Analysis
-
max time kernel
150s -
max time network
50s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
-
submitted
23-11-2022 17:06
General
-
Target
2054bc15e9883eb7a9150db5353ca67d3128f72c1d2bebfd8c1d08a6b6878cd1.exe
-
Size
72KB
-
MD5
51c184262cf64035ce5b7c0f9b341097
-
SHA1
999397ea121aa0ff68ed9ab20ba0474283d60088
-
SHA256
2054bc15e9883eb7a9150db5353ca67d3128f72c1d2bebfd8c1d08a6b6878cd1
-
SHA512
7278ee129bf63313dfc72bba932b514204e4277c4f1269161d08a9cb0b6eb5c9d9a1d5d366142b467047a00f505389de34a5ad64d9aec94ea4aa0f4d70bd9298
-
SSDEEP
768:rpQNwC3BEc4QEfu0Ei8XxNDINE3BEJwRr9eo:teThavEjDWguK9p
Score
10/10
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 9 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2054bc15e9883eb7a9150db5353ca67d3128f72c1d2bebfd8c1d08a6b6878cd1.exe"C:\Users\Admin\AppData\Local\Temp\2054bc15e9883eb7a9150db5353ca67d3128f72c1d2bebfd8c1d08a6b6878cd1.exe"1⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\437787944\backup.exeC:\Users\Admin\AppData\Local\Temp\437787944\backup.exe C:\Users\Admin\AppData\Local\Temp\437787944\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\backup.exe\backup.exe \3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\PerfLogs\Admin\backup.exeC:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\data.exe"C:\Program Files\Common Files\Microsoft Shared\data.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\8⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\7⤵
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\8⤵
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\update.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\update.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\update.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\update.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\data.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\data.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\data.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\data.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VC\7⤵
-
C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VGX\7⤵
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\7⤵
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\9⤵
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
- System policy modification
-
C:\Program Files\Common Files\SpeechEngines\backup.exe"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\6⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe"C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\7⤵
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- System policy modification
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Common Files\System\ado\fr-FR\data.exe"C:\Program Files\Common Files\System\ado\fr-FR\data.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\7⤵
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
-
C:\Program Files\Common Files\System\msadc\backup.exe"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\System\msadc\de-DE\backup.exe"C:\Program Files\Common Files\System\msadc\de-DE\backup.exe" C:\Program Files\Common Files\System\msadc\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\System\msadc\en-US\backup.exe"C:\Program Files\Common Files\System\msadc\en-US\backup.exe" C:\Program Files\Common Files\System\msadc\en-US\8⤵
-
C:\Program Files\Common Files\System\msadc\es-ES\backup.exe"C:\Program Files\Common Files\System\msadc\es-ES\backup.exe" C:\Program Files\Common Files\System\msadc\es-ES\8⤵
-
C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe"C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe" C:\Program Files\Common Files\System\msadc\fr-FR\8⤵
-
C:\Program Files\Common Files\System\msadc\it-IT\backup.exe"C:\Program Files\Common Files\System\msadc\it-IT\backup.exe" C:\Program Files\Common Files\System\msadc\it-IT\8⤵
-
C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe"C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe" C:\Program Files\Common Files\System\msadc\ja-JP\8⤵
-
C:\Program Files\Common Files\System\Ole DB\backup.exe"C:\Program Files\Common Files\System\Ole DB\backup.exe" C:\Program Files\Common Files\System\Ole DB\7⤵
-
C:\Program Files\Common Files\System\Ole DB\de-DE\backup.exe"C:\Program Files\Common Files\System\Ole DB\de-DE\backup.exe" C:\Program Files\Common Files\System\Ole DB\de-DE\8⤵
-
C:\Program Files\Common Files\System\Ole DB\en-US\backup.exe"C:\Program Files\Common Files\System\Ole DB\en-US\backup.exe" C:\Program Files\Common Files\System\Ole DB\en-US\8⤵
-
C:\Program Files\Common Files\System\Ole DB\es-ES\backup.exe"C:\Program Files\Common Files\System\Ole DB\es-ES\backup.exe" C:\Program Files\Common Files\System\Ole DB\es-ES\8⤵
-
C:\Program Files\Common Files\System\Ole DB\fr-FR\backup.exe"C:\Program Files\Common Files\System\Ole DB\fr-FR\backup.exe" C:\Program Files\Common Files\System\Ole DB\fr-FR\8⤵
-
C:\Program Files\Common Files\System\Ole DB\it-IT\backup.exe"C:\Program Files\Common Files\System\Ole DB\it-IT\backup.exe" C:\Program Files\Common Files\System\Ole DB\it-IT\8⤵
-
C:\Program Files\Common Files\System\Ole DB\ja-JP\backup.exe"C:\Program Files\Common Files\System\Ole DB\ja-JP\backup.exe" C:\Program Files\Common Files\System\Ole DB\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\DVD Maker\backup.exe"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\5⤵
- Drops file in Program Files directory
-
C:\Program Files\DVD Maker\de-DE\backup.exe"C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\DVD Maker\en-US\backup.exe"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\6⤵
-
C:\Program Files\DVD Maker\es-ES\backup.exe"C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\6⤵
-
C:\Program Files\DVD Maker\fr-FR\backup.exe"C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\6⤵
-
C:\Program Files\DVD Maker\it-IT\backup.exe"C:\Program Files\DVD Maker\it-IT\backup.exe" C:\Program Files\DVD Maker\it-IT\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\DVD Maker\ja-JP\backup.exe"C:\Program Files\DVD Maker\ja-JP\backup.exe" C:\Program Files\DVD Maker\ja-JP\6⤵
-
C:\Program Files\DVD Maker\Shared\backup.exe"C:\Program Files\DVD Maker\Shared\backup.exe" C:\Program Files\DVD Maker\Shared\6⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\7⤵
- Drops file in Program Files directory
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\8⤵
- System policy modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Full\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\8⤵
- System policy modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\8⤵
- System policy modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Push\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Push\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Push\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\System Restore.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\System Restore.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\8⤵
- System policy modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\8⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\8⤵
- System policy modification
-
C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\8⤵
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\7⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\System Restore.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\System Restore.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\8⤵
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\9⤵
- System policy modification
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\9⤵
- System policy modification
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\9⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\swiftshader\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\9⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\9⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\backup.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\backup.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\10⤵
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\update.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\update.exe" C:\Program Files\Google\Chrome\Application\89.0.4389.114\WidevineCdm\_platform_specific\win_x64\11⤵
-
C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe"C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\8⤵
- System policy modification
-
C:\Program Files\Google\Chrome\Application\Dictionaries\backup.exe"C:\Program Files\Google\Chrome\Application\Dictionaries\backup.exe" C:\Program Files\Google\Chrome\Application\Dictionaries\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Internet Explorer\update.exe"C:\Program Files\Internet Explorer\update.exe" C:\Program Files\Internet Explorer\5⤵
- Drops file in Program Files directory
-
C:\Program Files\Internet Explorer\de-DE\backup.exe"C:\Program Files\Internet Explorer\de-DE\backup.exe" C:\Program Files\Internet Explorer\de-DE\6⤵
-
C:\Program Files\Internet Explorer\en-US\backup.exe"C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\6⤵
-
C:\Program Files\Internet Explorer\es-ES\backup.exe"C:\Program Files\Internet Explorer\es-ES\backup.exe" C:\Program Files\Internet Explorer\es-ES\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Internet Explorer\fr-FR\backup.exe"C:\Program Files\Internet Explorer\fr-FR\backup.exe" C:\Program Files\Internet Explorer\fr-FR\6⤵
-
C:\Program Files\Internet Explorer\images\backup.exe"C:\Program Files\Internet Explorer\images\backup.exe" C:\Program Files\Internet Explorer\images\6⤵
-
C:\Program Files\Internet Explorer\it-IT\backup.exe"C:\Program Files\Internet Explorer\it-IT\backup.exe" C:\Program Files\Internet Explorer\it-IT\6⤵
-
C:\Program Files\Internet Explorer\ja-JP\backup.exe"C:\Program Files\Internet Explorer\ja-JP\backup.exe" C:\Program Files\Internet Explorer\ja-JP\6⤵
-
C:\Program Files\Internet Explorer\SIGNUP\data.exe"C:\Program Files\Internet Explorer\SIGNUP\data.exe" C:\Program Files\Internet Explorer\SIGNUP\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.7.0_80\backup.exe"C:\Program Files\Java\jdk1.7.0_80\backup.exe" C:\Program Files\Java\jdk1.7.0_80\6⤵
-
C:\Program Files\Java\jre7\backup.exe"C:\Program Files\Java\jre7\backup.exe" C:\Program Files\Java\jre7\6⤵
-
C:\Program Files\Java\jre7\bin\backup.exe"C:\Program Files\Java\jre7\bin\backup.exe" C:\Program Files\Java\jre7\bin\7⤵
-
C:\Program Files\Java\jre7\bin\dtplugin\System Restore.exe"C:\Program Files\Java\jre7\bin\dtplugin\System Restore.exe" C:\Program Files\Java\jre7\bin\dtplugin\8⤵
-
C:\Program Files\Java\jre7\bin\plugin2\backup.exe"C:\Program Files\Java\jre7\bin\plugin2\backup.exe" C:\Program Files\Java\jre7\bin\plugin2\8⤵
-
C:\Program Files\Java\jre7\bin\server\backup.exe"C:\Program Files\Java\jre7\bin\server\backup.exe" C:\Program Files\Java\jre7\bin\server\8⤵
-
C:\Program Files\Java\jre7\lib\backup.exe"C:\Program Files\Java\jre7\lib\backup.exe" C:\Program Files\Java\jre7\lib\7⤵
-
C:\Program Files\Java\jre7\lib\amd64\backup.exe"C:\Program Files\Java\jre7\lib\amd64\backup.exe" C:\Program Files\Java\jre7\lib\amd64\8⤵
-
C:\Program Files\Java\jre7\lib\applet\backup.exe"C:\Program Files\Java\jre7\lib\applet\backup.exe" C:\Program Files\Java\jre7\lib\applet\8⤵
-
C:\Program Files\Microsoft Games\data.exe"C:\Program Files\Microsoft Games\data.exe" C:\Program Files\Microsoft Games\5⤵
-
C:\Program Files\Microsoft Office\backup.exe"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\5⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Microsoft Office\Office14\backup.exe"C:\Program Files\Microsoft Office\Office14\backup.exe" C:\Program Files\Microsoft Office\Office14\6⤵
-
C:\Program Files\Mozilla Firefox\backup.exe"C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\5⤵
-
C:\Program Files\MSBuild\backup.exe"C:\Program Files\MSBuild\backup.exe" C:\Program Files\MSBuild\5⤵
- System policy modification
-
C:\Program Files\MSBuild\Microsoft\backup.exe"C:\Program Files\MSBuild\Microsoft\backup.exe" C:\Program Files\MSBuild\Microsoft\6⤵
-
C:\Program Files\Reference Assemblies\backup.exe"C:\Program Files\Reference Assemblies\backup.exe" C:\Program Files\Reference Assemblies\5⤵
-
C:\Program Files\VideoLAN\backup.exe"C:\Program Files\VideoLAN\backup.exe" C:\Program Files\VideoLAN\5⤵
-
C:\Program Files\Windows Defender\backup.exe"C:\Program Files\Windows Defender\backup.exe" C:\Program Files\Windows Defender\5⤵
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\8⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\data.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\data.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\9⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\8⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\data.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\data.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\9⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\9⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\10⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\9⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\10⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\11⤵
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\12⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\10⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\9⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\10⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\9⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\8⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\9⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\9⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\10⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\11⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\8⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\9⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\10⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\10⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\11⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\11⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\11⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Services\update.exe"C:\Program Files (x86)\Common Files\Services\update.exe" C:\Program Files (x86)\Common Files\Services\6⤵
-
C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe"C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe" C:\Program Files (x86)\Common Files\SpeechEngines\6⤵
-
C:\Program Files (x86)\Common Files\System\backup.exe"C:\Program Files (x86)\Common Files\System\backup.exe" C:\Program Files (x86)\Common Files\System\6⤵
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Google\CrashReports\System Restore.exe"C:\Program Files (x86)\Google\CrashReports\System Restore.exe" C:\Program Files (x86)\Google\CrashReports\6⤵
-
C:\Program Files (x86)\Google\Policies\backup.exe"C:\Program Files (x86)\Google\Policies\backup.exe" C:\Program Files (x86)\Google\Policies\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Google\Temp\backup.exe"C:\Program Files (x86)\Google\Temp\backup.exe" C:\Program Files (x86)\Google\Temp\6⤵
-
C:\Program Files (x86)\Google\Update\backup.exe"C:\Program Files (x86)\Google\Update\backup.exe" C:\Program Files (x86)\Google\Update\6⤵
-
C:\Program Files (x86)\Google\Update\1.3.36.71\backup.exe"C:\Program Files (x86)\Google\Update\1.3.36.71\backup.exe" C:\Program Files (x86)\Google\Update\1.3.36.71\7⤵
-
C:\Program Files (x86)\Google\Update\Download\backup.exe"C:\Program Files (x86)\Google\Update\Download\backup.exe" C:\Program Files (x86)\Google\Update\Download\7⤵
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe"C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe" C:\Program Files (x86)\Internet Explorer\de-DE\6⤵
-
C:\Program Files (x86)\Internet Explorer\en-US\backup.exe"C:\Program Files (x86)\Internet Explorer\en-US\backup.exe" C:\Program Files (x86)\Internet Explorer\en-US\6⤵
-
C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe"C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe" C:\Program Files (x86)\Internet Explorer\es-ES\6⤵
-
C:\Program Files (x86)\Internet Explorer\fr-FR\backup.exe"C:\Program Files (x86)\Internet Explorer\fr-FR\backup.exe" C:\Program Files (x86)\Internet Explorer\fr-FR\6⤵
-
C:\Program Files (x86)\Internet Explorer\it-IT\backup.exe"C:\Program Files (x86)\Internet Explorer\it-IT\backup.exe" C:\Program Files (x86)\Internet Explorer\it-IT\6⤵
-
C:\Program Files (x86)\Internet Explorer\ja-JP\backup.exe"C:\Program Files (x86)\Internet Explorer\ja-JP\backup.exe" C:\Program Files (x86)\Internet Explorer\ja-JP\6⤵
-
C:\Program Files (x86)\Internet Explorer\SIGNUP\backup.exe"C:\Program Files (x86)\Internet Explorer\SIGNUP\backup.exe" C:\Program Files (x86)\Internet Explorer\SIGNUP\6⤵
-
C:\Program Files (x86)\Microsoft Analysis Services\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\5⤵
-
C:\Program Files (x86)\Microsoft Office\backup.exe"C:\Program Files (x86)\Microsoft Office\backup.exe" C:\Program Files (x86)\Microsoft Office\5⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft Office\CLIPART\backup.exe"C:\Program Files (x86)\Microsoft Office\CLIPART\backup.exe" C:\Program Files (x86)\Microsoft Office\CLIPART\6⤵
-
C:\Program Files (x86)\Microsoft Office\Document Themes 14\backup.exe"C:\Program Files (x86)\Microsoft Office\Document Themes 14\backup.exe" C:\Program Files (x86)\Microsoft Office\Document Themes 14\6⤵
-
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe"C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe" C:\Program Files (x86)\Microsoft SQL Server Compact Edition\5⤵
-
C:\Program Files (x86)\Microsoft Sync Framework\backup.exe"C:\Program Files (x86)\Microsoft Sync Framework\backup.exe" C:\Program Files (x86)\Microsoft Sync Framework\5⤵
-
C:\Program Files (x86)\Microsoft Synchronization Services\update.exe"C:\Program Files (x86)\Microsoft Synchronization Services\update.exe" C:\Program Files (x86)\Microsoft Synchronization Services\5⤵
-
C:\Program Files (x86)\Microsoft Visual Studio 8\backup.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\backup.exe" C:\Program Files (x86)\Microsoft Visual Studio 8\5⤵
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Admin\Contacts\data.exeC:\Users\Admin\Contacts\data.exe C:\Users\Admin\Contacts\6⤵
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\6⤵
- System policy modification
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
-
C:\Users\Admin\Favorites\backup.exeC:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\6⤵
-
C:\Users\Admin\Links\backup.exeC:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\6⤵
-
C:\Users\Admin\Music\backup.exeC:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\6⤵
-
C:\Users\Admin\Pictures\System Restore.exe"C:\Users\Admin\Pictures\System Restore.exe" C:\Users\Admin\Pictures\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Users\Admin\Saved Games\backup.exe"C:\Users\Admin\Saved Games\backup.exe" C:\Users\Admin\Saved Games\6⤵
-
C:\Users\Admin\Searches\backup.exeC:\Users\Admin\Searches\backup.exe C:\Users\Admin\Searches\6⤵
-
C:\Users\Admin\Videos\backup.exeC:\Users\Admin\Videos\backup.exe C:\Users\Admin\Videos\6⤵
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
- System policy modification
-
C:\Users\Public\Documents\backup.exeC:\Users\Public\Documents\backup.exe C:\Users\Public\Documents\6⤵
- System policy modification
-
C:\Users\Public\Downloads\backup.exeC:\Users\Public\Downloads\backup.exe C:\Users\Public\Downloads\6⤵
-
C:\Users\Public\Music\backup.exeC:\Users\Public\Music\backup.exe C:\Users\Public\Music\6⤵
-
C:\Users\Public\Pictures\backup.exeC:\Users\Public\Pictures\backup.exe C:\Users\Public\Pictures\6⤵
- System policy modification
-
C:\Users\Public\Pictures\Sample Pictures\backup.exe"C:\Users\Public\Pictures\Sample Pictures\backup.exe" C:\Users\Public\Pictures\Sample Pictures\7⤵
-
C:\Users\Public\Recorded TV\backup.exe"C:\Users\Public\Recorded TV\backup.exe" C:\Users\Public\Recorded TV\6⤵
-
C:\Users\Public\Videos\backup.exeC:\Users\Public\Videos\backup.exe C:\Users\Public\Videos\6⤵
-
C:\Windows\data.exeC:\Windows\data.exe C:\Windows\4⤵
- Drops file in Windows directory
- System policy modification
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
-
C:\Windows\AppCompat\data.exeC:\Windows\AppCompat\data.exe C:\Windows\AppCompat\5⤵
-
C:\Windows\AppPatch\backup.exeC:\Windows\AppPatch\backup.exe C:\Windows\AppPatch\5⤵
-
C:\Windows\assembly\backup.exeC:\Windows\assembly\backup.exe C:\Windows\assembly\5⤵
-
C:\Windows\Branding\backup.exeC:\Windows\Branding\backup.exe C:\Windows\Branding\5⤵
-
C:\Windows\CSC\backup.exeC:\Windows\CSC\backup.exe C:\Windows\CSC\5⤵
-
C:\Windows\Cursors\backup.exeC:\Windows\Cursors\backup.exe C:\Windows\Cursors\5⤵
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\3⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\4⤵
-
C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\4⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\5⤵
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\6⤵
-
C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Updater6\4⤵
-
C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\3⤵
-
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\Versions\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\Versions\4⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\5⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Common Files\DESIGNER\backup.exe"C:\Program Files (x86)\Common Files\DESIGNER\backup.exe" C:\Program Files (x86)\Common Files\DESIGNER\3⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Common Files\microsoft shared\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\3⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\microsoft shared\DW\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\DW\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\DW\4⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\4⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\1033\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\1033\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\1033\5⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\EURO\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\EURO\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\EURO\4⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\Filters\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Filters\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Filters\4⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\4⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\4⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\5⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\data.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\data.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\5⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\System Restore.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\System Restore.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\5⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\5⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\5⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\5⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\5⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\5⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\update.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\update.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\5⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\5⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\5⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\4⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\1.0\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\1.0\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\1.0\5⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\System Restore.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\System Restore.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\5⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\5⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\5⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\5⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\5⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\HWRCustomization\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\HWRCustomization\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\HWRCustomization\5⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\it-IT\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\it-IT\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\it-IT\5⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\update.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\update.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\5⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\MSClientDataMgr\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSClientDataMgr\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSClientDataMgr\4⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\4⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\4⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\de-DE\System Restore.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\de-DE\System Restore.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\de-DE\5⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\en-US\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\en-US\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\en-US\5⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\es-ES\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\es-ES\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\es-ES\5⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\4⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\4⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\Portal\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Portal\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Portal\4⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\PROOF\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\PROOF\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\PROOF\4⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\4⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\4⤵
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeC:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Common Files\microsoft shared\DAO\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\DAO\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\DAO\1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\PerfLogs\Admin\backup.exeFilesize
72KB
MD540114c70c6440aee69cce99fe5d4464b
SHA15b983f3f6448afb121734ac927ba3d30afdae32e
SHA256739fa0a8a3e6b3be436fa59bf6854051b39312c37e7a2877961f4bddafb3a2ca
SHA512673eba85e643423af08b56e73ff82026125d88677c6368d88d0bb7eda06c38112f0bd642256f0c1b809857b3244d446087f79160089d7e3aecc45cea1d773b7e
-
C:\PerfLogs\backup.exeFilesize
72KB
MD59084b38a70ee172271eff5d465971071
SHA1f4bf441d627dcf02cc6a8fa013b4a437ec3f6a46
SHA256febcefd82fc42c4c490edfd54ae7e954827c3daccf92cf8c1b7ae3fe4d30e74f
SHA5123b6de4506b0ced17bf0a04b3bdfe5bcc14d61c493b8a402b897e59844b5f76250b5d0f7efd1a75f4d96e79435c42435dcacce61cb7c56ed7e1a28110db6b3a46
-
C:\PerfLogs\backup.exeFilesize
72KB
MD59084b38a70ee172271eff5d465971071
SHA1f4bf441d627dcf02cc6a8fa013b4a437ec3f6a46
SHA256febcefd82fc42c4c490edfd54ae7e954827c3daccf92cf8c1b7ae3fe4d30e74f
SHA5123b6de4506b0ced17bf0a04b3bdfe5bcc14d61c493b8a402b897e59844b5f76250b5d0f7efd1a75f4d96e79435c42435dcacce61cb7c56ed7e1a28110db6b3a46
-
C:\Program Files\7-Zip\Lang\backup.exeFilesize
72KB
MD5ce26f373d95f294adea9222b5484ad27
SHA17bfafb71d9e6c00520b3b105a9cb7639dc2cb38a
SHA2561720145af58bd6961d965911cb8c075527e7803c2f366224290f71d57b693bd2
SHA5121d724fe34c46aa527de27d153779e252b61d51ee00d970efaf9e2f55db969bc2c7fc3a1cdbb48221e395d74f5a7f2da9e4262effe2c41d93c9f42c84f7812b33
-
C:\Program Files\7-Zip\backup.exeFilesize
72KB
MD540114c70c6440aee69cce99fe5d4464b
SHA15b983f3f6448afb121734ac927ba3d30afdae32e
SHA256739fa0a8a3e6b3be436fa59bf6854051b39312c37e7a2877961f4bddafb3a2ca
SHA512673eba85e643423af08b56e73ff82026125d88677c6368d88d0bb7eda06c38112f0bd642256f0c1b809857b3244d446087f79160089d7e3aecc45cea1d773b7e
-
C:\Program Files\7-Zip\backup.exeFilesize
72KB
MD540114c70c6440aee69cce99fe5d4464b
SHA15b983f3f6448afb121734ac927ba3d30afdae32e
SHA256739fa0a8a3e6b3be436fa59bf6854051b39312c37e7a2877961f4bddafb3a2ca
SHA512673eba85e643423af08b56e73ff82026125d88677c6368d88d0bb7eda06c38112f0bd642256f0c1b809857b3244d446087f79160089d7e3aecc45cea1d773b7e
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exeFilesize
72KB
MD57e76ec71da5d940cd7e0ddae1608c759
SHA1a3e45ee6803c709cbfcce979a76cc5bc8033898a
SHA25688bb17416ffca4441163b5d29dc6c469a33f7aae2a040bae3ad9a87c254bd12e
SHA512097499331d15bce486b6c58c9e27bf5afe8b0b5e7969335dda64b9960ff9a1e21485037a2ee17bf460536099a4dae7f33b45722235242efd0a3e646e94123334
-
C:\Program Files\Common Files\Microsoft Shared\data.exeFilesize
72KB
MD5590b61ce0522748a81f3bcaf9c47ecce
SHA1e4b977813e53f6e0c3f582ad38f9c00283d499b3
SHA25628f133051234d000b0103d8265973a4a590a3a98332e792a9a0e74927827e7fa
SHA512b42a9ad5f504fc92e376ca14e98aa4e451a62938977d8907ba565316842514f1bacd4e564acb4f5aa439984912e27255765d0b307b0bc33dbc35f2c13107276a
-
C:\Program Files\Common Files\Microsoft Shared\data.exeFilesize
72KB
MD5590b61ce0522748a81f3bcaf9c47ecce
SHA1e4b977813e53f6e0c3f582ad38f9c00283d499b3
SHA25628f133051234d000b0103d8265973a4a590a3a98332e792a9a0e74927827e7fa
SHA512b42a9ad5f504fc92e376ca14e98aa4e451a62938977d8907ba565316842514f1bacd4e564acb4f5aa439984912e27255765d0b307b0bc33dbc35f2c13107276a
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exeFilesize
72KB
MD57e58853ca95b31d3a15b6153d6f7d963
SHA1d8c9ac816f73b4ae6ddcb04d9ed8badb9ce02ca6
SHA256d1eb1cf3593ad7df730c43aa6f09c7e51459b29ef26bb19d585d863142a0d7e4
SHA51241f2d04509f806ba587174234fe0959f0a467099e15fd981edfba462a88aadc21a2c2798a228c28b89924752317b5848bf5d89ec3ea553beb79e9ba15dd64f51
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exeFilesize
72KB
MD57e76ec71da5d940cd7e0ddae1608c759
SHA1a3e45ee6803c709cbfcce979a76cc5bc8033898a
SHA25688bb17416ffca4441163b5d29dc6c469a33f7aae2a040bae3ad9a87c254bd12e
SHA512097499331d15bce486b6c58c9e27bf5afe8b0b5e7969335dda64b9960ff9a1e21485037a2ee17bf460536099a4dae7f33b45722235242efd0a3e646e94123334
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exeFilesize
72KB
MD57e76ec71da5d940cd7e0ddae1608c759
SHA1a3e45ee6803c709cbfcce979a76cc5bc8033898a
SHA25688bb17416ffca4441163b5d29dc6c469a33f7aae2a040bae3ad9a87c254bd12e
SHA512097499331d15bce486b6c58c9e27bf5afe8b0b5e7969335dda64b9960ff9a1e21485037a2ee17bf460536099a4dae7f33b45722235242efd0a3e646e94123334
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exeFilesize
72KB
MD57e58853ca95b31d3a15b6153d6f7d963
SHA1d8c9ac816f73b4ae6ddcb04d9ed8badb9ce02ca6
SHA256d1eb1cf3593ad7df730c43aa6f09c7e51459b29ef26bb19d585d863142a0d7e4
SHA51241f2d04509f806ba587174234fe0959f0a467099e15fd981edfba462a88aadc21a2c2798a228c28b89924752317b5848bf5d89ec3ea553beb79e9ba15dd64f51
-
C:\Program Files\Common Files\backup.exeFilesize
72KB
MD5412e9f413e2a5ac89acc651bc8dc1c5d
SHA1bd9a7ea7ca417035dd94b46273d28bf188db8e7b
SHA2564259bf0be006fe0ceeb2d85ef6426d2ba8e5dd6cec9943f5723f900f46fad936
SHA512cac975f05b7e07c1df0efbacc62aaf15ff9120e8d1e89fdb5ac23997d0c20837305decc04edef5fcbecdf9f090c1f3fca7793a16c1b1074e0ae5325b4f7498e5
-
C:\Program Files\Common Files\backup.exeFilesize
72KB
MD5412e9f413e2a5ac89acc651bc8dc1c5d
SHA1bd9a7ea7ca417035dd94b46273d28bf188db8e7b
SHA2564259bf0be006fe0ceeb2d85ef6426d2ba8e5dd6cec9943f5723f900f46fad936
SHA512cac975f05b7e07c1df0efbacc62aaf15ff9120e8d1e89fdb5ac23997d0c20837305decc04edef5fcbecdf9f090c1f3fca7793a16c1b1074e0ae5325b4f7498e5
-
C:\Program Files\backup.exeFilesize
72KB
MD59084b38a70ee172271eff5d465971071
SHA1f4bf441d627dcf02cc6a8fa013b4a437ec3f6a46
SHA256febcefd82fc42c4c490edfd54ae7e954827c3daccf92cf8c1b7ae3fe4d30e74f
SHA5123b6de4506b0ced17bf0a04b3bdfe5bcc14d61c493b8a402b897e59844b5f76250b5d0f7efd1a75f4d96e79435c42435dcacce61cb7c56ed7e1a28110db6b3a46
-
C:\Program Files\backup.exeFilesize
72KB
MD59084b38a70ee172271eff5d465971071
SHA1f4bf441d627dcf02cc6a8fa013b4a437ec3f6a46
SHA256febcefd82fc42c4c490edfd54ae7e954827c3daccf92cf8c1b7ae3fe4d30e74f
SHA5123b6de4506b0ced17bf0a04b3bdfe5bcc14d61c493b8a402b897e59844b5f76250b5d0f7efd1a75f4d96e79435c42435dcacce61cb7c56ed7e1a28110db6b3a46
-
C:\Users\Admin\AppData\Local\Temp\437787944\backup.exeFilesize
72KB
MD57e1301a5751d89095ba407c8e64e4a07
SHA151b19ed85f468c38ae95a0360b722bf04cd2847e
SHA25640f716009c9554bd6ba0350f90440f27cdca9ec67e20985508bf294111ad6b56
SHA51260ec61a8aca8107a20e450d75b21b19812c92004415f191b973df2855258d889894fbf941934a0b1ada3d2a53b6c53e7d36994994173a99b44f2d1a28dc4190a
-
C:\Users\Admin\AppData\Local\Temp\437787944\backup.exeFilesize
72KB
MD57e1301a5751d89095ba407c8e64e4a07
SHA151b19ed85f468c38ae95a0360b722bf04cd2847e
SHA25640f716009c9554bd6ba0350f90440f27cdca9ec67e20985508bf294111ad6b56
SHA51260ec61a8aca8107a20e450d75b21b19812c92004415f191b973df2855258d889894fbf941934a0b1ada3d2a53b6c53e7d36994994173a99b44f2d1a28dc4190a
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeFilesize
72KB
MD57e1301a5751d89095ba407c8e64e4a07
SHA151b19ed85f468c38ae95a0360b722bf04cd2847e
SHA25640f716009c9554bd6ba0350f90440f27cdca9ec67e20985508bf294111ad6b56
SHA51260ec61a8aca8107a20e450d75b21b19812c92004415f191b973df2855258d889894fbf941934a0b1ada3d2a53b6c53e7d36994994173a99b44f2d1a28dc4190a
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exeFilesize
72KB
MD57e1301a5751d89095ba407c8e64e4a07
SHA151b19ed85f468c38ae95a0360b722bf04cd2847e
SHA25640f716009c9554bd6ba0350f90440f27cdca9ec67e20985508bf294111ad6b56
SHA51260ec61a8aca8107a20e450d75b21b19812c92004415f191b973df2855258d889894fbf941934a0b1ada3d2a53b6c53e7d36994994173a99b44f2d1a28dc4190a
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exeFilesize
72KB
MD57e1301a5751d89095ba407c8e64e4a07
SHA151b19ed85f468c38ae95a0360b722bf04cd2847e
SHA25640f716009c9554bd6ba0350f90440f27cdca9ec67e20985508bf294111ad6b56
SHA51260ec61a8aca8107a20e450d75b21b19812c92004415f191b973df2855258d889894fbf941934a0b1ada3d2a53b6c53e7d36994994173a99b44f2d1a28dc4190a
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeFilesize
72KB
MD57e1301a5751d89095ba407c8e64e4a07
SHA151b19ed85f468c38ae95a0360b722bf04cd2847e
SHA25640f716009c9554bd6ba0350f90440f27cdca9ec67e20985508bf294111ad6b56
SHA51260ec61a8aca8107a20e450d75b21b19812c92004415f191b973df2855258d889894fbf941934a0b1ada3d2a53b6c53e7d36994994173a99b44f2d1a28dc4190a
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeFilesize
72KB
MD57e1301a5751d89095ba407c8e64e4a07
SHA151b19ed85f468c38ae95a0360b722bf04cd2847e
SHA25640f716009c9554bd6ba0350f90440f27cdca9ec67e20985508bf294111ad6b56
SHA51260ec61a8aca8107a20e450d75b21b19812c92004415f191b973df2855258d889894fbf941934a0b1ada3d2a53b6c53e7d36994994173a99b44f2d1a28dc4190a
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeFilesize
72KB
MD57e1301a5751d89095ba407c8e64e4a07
SHA151b19ed85f468c38ae95a0360b722bf04cd2847e
SHA25640f716009c9554bd6ba0350f90440f27cdca9ec67e20985508bf294111ad6b56
SHA51260ec61a8aca8107a20e450d75b21b19812c92004415f191b973df2855258d889894fbf941934a0b1ada3d2a53b6c53e7d36994994173a99b44f2d1a28dc4190a
-
C:\backup.exeFilesize
72KB
MD57b7b0f5135c8ec2ffe841da4d18fec0b
SHA145e8f7975f8a926e0bd86116efa99e112ce0d6b7
SHA256cdade9b872139d4bff61beee3090c99bfb1631f0c1512da47bb1743a26a77cd1
SHA512d54b25f41d34351c771935b4deb74c3fb51c5239ae0fde750e849a8fde248be72042c1583940105632bb7eaa1f0e71b90751a5caf5ed540f2dc2be8133df8a03
-
C:\backup.exeFilesize
72KB
MD57b7b0f5135c8ec2ffe841da4d18fec0b
SHA145e8f7975f8a926e0bd86116efa99e112ce0d6b7
SHA256cdade9b872139d4bff61beee3090c99bfb1631f0c1512da47bb1743a26a77cd1
SHA512d54b25f41d34351c771935b4deb74c3fb51c5239ae0fde750e849a8fde248be72042c1583940105632bb7eaa1f0e71b90751a5caf5ed540f2dc2be8133df8a03
-
\PerfLogs\Admin\backup.exeFilesize
72KB
MD540114c70c6440aee69cce99fe5d4464b
SHA15b983f3f6448afb121734ac927ba3d30afdae32e
SHA256739fa0a8a3e6b3be436fa59bf6854051b39312c37e7a2877961f4bddafb3a2ca
SHA512673eba85e643423af08b56e73ff82026125d88677c6368d88d0bb7eda06c38112f0bd642256f0c1b809857b3244d446087f79160089d7e3aecc45cea1d773b7e
-
\PerfLogs\Admin\backup.exeFilesize
72KB
MD540114c70c6440aee69cce99fe5d4464b
SHA15b983f3f6448afb121734ac927ba3d30afdae32e
SHA256739fa0a8a3e6b3be436fa59bf6854051b39312c37e7a2877961f4bddafb3a2ca
SHA512673eba85e643423af08b56e73ff82026125d88677c6368d88d0bb7eda06c38112f0bd642256f0c1b809857b3244d446087f79160089d7e3aecc45cea1d773b7e
-
\PerfLogs\backup.exeFilesize
72KB
MD59084b38a70ee172271eff5d465971071
SHA1f4bf441d627dcf02cc6a8fa013b4a437ec3f6a46
SHA256febcefd82fc42c4c490edfd54ae7e954827c3daccf92cf8c1b7ae3fe4d30e74f
SHA5123b6de4506b0ced17bf0a04b3bdfe5bcc14d61c493b8a402b897e59844b5f76250b5d0f7efd1a75f4d96e79435c42435dcacce61cb7c56ed7e1a28110db6b3a46
-
\PerfLogs\backup.exeFilesize
72KB
MD59084b38a70ee172271eff5d465971071
SHA1f4bf441d627dcf02cc6a8fa013b4a437ec3f6a46
SHA256febcefd82fc42c4c490edfd54ae7e954827c3daccf92cf8c1b7ae3fe4d30e74f
SHA5123b6de4506b0ced17bf0a04b3bdfe5bcc14d61c493b8a402b897e59844b5f76250b5d0f7efd1a75f4d96e79435c42435dcacce61cb7c56ed7e1a28110db6b3a46
-
\Program Files\7-Zip\Lang\backup.exeFilesize
72KB
MD5ce26f373d95f294adea9222b5484ad27
SHA17bfafb71d9e6c00520b3b105a9cb7639dc2cb38a
SHA2561720145af58bd6961d965911cb8c075527e7803c2f366224290f71d57b693bd2
SHA5121d724fe34c46aa527de27d153779e252b61d51ee00d970efaf9e2f55db969bc2c7fc3a1cdbb48221e395d74f5a7f2da9e4262effe2c41d93c9f42c84f7812b33
-
\Program Files\7-Zip\Lang\backup.exeFilesize
72KB
MD5ce26f373d95f294adea9222b5484ad27
SHA17bfafb71d9e6c00520b3b105a9cb7639dc2cb38a
SHA2561720145af58bd6961d965911cb8c075527e7803c2f366224290f71d57b693bd2
SHA5121d724fe34c46aa527de27d153779e252b61d51ee00d970efaf9e2f55db969bc2c7fc3a1cdbb48221e395d74f5a7f2da9e4262effe2c41d93c9f42c84f7812b33
-
\Program Files\7-Zip\backup.exeFilesize
72KB
MD540114c70c6440aee69cce99fe5d4464b
SHA15b983f3f6448afb121734ac927ba3d30afdae32e
SHA256739fa0a8a3e6b3be436fa59bf6854051b39312c37e7a2877961f4bddafb3a2ca
SHA512673eba85e643423af08b56e73ff82026125d88677c6368d88d0bb7eda06c38112f0bd642256f0c1b809857b3244d446087f79160089d7e3aecc45cea1d773b7e
-
\Program Files\7-Zip\backup.exeFilesize
72KB
MD540114c70c6440aee69cce99fe5d4464b
SHA15b983f3f6448afb121734ac927ba3d30afdae32e
SHA256739fa0a8a3e6b3be436fa59bf6854051b39312c37e7a2877961f4bddafb3a2ca
SHA512673eba85e643423af08b56e73ff82026125d88677c6368d88d0bb7eda06c38112f0bd642256f0c1b809857b3244d446087f79160089d7e3aecc45cea1d773b7e
-
\Program Files\Common Files\Microsoft Shared\Filters\backup.exeFilesize
72KB
MD57e76ec71da5d940cd7e0ddae1608c759
SHA1a3e45ee6803c709cbfcce979a76cc5bc8033898a
SHA25688bb17416ffca4441163b5d29dc6c469a33f7aae2a040bae3ad9a87c254bd12e
SHA512097499331d15bce486b6c58c9e27bf5afe8b0b5e7969335dda64b9960ff9a1e21485037a2ee17bf460536099a4dae7f33b45722235242efd0a3e646e94123334
-
\Program Files\Common Files\Microsoft Shared\Filters\backup.exeFilesize
72KB
MD57e76ec71da5d940cd7e0ddae1608c759
SHA1a3e45ee6803c709cbfcce979a76cc5bc8033898a
SHA25688bb17416ffca4441163b5d29dc6c469a33f7aae2a040bae3ad9a87c254bd12e
SHA512097499331d15bce486b6c58c9e27bf5afe8b0b5e7969335dda64b9960ff9a1e21485037a2ee17bf460536099a4dae7f33b45722235242efd0a3e646e94123334
-
\Program Files\Common Files\Microsoft Shared\data.exeFilesize
72KB
MD5590b61ce0522748a81f3bcaf9c47ecce
SHA1e4b977813e53f6e0c3f582ad38f9c00283d499b3
SHA25628f133051234d000b0103d8265973a4a590a3a98332e792a9a0e74927827e7fa
SHA512b42a9ad5f504fc92e376ca14e98aa4e451a62938977d8907ba565316842514f1bacd4e564acb4f5aa439984912e27255765d0b307b0bc33dbc35f2c13107276a
-
\Program Files\Common Files\Microsoft Shared\data.exeFilesize
72KB
MD5590b61ce0522748a81f3bcaf9c47ecce
SHA1e4b977813e53f6e0c3f582ad38f9c00283d499b3
SHA25628f133051234d000b0103d8265973a4a590a3a98332e792a9a0e74927827e7fa
SHA512b42a9ad5f504fc92e376ca14e98aa4e451a62938977d8907ba565316842514f1bacd4e564acb4f5aa439984912e27255765d0b307b0bc33dbc35f2c13107276a
-
\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exeFilesize
72KB
MD57e58853ca95b31d3a15b6153d6f7d963
SHA1d8c9ac816f73b4ae6ddcb04d9ed8badb9ce02ca6
SHA256d1eb1cf3593ad7df730c43aa6f09c7e51459b29ef26bb19d585d863142a0d7e4
SHA51241f2d04509f806ba587174234fe0959f0a467099e15fd981edfba462a88aadc21a2c2798a228c28b89924752317b5848bf5d89ec3ea553beb79e9ba15dd64f51
-
\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exeFilesize
72KB
MD57e58853ca95b31d3a15b6153d6f7d963
SHA1d8c9ac816f73b4ae6ddcb04d9ed8badb9ce02ca6
SHA256d1eb1cf3593ad7df730c43aa6f09c7e51459b29ef26bb19d585d863142a0d7e4
SHA51241f2d04509f806ba587174234fe0959f0a467099e15fd981edfba462a88aadc21a2c2798a228c28b89924752317b5848bf5d89ec3ea553beb79e9ba15dd64f51
-
\Program Files\Common Files\Microsoft Shared\ink\backup.exeFilesize
72KB
MD57e76ec71da5d940cd7e0ddae1608c759
SHA1a3e45ee6803c709cbfcce979a76cc5bc8033898a
SHA25688bb17416ffca4441163b5d29dc6c469a33f7aae2a040bae3ad9a87c254bd12e
SHA512097499331d15bce486b6c58c9e27bf5afe8b0b5e7969335dda64b9960ff9a1e21485037a2ee17bf460536099a4dae7f33b45722235242efd0a3e646e94123334
-
\Program Files\Common Files\Microsoft Shared\ink\backup.exeFilesize
72KB
MD57e76ec71da5d940cd7e0ddae1608c759
SHA1a3e45ee6803c709cbfcce979a76cc5bc8033898a
SHA25688bb17416ffca4441163b5d29dc6c469a33f7aae2a040bae3ad9a87c254bd12e
SHA512097499331d15bce486b6c58c9e27bf5afe8b0b5e7969335dda64b9960ff9a1e21485037a2ee17bf460536099a4dae7f33b45722235242efd0a3e646e94123334
-
\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exeFilesize
72KB
MD57e58853ca95b31d3a15b6153d6f7d963
SHA1d8c9ac816f73b4ae6ddcb04d9ed8badb9ce02ca6
SHA256d1eb1cf3593ad7df730c43aa6f09c7e51459b29ef26bb19d585d863142a0d7e4
SHA51241f2d04509f806ba587174234fe0959f0a467099e15fd981edfba462a88aadc21a2c2798a228c28b89924752317b5848bf5d89ec3ea553beb79e9ba15dd64f51
-
\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exeFilesize
72KB
MD57e58853ca95b31d3a15b6153d6f7d963
SHA1d8c9ac816f73b4ae6ddcb04d9ed8badb9ce02ca6
SHA256d1eb1cf3593ad7df730c43aa6f09c7e51459b29ef26bb19d585d863142a0d7e4
SHA51241f2d04509f806ba587174234fe0959f0a467099e15fd981edfba462a88aadc21a2c2798a228c28b89924752317b5848bf5d89ec3ea553beb79e9ba15dd64f51
-
\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exeFilesize
72KB
MD57e58853ca95b31d3a15b6153d6f7d963
SHA1d8c9ac816f73b4ae6ddcb04d9ed8badb9ce02ca6
SHA256d1eb1cf3593ad7df730c43aa6f09c7e51459b29ef26bb19d585d863142a0d7e4
SHA51241f2d04509f806ba587174234fe0959f0a467099e15fd981edfba462a88aadc21a2c2798a228c28b89924752317b5848bf5d89ec3ea553beb79e9ba15dd64f51
-
\Program Files\Common Files\backup.exeFilesize
72KB
MD5412e9f413e2a5ac89acc651bc8dc1c5d
SHA1bd9a7ea7ca417035dd94b46273d28bf188db8e7b
SHA2564259bf0be006fe0ceeb2d85ef6426d2ba8e5dd6cec9943f5723f900f46fad936
SHA512cac975f05b7e07c1df0efbacc62aaf15ff9120e8d1e89fdb5ac23997d0c20837305decc04edef5fcbecdf9f090c1f3fca7793a16c1b1074e0ae5325b4f7498e5
-
\Program Files\Common Files\backup.exeFilesize
72KB
MD5412e9f413e2a5ac89acc651bc8dc1c5d
SHA1bd9a7ea7ca417035dd94b46273d28bf188db8e7b
SHA2564259bf0be006fe0ceeb2d85ef6426d2ba8e5dd6cec9943f5723f900f46fad936
SHA512cac975f05b7e07c1df0efbacc62aaf15ff9120e8d1e89fdb5ac23997d0c20837305decc04edef5fcbecdf9f090c1f3fca7793a16c1b1074e0ae5325b4f7498e5
-
\Program Files\backup.exeFilesize
72KB
MD59084b38a70ee172271eff5d465971071
SHA1f4bf441d627dcf02cc6a8fa013b4a437ec3f6a46
SHA256febcefd82fc42c4c490edfd54ae7e954827c3daccf92cf8c1b7ae3fe4d30e74f
SHA5123b6de4506b0ced17bf0a04b3bdfe5bcc14d61c493b8a402b897e59844b5f76250b5d0f7efd1a75f4d96e79435c42435dcacce61cb7c56ed7e1a28110db6b3a46
-
\Program Files\backup.exeFilesize
72KB
MD59084b38a70ee172271eff5d465971071
SHA1f4bf441d627dcf02cc6a8fa013b4a437ec3f6a46
SHA256febcefd82fc42c4c490edfd54ae7e954827c3daccf92cf8c1b7ae3fe4d30e74f
SHA5123b6de4506b0ced17bf0a04b3bdfe5bcc14d61c493b8a402b897e59844b5f76250b5d0f7efd1a75f4d96e79435c42435dcacce61cb7c56ed7e1a28110db6b3a46
-
\Users\Admin\AppData\Local\Temp\437787944\backup.exeFilesize
72KB
MD57e1301a5751d89095ba407c8e64e4a07
SHA151b19ed85f468c38ae95a0360b722bf04cd2847e
SHA25640f716009c9554bd6ba0350f90440f27cdca9ec67e20985508bf294111ad6b56
SHA51260ec61a8aca8107a20e450d75b21b19812c92004415f191b973df2855258d889894fbf941934a0b1ada3d2a53b6c53e7d36994994173a99b44f2d1a28dc4190a
-
\Users\Admin\AppData\Local\Temp\437787944\backup.exeFilesize
72KB
MD57e1301a5751d89095ba407c8e64e4a07
SHA151b19ed85f468c38ae95a0360b722bf04cd2847e
SHA25640f716009c9554bd6ba0350f90440f27cdca9ec67e20985508bf294111ad6b56
SHA51260ec61a8aca8107a20e450d75b21b19812c92004415f191b973df2855258d889894fbf941934a0b1ada3d2a53b6c53e7d36994994173a99b44f2d1a28dc4190a
-
\Users\Admin\AppData\Local\Temp\Low\backup.exeFilesize
72KB
MD57e1301a5751d89095ba407c8e64e4a07
SHA151b19ed85f468c38ae95a0360b722bf04cd2847e
SHA25640f716009c9554bd6ba0350f90440f27cdca9ec67e20985508bf294111ad6b56
SHA51260ec61a8aca8107a20e450d75b21b19812c92004415f191b973df2855258d889894fbf941934a0b1ada3d2a53b6c53e7d36994994173a99b44f2d1a28dc4190a
-
\Users\Admin\AppData\Local\Temp\Low\backup.exeFilesize
72KB
MD57e1301a5751d89095ba407c8e64e4a07
SHA151b19ed85f468c38ae95a0360b722bf04cd2847e
SHA25640f716009c9554bd6ba0350f90440f27cdca9ec67e20985508bf294111ad6b56
SHA51260ec61a8aca8107a20e450d75b21b19812c92004415f191b973df2855258d889894fbf941934a0b1ada3d2a53b6c53e7d36994994173a99b44f2d1a28dc4190a
-
\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exeFilesize
72KB
MD57e1301a5751d89095ba407c8e64e4a07
SHA151b19ed85f468c38ae95a0360b722bf04cd2847e
SHA25640f716009c9554bd6ba0350f90440f27cdca9ec67e20985508bf294111ad6b56
SHA51260ec61a8aca8107a20e450d75b21b19812c92004415f191b973df2855258d889894fbf941934a0b1ada3d2a53b6c53e7d36994994173a99b44f2d1a28dc4190a
-
\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exeFilesize
72KB
MD57e1301a5751d89095ba407c8e64e4a07
SHA151b19ed85f468c38ae95a0360b722bf04cd2847e
SHA25640f716009c9554bd6ba0350f90440f27cdca9ec67e20985508bf294111ad6b56
SHA51260ec61a8aca8107a20e450d75b21b19812c92004415f191b973df2855258d889894fbf941934a0b1ada3d2a53b6c53e7d36994994173a99b44f2d1a28dc4190a
-
\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exeFilesize
72KB
MD57e1301a5751d89095ba407c8e64e4a07
SHA151b19ed85f468c38ae95a0360b722bf04cd2847e
SHA25640f716009c9554bd6ba0350f90440f27cdca9ec67e20985508bf294111ad6b56
SHA51260ec61a8aca8107a20e450d75b21b19812c92004415f191b973df2855258d889894fbf941934a0b1ada3d2a53b6c53e7d36994994173a99b44f2d1a28dc4190a
-
\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exeFilesize
72KB
MD57e1301a5751d89095ba407c8e64e4a07
SHA151b19ed85f468c38ae95a0360b722bf04cd2847e
SHA25640f716009c9554bd6ba0350f90440f27cdca9ec67e20985508bf294111ad6b56
SHA51260ec61a8aca8107a20e450d75b21b19812c92004415f191b973df2855258d889894fbf941934a0b1ada3d2a53b6c53e7d36994994173a99b44f2d1a28dc4190a
-
\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeFilesize
72KB
MD57e1301a5751d89095ba407c8e64e4a07
SHA151b19ed85f468c38ae95a0360b722bf04cd2847e
SHA25640f716009c9554bd6ba0350f90440f27cdca9ec67e20985508bf294111ad6b56
SHA51260ec61a8aca8107a20e450d75b21b19812c92004415f191b973df2855258d889894fbf941934a0b1ada3d2a53b6c53e7d36994994173a99b44f2d1a28dc4190a
-
\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeFilesize
72KB
MD57e1301a5751d89095ba407c8e64e4a07
SHA151b19ed85f468c38ae95a0360b722bf04cd2847e
SHA25640f716009c9554bd6ba0350f90440f27cdca9ec67e20985508bf294111ad6b56
SHA51260ec61a8aca8107a20e450d75b21b19812c92004415f191b973df2855258d889894fbf941934a0b1ada3d2a53b6c53e7d36994994173a99b44f2d1a28dc4190a
-
\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeFilesize
72KB
MD57e1301a5751d89095ba407c8e64e4a07
SHA151b19ed85f468c38ae95a0360b722bf04cd2847e
SHA25640f716009c9554bd6ba0350f90440f27cdca9ec67e20985508bf294111ad6b56
SHA51260ec61a8aca8107a20e450d75b21b19812c92004415f191b973df2855258d889894fbf941934a0b1ada3d2a53b6c53e7d36994994173a99b44f2d1a28dc4190a
-
\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeFilesize
72KB
MD57e1301a5751d89095ba407c8e64e4a07
SHA151b19ed85f468c38ae95a0360b722bf04cd2847e
SHA25640f716009c9554bd6ba0350f90440f27cdca9ec67e20985508bf294111ad6b56
SHA51260ec61a8aca8107a20e450d75b21b19812c92004415f191b973df2855258d889894fbf941934a0b1ada3d2a53b6c53e7d36994994173a99b44f2d1a28dc4190a
-
\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeFilesize
72KB
MD57e1301a5751d89095ba407c8e64e4a07
SHA151b19ed85f468c38ae95a0360b722bf04cd2847e
SHA25640f716009c9554bd6ba0350f90440f27cdca9ec67e20985508bf294111ad6b56
SHA51260ec61a8aca8107a20e450d75b21b19812c92004415f191b973df2855258d889894fbf941934a0b1ada3d2a53b6c53e7d36994994173a99b44f2d1a28dc4190a
-
\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeFilesize
72KB
MD57e1301a5751d89095ba407c8e64e4a07
SHA151b19ed85f468c38ae95a0360b722bf04cd2847e
SHA25640f716009c9554bd6ba0350f90440f27cdca9ec67e20985508bf294111ad6b56
SHA51260ec61a8aca8107a20e450d75b21b19812c92004415f191b973df2855258d889894fbf941934a0b1ada3d2a53b6c53e7d36994994173a99b44f2d1a28dc4190a
-
memory/432-148-0x0000000000000000-mapping.dmp
-
memory/584-189-0x0000000000000000-mapping.dmp
-
memory/616-228-0x0000000000000000-mapping.dmp
-
memory/676-267-0x0000000000000000-mapping.dmp
-
memory/740-240-0x0000000000000000-mapping.dmp
-
memory/764-183-0x0000000000000000-mapping.dmp
-
memory/788-94-0x0000000000000000-mapping.dmp
-
memory/884-70-0x0000000000000000-mapping.dmp
-
memory/896-243-0x0000000000000000-mapping.dmp
-
memory/928-213-0x0000000000000000-mapping.dmp
-
memory/940-177-0x0000000000000000-mapping.dmp
-
memory/984-261-0x0000000000000000-mapping.dmp
-
memory/1012-107-0x0000000000000000-mapping.dmp
-
memory/1072-216-0x0000000000000000-mapping.dmp
-
memory/1132-207-0x0000000000000000-mapping.dmp
-
memory/1152-258-0x0000000000000000-mapping.dmp
-
memory/1156-311-0x0000000000000000-mapping.dmp
-
memory/1168-246-0x0000000000000000-mapping.dmp
-
memory/1224-141-0x0000000000000000-mapping.dmp
-
memory/1288-58-0x0000000000000000-mapping.dmp
-
memory/1292-98-0x00000000762E1000-0x00000000762E3000-memory.dmpFilesize
8KB
-
memory/1292-111-0x0000000074BA1000-0x0000000074BA3000-memory.dmpFilesize
8KB
-
memory/1324-204-0x0000000000000000-mapping.dmp
-
memory/1388-237-0x0000000000000000-mapping.dmp
-
memory/1408-255-0x0000000000000000-mapping.dmp
-
memory/1492-219-0x0000000000000000-mapping.dmp
-
memory/1492-115-0x0000000000000000-mapping.dmp
-
memory/1508-252-0x0000000000000000-mapping.dmp
-
memory/1512-273-0x0000000000000000-mapping.dmp
-
memory/1524-287-0x0000000000000000-mapping.dmp
-
memory/1524-198-0x0000000000000000-mapping.dmp
-
memory/1532-180-0x0000000000000000-mapping.dmp
-
memory/1540-281-0x0000000000000000-mapping.dmp
-
memory/1540-192-0x0000000000000000-mapping.dmp
-
memory/1596-293-0x0000000000000000-mapping.dmp
-
memory/1612-302-0x0000000000000000-mapping.dmp
-
memory/1616-296-0x0000000000000000-mapping.dmp
-
memory/1620-210-0x0000000000000000-mapping.dmp
-
memory/1636-121-0x0000000000000000-mapping.dmp
-
memory/1660-231-0x0000000000000000-mapping.dmp
-
memory/1692-290-0x0000000000000000-mapping.dmp
-
memory/1692-201-0x0000000000000000-mapping.dmp
-
memory/1708-82-0x0000000000000000-mapping.dmp
-
memory/1712-277-0x0000000000000000-mapping.dmp
-
memory/1768-186-0x0000000000000000-mapping.dmp
-
memory/1772-88-0x0000000000000000-mapping.dmp
-
memory/1772-284-0x0000000000000000-mapping.dmp
-
memory/1772-195-0x0000000000000000-mapping.dmp
-
memory/1808-168-0x0000000000000000-mapping.dmp
-
memory/1816-100-0x0000000000000000-mapping.dmp
-
memory/1820-161-0x0000000000000000-mapping.dmp
-
memory/1824-155-0x0000000000000000-mapping.dmp
-
memory/1872-135-0x0000000000000000-mapping.dmp
-
memory/1928-270-0x0000000000000000-mapping.dmp
-
memory/1928-76-0x0000000000000000-mapping.dmp
-
memory/1964-249-0x0000000000000000-mapping.dmp
-
memory/1972-128-0x0000000000000000-mapping.dmp
-
memory/1972-234-0x0000000000000000-mapping.dmp
-
memory/1980-305-0x0000000000000000-mapping.dmp
-
memory/1988-225-0x0000000000000000-mapping.dmp
-
memory/1992-222-0x0000000000000000-mapping.dmp
-
memory/1996-308-0x0000000000000000-mapping.dmp
-
memory/2004-299-0x0000000000000000-mapping.dmp
-
memory/2028-64-0x0000000000000000-mapping.dmp
-
memory/2032-172-0x0000000000000000-mapping.dmp
-
memory/2040-264-0x0000000000000000-mapping.dmp