters\backup.exeFilesize
72KB
MD587fbe7c0f9320cd6c664fd99c177b510
SHA18a2e6b38be1e5334d3f49741258427ddfc4c62eb
SHA2568f1d19948d8e935fa281ff4a42dfeacd2d6abd30e6caf2fa14c72dcfeb786253
SHA512fb5b5cf4b781282d09c4ed0276e0247453254466f6b2a53fcbec9a73e97d76e3c5496bdcb3a5d08b58f31ac60912940eeb27f8518260aa58d22cd3b699f77c4a
-
\Program Files\Common Files\Microsoft Shared\Filters\backup.exeFilesize
72KB
MD587fbe7c0f9320cd6c664fd99c177b510
SHA18a2e6b38be1e5334d3f49741258427ddfc4c62eb
SHA2568f1d19948d8e935fa281ff4a42dfeacd2d6abd30e6caf2fa14c72dcfeb786253
SHA512fb5b5cf4b781282d09c4ed0276e0247453254466f6b2a53fcbec9a73e97d76e3c5496bdcb3a5d08b58f31ac60912940eeb27f8518260aa58d22cd3b699f77c4a
-
\Program Files\Common Files\Microsoft Shared\backup.exeFilesize
72KB
MD51f1e83f0ecec4fcd5bd9eafe1e558260
SHA1fd110eb23ba8962f2a716ff1e432b9c05e01fb92
SHA256273bd82c4cc12a0c6af91b496dabd8335fc3cd947c1016acbd5fa8073ea9124b
SHA512fccce69b304b3cb761fdd9044791f39a5de4c22ff97b589696feef0e1d89e08ee8bcffa0dd4b2940f2e0a76a097215dbf362b11de9627ff26d307b4cde793be0
-
\Program Files\Common Files\Microsoft Shared\backup.exeFilesize
72KB
MD51f1e83f0ecec4fcd5bd9eafe1e558260
SHA1fd110eb23ba8962f2a716ff1e432b9c05e01fb92
SHA256273bd82c4cc12a0c6af91b496dabd8335fc3cd947c1016acbd5fa8073ea9124b
SHA512fccce69b304b3cb761fdd9044791f39a5de4c22ff97b589696feef0e1d89e08ee8bcffa0dd4b2940f2e0a76a097215dbf362b11de9627ff26d307b4cde793be0
-
\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exeFilesize
72KB
MD5066f90bed950b4860b7e44b2eb8cc137
SHA1749b37b90751296922f921f83ce9da2fe0ed76b9
SHA256de7307d45a752a2e026bd780300e9b8da90a8f22c2d2012ab7b04388e4d17c50
SHA5126c3b3d6ca967f8f46b332ab33717cfa0236bb6e9814ef8d6d082c6548f9728ad410c5db3889622703d363bb093d92dab35e4f8cfdfc0b805305f7895c81c80dd
-
\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exeFilesize
72KB
MD5066f90bed950b4860b7e44b2eb8cc137
SHA1749b37b90751296922f921f83ce9da2fe0ed76b9
SHA256de7307d45a752a2e026bd780300e9b8da90a8f22c2d2012ab7b04388e4d17c50
SHA5126c3b3d6ca967f8f46b332ab33717cfa0236bb6e9814ef8d6d082c6548f9728ad410c5db3889622703d363bb093d92dab35e4f8cfdfc0b805305f7895c81c80dd
-
\Program Files\Common Files\Microsoft Shared\ink\backup.exeFilesize
72KB
MD587fbe7c0f9320cd6c664fd99c177b510
SHA18a2e6b38be1e5334d3f49741258427ddfc4c62eb
SHA2568f1d19948d8e935fa281ff4a42dfeacd2d6abd30e6caf2fa14c72dcfeb786253
SHA512fb5b5cf4b781282d09c4ed0276e0247453254466f6b2a53fcbec9a73e97d76e3c5496bdcb3a5d08b58f31ac60912940eeb27f8518260aa58d22cd3b699f77c4a
-
\Program Files\Common Files\Microsoft Shared\ink\backup.exeFilesize
72KB
MD587fbe7c0f9320cd6c664fd99c177b510
SHA18a2e6b38be1e5334d3f49741258427ddfc4c62eb
SHA2568f1d19948d8e935fa281ff4a42dfeacd2d6abd30e6caf2fa14c72dcfeb786253
SHA512fb5b5cf4b781282d09c4ed0276e0247453254466f6b2a53fcbec9a73e97d76e3c5496bdcb3a5d08b58f31ac60912940eeb27f8518260aa58d22cd3b699f77c4a
-
\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exeFilesize
72KB
MD58445cf3ec33f48fde818b03e0f0eff75
SHA1778fc10085e2ee5e34deedba7f7b6dc7a4d0ab34
SHA256ad4772202c907c62bde90e88b83615f0c2a80356ac2e014bcb8afcc779c9c38f
SHA512357d084444f057b26d5da8533d17c5289c44238fd4bce8cd4aebf75f096ff555a855650bee2f78c5631e7e3b67d1ec588067c2738c37dea1ae014e2b3ca82d2c
-
\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exeFilesize
72KB
MD58445cf3ec33f48fde818b03e0f0eff75
SHA1778fc10085e2ee5e34deedba7f7b6dc7a4d0ab34
SHA256ad4772202c907c62bde90e88b83615f0c2a80356ac2e014bcb8afcc779c9c38f
SHA512357d084444f057b26d5da8533d17c5289c44238fd4bce8cd4aebf75f096ff555a855650bee2f78c5631e7e3b67d1ec588067c2738c37dea1ae014e2b3ca82d2c
-
\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exeFilesize
72KB
MD58445cf3ec33f48fde818b03e0f0eff75
SHA1778fc10085e2ee5e34deedba7f7b6dc7a4d0ab34
SHA256ad4772202c907c62bde90e88b83615f0c2a80356ac2e014bcb8afcc779c9c38f
SHA512357d084444f057b26d5da8533d17c5289c44238fd4bce8cd4aebf75f096ff555a855650bee2f78c5631e7e3b67d1ec588067c2738c37dea1ae014e2b3ca82d2c
-
\Program Files\Common Files\backup.exeFilesize
72KB
MD59d5a1af8dafef5a0f55ac6fa73889c45
SHA11e323aefafe7e3aa0a9a4b70830f31c80bff65bb
SHA25628e500f68c8003b8ce94075dae9eeda7d82c91aa344d95f9965c4e4a7dca5b4e
SHA5124550541cbf25a24270b4ba440beaa31e85a08c80f18ac2f60da3f098837c1b4c0b12c5d71bcb07b0109f0ea2b718050e7dfa6b28ea69a126380e9bc4bf17daf1
-
\Program Files\Common Files\backup.exeFilesize
72KB
MD59d5a1af8dafef5a0f55ac6fa73889c45
SHA11e323aefafe7e3aa0a9a4b70830f31c80bff65bb
SHA25628e500f68c8003b8ce94075dae9eeda7d82c91aa344d95f9965c4e4a7dca5b4e
SHA5124550541cbf25a24270b4ba440beaa31e85a08c80f18ac2f60da3f098837c1b4c0b12c5d71bcb07b0109f0ea2b718050e7dfa6b28ea69a126380e9bc4bf17daf1
-
\Program Files\backup.exeFilesize
72KB
MD5b76d997dbe4dc0a90f2229aa6236507d
SHA109ce005b4327039f05de6b116f31f15b69d072b7
SHA25612494a2e977d5d968247320ee21e114896fef5fad917571d9564427156872feb
SHA512f3096b95e0aa0a2d436e0e9fbd6e5be97b57ed2af39c547f5e26dabb2a2d049d2384bebbca68c19a4331769b0468f97e934551304b983aa583e6c94abd5df4e4
-
\Program Files\backup.exeFilesize
72KB
MD5b76d997dbe4dc0a90f2229aa6236507d
SHA109ce005b4327039f05de6b116f31f15b69d072b7
SHA25612494a2e977d5d968247320ee21e114896fef5fad917571d9564427156872feb
SHA512f3096b95e0aa0a2d436e0e9fbd6e5be97b57ed2af39c547f5e26dabb2a2d049d2384bebbca68c19a4331769b0468f97e934551304b983aa583e6c94abd5df4e4
-
\Users\Admin\AppData\Local\Temp\2265615860\backup.exeFilesize
72KB
MD5669017b6442078db54042844db49dff5
SHA1a699124ee96d1db25a857e183b20c0a9e74388a0
SHA25671780d0c600c7eb7b1d6782ad5bb9cab527d4af1ddd33d17d8984b5a139eaadc
SHA512c86832164b5501708742b2a503dd160fa201d088af2dcf6922a47ce76c45ccdb93f22032e5da1e05086cd0dcd002ff006df75d909e6294fe264b8a084a37d352
-
\Users\Admin\AppData\Local\Temp\2265615860\backup.exeFilesize
72KB
MD5669017b6442078db54042844db49dff5
SHA1a699124ee96d1db25a857e183b20c0a9e74388a0
SHA25671780d0c600c7eb7b1d6782ad5bb9cab527d4af1ddd33d17d8984b5a139eaadc
SHA512c86832164b5501708742b2a503dd160fa201d088af2dcf6922a47ce76c45ccdb93f22032e5da1e05086cd0dcd002ff006df75d909e6294fe264b8a084a37d352
-
\Users\Admin\AppData\Local\Temp\Low\backup.exeFilesize
72KB
MD5669017b6442078db54042844db49dff5
SHA1a699124ee96d1db25a857e183b20c0a9e74388a0
SHA25671780d0c600c7eb7b1d6782ad5bb9cab527d4af1ddd33d17d8984b5a139eaadc
SHA512c86832164b5501708742b2a503dd160fa201d088af2dcf6922a47ce76c45ccdb93f22032e5da1e05086cd0dcd002ff006df75d909e6294fe264b8a084a37d352
-
\Users\Admin\AppData\Local\Temp\Low\backup.exeFilesize
72KB
MD5669017b6442078db54042844db49dff5
SHA1a699124ee96d1db25a857e183b20c0a9e74388a0
SHA25671780d0c600c7eb7b1d6782ad5bb9cab527d4af1ddd33d17d8984b5a139eaadc
SHA512c86832164b5501708742b2a503dd160fa201d088af2dcf6922a47ce76c45ccdb93f22032e5da1e05086cd0dcd002ff006df75d909e6294fe264b8a084a37d352
-
\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exeFilesize
72KB
MD5669017b6442078db54042844db49dff5
SHA1a699124ee96d1db25a857e183b20c0a9e74388a0
SHA25671780d0c600c7eb7b1d6782ad5bb9cab527d4af1ddd33d17d8984b5a139eaadc
SHA512c86832164b5501708742b2a503dd160fa201d088af2dcf6922a47ce76c45ccdb93f22032e5da1e05086cd0dcd002ff006df75d909e6294fe264b8a084a37d352
-
\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exeFilesize
72KB
MD5669017b6442078db54042844db49dff5
SHA1a699124ee96d1db25a857e183b20c0a9e74388a0
SHA25671780d0c600c7eb7b1d6782ad5bb9cab527d4af1ddd33d17d8984b5a139eaadc
SHA512c86832164b5501708742b2a503dd160fa201d088af2dcf6922a47ce76c45ccdb93f22032e5da1e05086cd0dcd002ff006df75d909e6294fe264b8a084a37d352
-
\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exeFilesize
72KB
MD5669017b6442078db54042844db49dff5
SHA1a699124ee96d1db25a857e183b20c0a9e74388a0
SHA25671780d0c600c7eb7b1d6782ad5bb9cab527d4af1ddd33d17d8984b5a139eaadc
SHA512c86832164b5501708742b2a503dd160fa201d088af2dcf6922a47ce76c45ccdb93f22032e5da1e05086cd0dcd002ff006df75d909e6294fe264b8a084a37d352
-
\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exeFilesize
72KB
MD5669017b6442078db54042844db49dff5
SHA1a699124ee96d1db25a857e183b20c0a9e74388a0
SHA25671780d0c600c7eb7b1d6782ad5bb9cab527d4af1ddd33d17d8984b5a139eaadc
SHA512c86832164b5501708742b2a503dd160fa201d088af2dcf6922a47ce76c45ccdb93f22032e5da1e05086cd0dcd002ff006df75d909e6294fe264b8a084a37d352
-
\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeFilesize
72KB
MD5669017b6442078db54042844db49dff5
SHA1a699124ee96d1db25a857e183b20c0a9e74388a0
SHA25671780d0c600c7eb7b1d6782ad5bb9cab527d4af1ddd33d17d8984b5a139eaadc
SHA512c86832164b5501708742b2a503dd160fa201d088af2dcf6922a47ce76c45ccdb93f22032e5da1e05086cd0dcd002ff006df75d909e6294fe264b8a084a37d352
-
\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeFilesize
72KB
MD5669017b6442078db54042844db49dff5
SHA1a699124ee96d1db25a857e183b20c0a9e74388a0
SHA25671780d0c600c7eb7b1d6782ad5bb9cab527d4af1ddd33d17d8984b5a139eaadc
SHA512c86832164b5501708742b2a503dd160fa201d088af2dcf6922a47ce76c45ccdb93f22032e5da1e05086cd0dcd002ff006df75d909e6294fe264b8a084a37d352
-
\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\data.exeFilesize
72KB
MD5669017b6442078db54042844db49dff5
SHA1a699124ee96d1db25a857e183b20c0a9e74388a0
SHA25671780d0c600c7eb7b1d6782ad5bb9cab527d4af1ddd33d17d8984b5a139eaadc
SHA512c86832164b5501708742b2a503dd160fa201d088af2dcf6922a47ce76c45ccdb93f22032e5da1e05086cd0dcd002ff006df75d909e6294fe264b8a084a37d352
-
\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\data.exeFilesize
72KB
MD5669017b6442078db54042844db49dff5
SHA1a699124ee96d1db25a857e183b20c0a9e74388a0
SHA25671780d0c600c7eb7b1d6782ad5bb9cab527d4af1ddd33d17d8984b5a139eaadc
SHA512c86832164b5501708742b2a503dd160fa201d088af2dcf6922a47ce76c45ccdb93f22032e5da1e05086cd0dcd002ff006df75d909e6294fe264b8a084a37d352
-
\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeFilesize
72KB
MD5669017b6442078db54042844db49dff5
SHA1a699124ee96d1db25a857e183b20c0a9e74388a0
SHA25671780d0c600c7eb7b1d6782ad5bb9cab527d4af1ddd33d17d8984b5a139eaadc
SHA512c86832164b5501708742b2a503dd160fa201d088af2dcf6922a47ce76c45ccdb93f22032e5da1e05086cd0dcd002ff006df75d909e6294fe264b8a084a37d352
-
\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeFilesize
72KB
MD5669017b6442078db54042844db49dff5
SHA1a699124ee96d1db25a857e183b20c0a9e74388a0
SHA25671780d0c600c7eb7b1d6782ad5bb9cab527d4af1ddd33d17d8984b5a139eaadc
SHA512c86832164b5501708742b2a503dd160fa201d088af2dcf6922a47ce76c45ccdb93f22032e5da1e05086cd0dcd002ff006df75d909e6294fe264b8a084a37d352
-
memory/268-203-0x0000000000000000-mapping.dmp
-
memory/268-295-0x0000000000000000-mapping.dmp
-
memory/292-236-0x0000000000000000-mapping.dmp
-
memory/528-251-0x0000000000000000-mapping.dmp
-
memory/576-200-0x0000000000000000-mapping.dmp
-
memory/576-292-0x0000000000000000-mapping.dmp
-
memory/616-76-0x0000000000000000-mapping.dmp
-
memory/628-212-0x0000000000000000-mapping.dmp
-
memory/664-242-0x0000000000000000-mapping.dmp
-
memory/768-94-0x0000000000000000-mapping.dmp
-
memory/780-298-0x0000000000000000-mapping.dmp
-
memory/788-254-0x0000000000000000-mapping.dmp
-
memory/852-148-0x0000000000000000-mapping.dmp
-
memory/900-289-0x0000000000000000-mapping.dmp
-
memory/900-197-0x0000000000000000-mapping.dmp
-
memory/904-194-0x0000000000000000-mapping.dmp
-
memory/904-286-0x0000000000000000-mapping.dmp
-
memory/908-88-0x0000000000000000-mapping.dmp
-
memory/924-120-0x0000000000000000-mapping.dmp
-
memory/948-277-0x0000000000000000-mapping.dmp
-
memory/948-185-0x0000000000000000-mapping.dmp
-
memory/1020-161-0x0000000000000000-mapping.dmp
-
memory/1116-209-0x0000000000000000-mapping.dmp
-
memory/1156-155-0x0000000000000000-mapping.dmp
-
memory/1180-218-0x0000000000000000-mapping.dmp
-
memory/1228-248-0x0000000000000000-mapping.dmp
-
memory/1292-215-0x0000000000000000-mapping.dmp
-
memory/1300-100-0x0000000000000000-mapping.dmp
-
memory/1316-227-0x0000000000000000-mapping.dmp
-
memory/1336-114-0x0000000000000000-mapping.dmp
-
memory/1360-239-0x0000000000000000-mapping.dmp
-
memory/1360-127-0x0000000000000000-mapping.dmp
-
memory/1368-230-0x0000000000000000-mapping.dmp
-
memory/1376-221-0x0000000000000000-mapping.dmp
-
memory/1468-233-0x0000000000000000-mapping.dmp
-
memory/1472-310-0x0000000000000000-mapping.dmp
-
memory/1488-98-0x0000000076681000-0x0000000076683000-memory.dmpFilesize
8KB
-
memory/1488-131-0x0000000074C21000-0x0000000074C23000-memory.dmpFilesize
8KB
-
memory/1512-107-0x0000000000000000-mapping.dmp
-
memory/1524-70-0x0000000000000000-mapping.dmp
-
memory/1612-206-0x0000000000000000-mapping.dmp
-
memory/1624-260-0x0000000000000000-mapping.dmp
-
memory/1672-64-0x0000000000000000-mapping.dmp
-
memory/1676-268-0x0000000000000000-mapping.dmp
-
memory/1676-174-0x0000000000000000-mapping.dmp
-
memory/1680-304-0x0000000000000000-mapping.dmp
-
memory/1692-264-0x0000000000000000-mapping.dmp
-
memory/1712-257-0x0000000000000000-mapping.dmp
-
memory/1728-168-0x0000000000000000-mapping.dmp
-
memory/1748-245-0x0000000000000000-mapping.dmp
-
memory/1780-280-0x0000000000000000-mapping.dmp
-
memory/1780-188-0x0000000000000000-mapping.dmp
-
memory/1792-182-0x0000000000000000-mapping.dmp
-
memory/1792-274-0x0000000000000000-mapping.dmp
-
memory/1800-271-0x0000000000000000-mapping.dmp
-
memory/1800-179-0x0000000000000000-mapping.dmp
-
memory/1816-82-0x0000000000000000-mapping.dmp
-
memory/1896-301-0x0000000000000000-mapping.dmp
-
memory/1956-224-0x0000000000000000-mapping.dmp
-
memory/1960-313-0x0000000000000000-mapping.dmp
-
memory/1964-307-0x0000000000000000-mapping.dmp
-
memory/2008-135-0x0000000000000000-mapping.dmp
-
memory/2012-191-0x0000000000000000-mapping.dmp
-
memory/2012-283-0x0000000000000000-mapping.dmp
-
memory/2016-141-0x0000000000000000-mapping.dmp
-
memory/2044-58-0x0000000000000000-mapping.dmp