Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
2s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
04/02/2024, 16:20
General
-
Target
VirusShare_c1e877e5ccdfea3117599946cc020d49.exe
-
Size
72KB
-
MD5
c1e877e5ccdfea3117599946cc020d49
-
SHA1
29fe8499c7270ea79fc71075670cabf5878b6740
-
SHA256
38c99c56383de792c88f3ed929a32179add60186716bab3edfda90657c36a5fb
-
SHA512
9d20dd2e32922424610330fc1cb81fe42a17540fe45bb5a4fd15bb911116f9c84626590edfa0076d00b0b455beddf4b2cc1b44cb34976e97978eef1d33699c7f
-
SSDEEP
768:NpQNwC3BESe4Vqth+0V5vKlE3BEJwRrTd/+I9MJ:HeT7BVwxfvqguKp+SS
Score
10/10
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\VirusShare_c1e877e5ccdfea3117599946cc020d49.exe"C:\Users\Admin\AppData\Local\Temp\VirusShare_c1e877e5ccdfea3117599946cc020d49.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeC:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\System Restore.exe"C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\System Restore.exe" C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\1993946680\backup.exeC:\Users\Admin\AppData\Local\Temp\1993946680\backup.exe C:\Users\Admin\AppData\Local\Temp\1993946680\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\backup.exe\backup.exe \3⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\data.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\data.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\10⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\11⤵
-
-
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\data.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\data.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\8⤵
-
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
-
C:\Program Files (x86)\Common Files\DESIGNER\backup.exe"C:\Program Files (x86)\Common Files\DESIGNER\backup.exe" C:\Program Files (x86)\Common Files\DESIGNER\6⤵
-
-
C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\6⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\6⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\DAO\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\DAO\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\DAO\7⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\DW\update.exe"C:\Program Files (x86)\Common Files\microsoft shared\DW\update.exe" C:\Program Files (x86)\Common Files\microsoft shared\DW\7⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\7⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\1033\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\1033\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\1033\8⤵
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\EURO\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\EURO\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\EURO\7⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\7⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Filters\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Filters\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Filters\7⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\update.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\update.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\8⤵
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\7⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\1.0\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\1.0\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\1.0\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\HWRCustomization\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\HWRCustomization\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\HWRCustomization\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\it-IT\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\it-IT\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\it-IT\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\8⤵
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\MSClientDataMgr\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSClientDataMgr\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSClientDataMgr\7⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\7⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\PublicAssemblies\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\PublicAssemblies\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\PublicAssemblies\8⤵
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\7⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\de-DE\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\de-DE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\de-DE\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\en-US\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\en-US\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\en-US\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\es-ES\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\es-ES\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\fr-FR\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\it-IT\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\it-IT\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\it-IT\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\ja-JP\8⤵
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\7⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\data.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\data.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\8⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Access.en-us\data.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Access.en-us\data.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Access.en-us\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Excel.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Excel.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Excel.en-us\9⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Groove.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Groove.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Groove.en-us\9⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\InfoPath.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\InfoPath.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\InfoPath.en-us\9⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\9⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.en-us\9⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.WW\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.WW\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.WW\9⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\OneNote.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\OneNote.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\OneNote.en-us\9⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Outlook.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Outlook.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Outlook.en-us\9⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\9⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.en\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.en\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.en\9⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.es\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.es\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.es\9⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.fr\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.fr\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.fr\9⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proofing.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proofing.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proofing.en-us\9⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PROPLUS\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PROPLUS\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PROPLUS\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Publisher.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Publisher.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Publisher.en-us\9⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Word.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Word.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Word.en-us\9⤵
- Drops file in Program Files directory
-
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\7⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Portal\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Portal\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Portal\7⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\Portal\1033\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Portal\1033\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Portal\1033\8⤵
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\PROOF\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\PROOF\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\PROOF\7⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\update.exe"C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\update.exe" C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\7⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\1033\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\1033\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\1033\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\8⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\1033\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\1033\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\1033\9⤵
-
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\7⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Stationery\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Stationery\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Stationery\7⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TextConv\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TextConv\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\7⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\TextConv\de-DE\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TextConv\de-DE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\de-DE\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TextConv\en-US\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TextConv\en-US\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\en-US\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TextConv\es-ES\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TextConv\es-ES\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TextConv\fr-FR\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TextConv\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\fr-FR\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TextConv\it-IT\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TextConv\it-IT\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TextConv\ja-JP\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TextConv\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\ja-JP\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\8⤵
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\7⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AFTRNOON\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AFTRNOON\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AFTRNOON\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ARCTIC\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ARCTIC\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ARCTIC\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AXIS\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AXIS\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AXIS\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLENDS\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLENDS\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLENDS\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\update.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\update.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUEPRNT\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUEPRNT\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUEPRNT\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BOLDSTRI\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BOLDSTRI\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BOLDSTRI\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BREEZE\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BREEZE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BREEZE\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CANYON\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CANYON\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CANYON\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CAPSULES\update.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CAPSULES\update.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CAPSULES\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CASCADE\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CASCADE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CASCADE\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\COMPASS\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\COMPASS\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\COMPASS\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CONCRETE\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CONCRETE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CONCRETE\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\DEEPBLUE\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\DEEPBLUE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\DEEPBLUE\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECHO\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECHO\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECHO\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECLIPSE\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECLIPSE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECLIPSE\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EDGE\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EDGE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EDGE\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EVRGREEN\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EVRGREEN\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EVRGREEN\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EXPEDITN\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EXPEDITN\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EXPEDITN\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ICE\System Restore.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ICE\System Restore.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ICE\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\INDUST\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\INDUST\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\INDUST\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\IRIS\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\IRIS\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\IRIS\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\JOURNAL\System Restore.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\JOURNAL\System Restore.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\JOURNAL\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LAYERS\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LAYERS\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LAYERS\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LEVEL\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LEVEL\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LEVEL\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\NETWORK\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\NETWORK\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\NETWORK\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PAPYRUS\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PAPYRUS\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PAPYRUS\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PIXEL\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PIXEL\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PIXEL\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PROFILE\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PROFILE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PROFILE\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\QUAD\System Restore.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\QUAD\System Restore.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\QUAD\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RADIAL\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RADIAL\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RADIAL\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\REFINED\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\REFINED\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\REFINED\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RICEPAPR\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RICEPAPR\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RICEPAPR\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RIPPLE\data.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RIPPLE\data.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RIPPLE\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RMNSQUE\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RMNSQUE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RMNSQUE\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SATIN\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SATIN\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SATIN\8⤵
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\7⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Triedit\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Triedit\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Triedit\7⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\Triedit\de-DE\update.exe"C:\Program Files (x86)\Common Files\microsoft shared\Triedit\de-DE\update.exe" C:\Program Files (x86)\Common Files\microsoft shared\Triedit\de-DE\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Triedit\en-US\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Triedit\en-US\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Triedit\en-US\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Triedit\es-ES\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Triedit\es-ES\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Triedit\es-ES\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Triedit\fr-FR\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Triedit\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Triedit\fr-FR\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Triedit\it-IT\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Triedit\it-IT\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Triedit\it-IT\8⤵
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\VBA\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\VBA\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\VBA\7⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA6\update.exe"C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA6\update.exe" C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA6\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA7\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA7\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA7\8⤵
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\VC\System Restore.exe"C:\Program Files (x86)\Common Files\microsoft shared\VC\System Restore.exe" C:\Program Files (x86)\Common Files\microsoft shared\VC\7⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\VGX\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\VGX\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\VGX\7⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\VSTA\System Restore.exe"C:\Program Files (x86)\Common Files\microsoft shared\VSTA\System Restore.exe" C:\Program Files (x86)\Common Files\microsoft shared\VSTA\7⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\VSTO\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\VSTO\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\VSTO\7⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\7⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\7⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
-
-
C:\Program Files (x86)\Common Files\Services\backup.exe"C:\Program Files (x86)\Common Files\Services\backup.exe" C:\Program Files (x86)\Common Files\Services\6⤵
-
-
C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe"C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe" C:\Program Files (x86)\Common Files\SpeechEngines\6⤵
-
C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\backup.exe"C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\7⤵
-
-
-
C:\Program Files (x86)\Common Files\System\backup.exe"C:\Program Files (x86)\Common Files\System\backup.exe" C:\Program Files (x86)\Common Files\System\6⤵
-
C:\Program Files (x86)\Common Files\System\ado\backup.exe"C:\Program Files (x86)\Common Files\System\ado\backup.exe" C:\Program Files (x86)\Common Files\System\ado\7⤵
-
-
C:\Program Files (x86)\Common Files\System\de-DE\backup.exe"C:\Program Files (x86)\Common Files\System\de-DE\backup.exe" C:\Program Files (x86)\Common Files\System\de-DE\7⤵
-
-
C:\Program Files (x86)\Common Files\System\en-US\backup.exe"C:\Program Files (x86)\Common Files\System\en-US\backup.exe" C:\Program Files (x86)\Common Files\System\en-US\7⤵
-
-
C:\Program Files (x86)\Common Files\System\es-ES\backup.exe"C:\Program Files (x86)\Common Files\System\es-ES\backup.exe" C:\Program Files (x86)\Common Files\System\es-ES\7⤵
-
-
C:\Program Files (x86)\Common Files\System\fr-FR\backup.exe"C:\Program Files (x86)\Common Files\System\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\System\fr-FR\7⤵
-
-
C:\Program Files (x86)\Common Files\System\it-IT\update.exe"C:\Program Files (x86)\Common Files\System\it-IT\update.exe" C:\Program Files (x86)\Common Files\System\it-IT\7⤵
-
-
C:\Program Files (x86)\Common Files\System\ja-JP\backup.exe"C:\Program Files (x86)\Common Files\System\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\System\ja-JP\7⤵
-
-
C:\Program Files (x86)\Common Files\System\msadc\backup.exe"C:\Program Files (x86)\Common Files\System\msadc\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\7⤵
-
-
C:\Program Files (x86)\Common Files\System\MSMAPI\backup.exe"C:\Program Files (x86)\Common Files\System\MSMAPI\backup.exe" C:\Program Files (x86)\Common Files\System\MSMAPI\7⤵
-
-
C:\Program Files (x86)\Common Files\System\Ole DB\backup.exe"C:\Program Files (x86)\Common Files\System\Ole DB\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\7⤵
-
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
-
C:\Program Files (x86)\Google\CrashReports\backup.exe"C:\Program Files (x86)\Google\CrashReports\backup.exe" C:\Program Files (x86)\Google\CrashReports\6⤵
-
-
C:\Program Files (x86)\Google\Temp\backup.exe"C:\Program Files (x86)\Google\Temp\backup.exe" C:\Program Files (x86)\Google\Temp\6⤵
-
-
C:\Program Files (x86)\Google\Update\backup.exe"C:\Program Files (x86)\Google\Update\backup.exe" C:\Program Files (x86)\Google\Update\6⤵
-
C:\Program Files (x86)\Google\Update\1.3.36.151\backup.exe"C:\Program Files (x86)\Google\Update\1.3.36.151\backup.exe" C:\Program Files (x86)\Google\Update\1.3.36.151\7⤵
-
-
C:\Program Files (x86)\Google\Update\Download\backup.exe"C:\Program Files (x86)\Google\Update\Download\backup.exe" C:\Program Files (x86)\Google\Update\Download\7⤵
-
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\update.exe"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\update.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\8⤵
-
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\backup.exe"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\backup.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\9⤵
-
-
-
-
C:\Program Files (x86)\Google\Update\Install\data.exe"C:\Program Files (x86)\Google\Update\Install\data.exe" C:\Program Files (x86)\Google\Update\Install\7⤵
-
-
C:\Program Files (x86)\Google\Update\Offline\backup.exe"C:\Program Files (x86)\Google\Update\Offline\backup.exe" C:\Program Files (x86)\Google\Update\Offline\7⤵
-
-
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
-
-
C:\Program Files (x86)\Microsoft Analysis Services\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\5⤵
-
C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\6⤵
-
C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\7⤵
-
-
-
-
C:\Program Files (x86)\Microsoft Office\data.exe"C:\Program Files (x86)\Microsoft Office\data.exe" C:\Program Files (x86)\Microsoft Office\5⤵
-
-
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe"C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe" C:\Program Files (x86)\Microsoft SQL Server Compact Edition\5⤵
-
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\backup.exe"C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\backup.exe" C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\6⤵
-
-
-
C:\Program Files (x86)\Microsoft Sync Framework\backup.exe"C:\Program Files (x86)\Microsoft Sync Framework\backup.exe" C:\Program Files (x86)\Microsoft Sync Framework\5⤵
-
-
C:\Program Files (x86)\Microsoft Synchronization Services\backup.exe"C:\Program Files (x86)\Microsoft Synchronization Services\backup.exe" C:\Program Files (x86)\Microsoft Synchronization Services\5⤵
-
-
C:\Program Files (x86)\Microsoft Visual Studio 8\backup.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\backup.exe" C:\Program Files (x86)\Microsoft Visual Studio 8\5⤵
-
-
C:\Program Files (x86)\Microsoft.NET\backup.exe"C:\Program Files (x86)\Microsoft.NET\backup.exe" C:\Program Files (x86)\Microsoft.NET\5⤵
-
-
C:\Program Files (x86)\Mozilla Maintenance Service\backup.exe"C:\Program Files (x86)\Mozilla Maintenance Service\backup.exe" C:\Program Files (x86)\Mozilla Maintenance Service\5⤵
-
-
C:\Program Files (x86)\MSBuild\backup.exe"C:\Program Files (x86)\MSBuild\backup.exe" C:\Program Files (x86)\MSBuild\5⤵
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\6⤵
-
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
-
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\6⤵
-
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
-
-
C:\Users\Admin\Favorites\update.exeC:\Users\Admin\Favorites\update.exe C:\Users\Admin\Favorites\6⤵
-
-
C:\Users\Admin\Links\update.exeC:\Users\Admin\Links\update.exe C:\Users\Admin\Links\6⤵
-
-
C:\Users\Admin\Music\backup.exeC:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\6⤵
-
-
C:\Users\Admin\Pictures\backup.exeC:\Users\Admin\Pictures\backup.exe C:\Users\Admin\Pictures\6⤵
-
-
C:\Users\Admin\Saved Games\backup.exe"C:\Users\Admin\Saved Games\backup.exe" C:\Users\Admin\Saved Games\6⤵
-
-
C:\Users\Admin\Searches\backup.exeC:\Users\Admin\Searches\backup.exe C:\Users\Admin\Searches\6⤵
-
-
C:\Users\Admin\Videos\backup.exeC:\Users\Admin\Videos\backup.exe C:\Users\Admin\Videos\6⤵
-
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
-
-
C:\Windows\AppCompat\backup.exeC:\Windows\AppCompat\backup.exe C:\Windows\AppCompat\5⤵
-
-
C:\Windows\AppPatch\System Restore.exe"C:\Windows\AppPatch\System Restore.exe" C:\Windows\AppPatch\5⤵
-
-
C:\Windows\assembly\System Restore.exe"C:\Windows\assembly\System Restore.exe" C:\Windows\assembly\5⤵
-
-
-
-
-
C:\PerfLogs\Admin\backup.exeC:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\1⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\2⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\1⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\2⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\1⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\1⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\2⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\3⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\3⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\4⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\3⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\4⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\3⤵
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\3⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\3⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\4⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\3⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\4⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\5⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\4⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\5⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\6⤵
-
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\4⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\5⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\3⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\3⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\4⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\3⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\3⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\2⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\1⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\1⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\1⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\data.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\data.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\2⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\2⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\data.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\data.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\2⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\2⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\2⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\2⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\1⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\1⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\backup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\2⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\backup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\3⤵
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\backup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\3⤵
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\backup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\3⤵
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\backup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\3⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\backup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\4⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\backup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\5⤵
-
-
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\backup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\3⤵
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\backup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\3⤵
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\backup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\3⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\1⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\2⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\3⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\2⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\2⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\2⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\3⤵
-
C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\4⤵
-
-
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\2⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\2⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\3⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\2⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\1⤵
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\1⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\2⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\3⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\2⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\2⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\2⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\2⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\1⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\Microsoft Shared\backup.exe"C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\1⤵
-
C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VC\2⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\2⤵
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\3⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VGX\2⤵
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\1⤵
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\2⤵
-
-
C:\Program Files\Common Files\SpeechEngines\backup.exe"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\2⤵
-
C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe"C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\3⤵
-
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\2⤵
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\3⤵
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\4⤵
-
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\4⤵
-
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\4⤵
-
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\4⤵
-
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\4⤵
-
-
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\3⤵
-
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\3⤵
-
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\3⤵
-
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\3⤵
-
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\3⤵
-
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\3⤵
-
-
C:\Program Files\Common Files\System\msadc\backup.exe"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\3⤵
-
C:\Program Files\Common Files\System\msadc\de-DE\backup.exe"C:\Program Files\Common Files\System\msadc\de-DE\backup.exe" C:\Program Files\Common Files\System\msadc\de-DE\4⤵
-
-
C:\Program Files\Common Files\System\msadc\en-US\backup.exe"C:\Program Files\Common Files\System\msadc\en-US\backup.exe" C:\Program Files\Common Files\System\msadc\en-US\4⤵
-
-
C:\Program Files\Common Files\System\msadc\es-ES\backup.exe"C:\Program Files\Common Files\System\msadc\es-ES\backup.exe" C:\Program Files\Common Files\System\msadc\es-ES\4⤵
-
-
C:\Program Files\Common Files\System\msadc\it-IT\backup.exe"C:\Program Files\Common Files\System\msadc\it-IT\backup.exe" C:\Program Files\Common Files\System\msadc\it-IT\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe"C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe" C:\Program Files\Common Files\System\msadc\fr-FR\4⤵
-
-
C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe"C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe" C:\Program Files\Common Files\System\msadc\ja-JP\4⤵
-
-
-
C:\Program Files\Common Files\System\Ole DB\backup.exe"C:\Program Files\Common Files\System\Ole DB\backup.exe" C:\Program Files\Common Files\System\Ole DB\3⤵
-
C:\Program Files\Common Files\System\Ole DB\en-US\backup.exe"C:\Program Files\Common Files\System\Ole DB\en-US\backup.exe" C:\Program Files\Common Files\System\Ole DB\en-US\4⤵
-
-
C:\Program Files\Common Files\System\Ole DB\es-ES\update.exe"C:\Program Files\Common Files\System\Ole DB\es-ES\update.exe" C:\Program Files\Common Files\System\Ole DB\es-ES\4⤵
-
-
C:\Program Files\Common Files\System\Ole DB\fr-FR\backup.exe"C:\Program Files\Common Files\System\Ole DB\fr-FR\backup.exe" C:\Program Files\Common Files\System\Ole DB\fr-FR\4⤵
-
-
C:\Program Files\Common Files\System\Ole DB\it-IT\backup.exe"C:\Program Files\Common Files\System\Ole DB\it-IT\backup.exe" C:\Program Files\Common Files\System\Ole DB\it-IT\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\System\Ole DB\ja-JP\backup.exe"C:\Program Files\Common Files\System\Ole DB\ja-JP\backup.exe" C:\Program Files\Common Files\System\Ole DB\ja-JP\4⤵
-
-
-
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\1⤵
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\1⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\1⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\DVD Maker\backup.exe"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\2⤵
-
C:\Program Files\DVD Maker\es-ES\backup.exe"C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\3⤵
-
-
C:\Program Files\DVD Maker\en-US\backup.exe"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\3⤵
-
-
C:\Program Files\DVD Maker\fr-FR\backup.exe"C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\3⤵
-
-
C:\Program Files\DVD Maker\Shared\backup.exe"C:\Program Files\DVD Maker\Shared\backup.exe" C:\Program Files\DVD Maker\Shared\3⤵
-
-
C:\Program Files\DVD Maker\ja-JP\backup.exe"C:\Program Files\DVD Maker\ja-JP\backup.exe" C:\Program Files\DVD Maker\ja-JP\3⤵
-
-
C:\Program Files\DVD Maker\it-IT\backup.exe"C:\Program Files\DVD Maker\it-IT\backup.exe" C:\Program Files\DVD Maker\it-IT\3⤵
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\3⤵
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\4⤵
-
C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe"C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\5⤵
-
-
-
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\2⤵
-
C:\Program Files\Internet Explorer\es-ES\backup.exe"C:\Program Files\Internet Explorer\es-ES\backup.exe" C:\Program Files\Internet Explorer\es-ES\3⤵
-
-
C:\Program Files\Internet Explorer\en-US\backup.exe"C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\3⤵
-
-
C:\Program Files\Internet Explorer\fr-FR\backup.exe"C:\Program Files\Internet Explorer\fr-FR\backup.exe" C:\Program Files\Internet Explorer\fr-FR\3⤵
-
-
C:\Program Files\Internet Explorer\images\update.exe"C:\Program Files\Internet Explorer\images\update.exe" C:\Program Files\Internet Explorer\images\3⤵
-
-
C:\Program Files\Internet Explorer\it-IT\data.exe"C:\Program Files\Internet Explorer\it-IT\data.exe" C:\Program Files\Internet Explorer\it-IT\3⤵
-
-
C:\Program Files\Internet Explorer\SIGNUP\backup.exe"C:\Program Files\Internet Explorer\SIGNUP\backup.exe" C:\Program Files\Internet Explorer\SIGNUP\3⤵
-
-
C:\Program Files\Internet Explorer\ja-JP\backup.exe"C:\Program Files\Internet Explorer\ja-JP\backup.exe" C:\Program Files\Internet Explorer\ja-JP\3⤵
-
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\2⤵
-
C:\Program Files\Java\jdk1.7.0_80\backup.exe"C:\Program Files\Java\jdk1.7.0_80\backup.exe" C:\Program Files\Java\jdk1.7.0_80\3⤵
-
C:\Program Files\Java\jdk1.7.0_80\bin\backup.exe"C:\Program Files\Java\jdk1.7.0_80\bin\backup.exe" C:\Program Files\Java\jdk1.7.0_80\bin\4⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\db\backup.exe"C:\Program Files\Java\jdk1.7.0_80\db\backup.exe" C:\Program Files\Java\jdk1.7.0_80\db\4⤵
-
C:\Program Files\Java\jdk1.7.0_80\db\bin\backup.exe"C:\Program Files\Java\jdk1.7.0_80\db\bin\backup.exe" C:\Program Files\Java\jdk1.7.0_80\db\bin\5⤵
-
C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\6⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\db\lib\backup.exe"C:\Program Files\Java\jdk1.7.0_80\db\lib\backup.exe" C:\Program Files\Java\jdk1.7.0_80\db\lib\5⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\include\backup.exe"C:\Program Files\Java\jdk1.7.0_80\include\backup.exe" C:\Program Files\Java\jdk1.7.0_80\include\4⤵
-
C:\Program Files\Java\jdk1.7.0_80\include\win32\data.exe"C:\Program Files\Java\jdk1.7.0_80\include\win32\data.exe" C:\Program Files\Java\jdk1.7.0_80\include\win32\5⤵
-
C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\backup.exe"C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\backup.exe" C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\6⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\6⤵
-
-
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\4⤵
-
C:\Program Files\Java\jdk1.7.0_80\jre\bin\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\bin\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\bin\5⤵
-
C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\6⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\6⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\6⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\5⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\6⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\6⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\applet\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\applet\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\applet\6⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\data.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\data.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\6⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\data.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\data.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\6⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\7⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\6⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\6⤵
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\7⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\6⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\6⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\6⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\6⤵
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\7⤵
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\8⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\8⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\8⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\8⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\7⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\7⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\7⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\7⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\8⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\7⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\7⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\7⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\8⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\7⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\8⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\7⤵
-
-
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\4⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\5⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\6⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\7⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\7⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\7⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\7⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\7⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\data.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\data.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\7⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\7⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\data.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\data.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\7⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\7⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\8⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\7⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\update.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\update.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\7⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\7⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\7⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\7⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\data.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\data.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\7⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\7⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\7⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\8⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\7⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\8⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\7⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\8⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\7⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\7⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\7⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\6⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\7⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\8⤵
-
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\6⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\7⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\7⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\6⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\7⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\8⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\8⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\8⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\7⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\8⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\8⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\8⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\update.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\update.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\8⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\7⤵
-
C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\8⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\7⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\8⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\8⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\8⤵
-
-
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\5⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\6⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\6⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\7⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\update.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\update.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\8⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\7⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\8⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\7⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\8⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\9⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\7⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\6⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\7⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\8⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\7⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\8⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\7⤵
-
C:\Program Files\Microsoft Games\Chess\backup.exe"C:\Program Files\Microsoft Games\Chess\backup.exe" C:\Program Files\Microsoft Games\Chess\8⤵
-
C:\Program Files\Microsoft Games\Chess\de-DE\backup.exe"C:\Program Files\Microsoft Games\Chess\de-DE\backup.exe" C:\Program Files\Microsoft Games\Chess\de-DE\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Microsoft Games\Chess\en-US\backup.exe"C:\Program Files\Microsoft Games\Chess\en-US\backup.exe" C:\Program Files\Microsoft Games\Chess\en-US\9⤵
-
-
C:\Program Files\Microsoft Games\Chess\es-ES\backup.exe"C:\Program Files\Microsoft Games\Chess\es-ES\backup.exe" C:\Program Files\Microsoft Games\Chess\es-ES\9⤵
-
-
C:\Program Files\Microsoft Games\Chess\fr-FR\backup.exe"C:\Program Files\Microsoft Games\Chess\fr-FR\backup.exe" C:\Program Files\Microsoft Games\Chess\fr-FR\9⤵
-
-
C:\Program Files\Microsoft Games\Chess\it-IT\backup.exe"C:\Program Files\Microsoft Games\Chess\it-IT\backup.exe" C:\Program Files\Microsoft Games\Chess\it-IT\9⤵
-
-
C:\Program Files\Microsoft Games\Chess\ja-JP\backup.exe"C:\Program Files\Microsoft Games\Chess\ja-JP\backup.exe" C:\Program Files\Microsoft Games\Chess\ja-JP\9⤵
-
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\7⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\9⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\9⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\6⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\7⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\8⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\7⤵
-
-
-
-
-
-
C:\Program Files\Java\jre7\backup.exe"C:\Program Files\Java\jre7\backup.exe" C:\Program Files\Java\jre7\3⤵
-
C:\Program Files\Java\jre7\bin\backup.exe"C:\Program Files\Java\jre7\bin\backup.exe" C:\Program Files\Java\jre7\bin\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Java\jre7\bin\dtplugin\backup.exe"C:\Program Files\Java\jre7\bin\dtplugin\backup.exe" C:\Program Files\Java\jre7\bin\dtplugin\5⤵
-
-
C:\Program Files\Java\jre7\bin\plugin2\data.exe"C:\Program Files\Java\jre7\bin\plugin2\data.exe" C:\Program Files\Java\jre7\bin\plugin2\5⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\6⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\6⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\6⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\6⤵
-
-
-
C:\Program Files\Java\jre7\bin\server\backup.exe"C:\Program Files\Java\jre7\bin\server\backup.exe" C:\Program Files\Java\jre7\bin\server\5⤵
-
-
-
C:\Program Files\Java\jre7\lib\update.exe"C:\Program Files\Java\jre7\lib\update.exe" C:\Program Files\Java\jre7\lib\4⤵
-
C:\Program Files\Java\jre7\lib\amd64\backup.exe"C:\Program Files\Java\jre7\lib\amd64\backup.exe" C:\Program Files\Java\jre7\lib\amd64\5⤵
-
-
C:\Program Files\Java\jre7\lib\cmm\backup.exe"C:\Program Files\Java\jre7\lib\cmm\backup.exe" C:\Program Files\Java\jre7\lib\cmm\5⤵
-
-
C:\Program Files\Java\jre7\lib\applet\backup.exe"C:\Program Files\Java\jre7\lib\applet\backup.exe" C:\Program Files\Java\jre7\lib\applet\5⤵
-
-
C:\Program Files\Java\jre7\lib\deploy\backup.exe"C:\Program Files\Java\jre7\lib\deploy\backup.exe" C:\Program Files\Java\jre7\lib\deploy\5⤵
-
-
C:\Program Files\Java\jre7\lib\ext\backup.exe"C:\Program Files\Java\jre7\lib\ext\backup.exe" C:\Program Files\Java\jre7\lib\ext\5⤵
-
-
C:\Program Files\Java\jre7\lib\fonts\backup.exe"C:\Program Files\Java\jre7\lib\fonts\backup.exe" C:\Program Files\Java\jre7\lib\fonts\5⤵
-
-
C:\Program Files\Java\jre7\lib\images\backup.exe"C:\Program Files\Java\jre7\lib\images\backup.exe" C:\Program Files\Java\jre7\lib\images\5⤵
-
C:\Program Files\Java\jre7\lib\images\cursors\backup.exe"C:\Program Files\Java\jre7\lib\images\cursors\backup.exe" C:\Program Files\Java\jre7\lib\images\cursors\6⤵
-
-
-
C:\Program Files\Java\jre7\lib\jfr\backup.exe"C:\Program Files\Java\jre7\lib\jfr\backup.exe" C:\Program Files\Java\jre7\lib\jfr\5⤵
-
-
C:\Program Files\Java\jre7\lib\management\update.exe"C:\Program Files\Java\jre7\lib\management\update.exe" C:\Program Files\Java\jre7\lib\management\5⤵
-
-
C:\Program Files\Java\jre7\lib\security\backup.exe"C:\Program Files\Java\jre7\lib\security\backup.exe" C:\Program Files\Java\jre7\lib\security\5⤵
-
-
C:\Program Files\Java\jre7\lib\zi\backup.exe"C:\Program Files\Java\jre7\lib\zi\backup.exe" C:\Program Files\Java\jre7\lib\zi\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Java\jre7\lib\zi\Africa\backup.exe"C:\Program Files\Java\jre7\lib\zi\Africa\backup.exe" C:\Program Files\Java\jre7\lib\zi\Africa\6⤵
-
-
C:\Program Files\Java\jre7\lib\zi\America\backup.exe"C:\Program Files\Java\jre7\lib\zi\America\backup.exe" C:\Program Files\Java\jre7\lib\zi\America\6⤵
-
C:\Program Files\Java\jre7\lib\zi\America\Indiana\backup.exe"C:\Program Files\Java\jre7\lib\zi\America\Indiana\backup.exe" C:\Program Files\Java\jre7\lib\zi\America\Indiana\7⤵
-
-
C:\Program Files\Java\jre7\lib\zi\America\Argentina\backup.exe"C:\Program Files\Java\jre7\lib\zi\America\Argentina\backup.exe" C:\Program Files\Java\jre7\lib\zi\America\Argentina\7⤵
-
-
C:\Program Files\Java\jre7\lib\zi\America\Kentucky\backup.exe"C:\Program Files\Java\jre7\lib\zi\America\Kentucky\backup.exe" C:\Program Files\Java\jre7\lib\zi\America\Kentucky\7⤵
-
-
C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\backup.exe"C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\backup.exe" C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\7⤵
-
-
-
C:\Program Files\Java\jre7\lib\zi\Antarctica\backup.exe"C:\Program Files\Java\jre7\lib\zi\Antarctica\backup.exe" C:\Program Files\Java\jre7\lib\zi\Antarctica\6⤵
-
-
C:\Program Files\Java\jre7\lib\zi\Asia\backup.exe"C:\Program Files\Java\jre7\lib\zi\Asia\backup.exe" C:\Program Files\Java\jre7\lib\zi\Asia\6⤵
-
-
C:\Program Files\Java\jre7\lib\zi\Atlantic\backup.exe"C:\Program Files\Java\jre7\lib\zi\Atlantic\backup.exe" C:\Program Files\Java\jre7\lib\zi\Atlantic\6⤵
-
-
C:\Program Files\Java\jre7\lib\zi\Australia\update.exe"C:\Program Files\Java\jre7\lib\zi\Australia\update.exe" C:\Program Files\Java\jre7\lib\zi\Australia\6⤵
-
-
C:\Program Files\Java\jre7\lib\zi\Etc\backup.exe"C:\Program Files\Java\jre7\lib\zi\Etc\backup.exe" C:\Program Files\Java\jre7\lib\zi\Etc\6⤵
-
-
C:\Program Files\Java\jre7\lib\zi\Europe\backup.exe"C:\Program Files\Java\jre7\lib\zi\Europe\backup.exe" C:\Program Files\Java\jre7\lib\zi\Europe\6⤵
-
-
C:\Program Files\Java\jre7\lib\zi\Indian\backup.exe"C:\Program Files\Java\jre7\lib\zi\Indian\backup.exe" C:\Program Files\Java\jre7\lib\zi\Indian\6⤵
-
-
C:\Program Files\Java\jre7\lib\zi\Pacific\backup.exe"C:\Program Files\Java\jre7\lib\zi\Pacific\backup.exe" C:\Program Files\Java\jre7\lib\zi\Pacific\6⤵
-
-
C:\Program Files\Java\jre7\lib\zi\SystemV\backup.exe"C:\Program Files\Java\jre7\lib\zi\SystemV\backup.exe" C:\Program Files\Java\jre7\lib\zi\SystemV\6⤵
-
-
-
-
-
-
C:\Program Files\Microsoft Games\backup.exe"C:\Program Files\Microsoft Games\backup.exe" C:\Program Files\Microsoft Games\2⤵
-
C:\Program Files\Microsoft Games\FreeCell\backup.exe"C:\Program Files\Microsoft Games\FreeCell\backup.exe" C:\Program Files\Microsoft Games\FreeCell\3⤵
-
C:\Program Files\Microsoft Games\FreeCell\de-DE\data.exe"C:\Program Files\Microsoft Games\FreeCell\de-DE\data.exe" C:\Program Files\Microsoft Games\FreeCell\de-DE\4⤵
-
-
C:\Program Files\Microsoft Games\FreeCell\en-US\backup.exe"C:\Program Files\Microsoft Games\FreeCell\en-US\backup.exe" C:\Program Files\Microsoft Games\FreeCell\en-US\4⤵
-
-
C:\Program Files\Microsoft Games\FreeCell\es-ES\backup.exe"C:\Program Files\Microsoft Games\FreeCell\es-ES\backup.exe" C:\Program Files\Microsoft Games\FreeCell\es-ES\4⤵
-
-
C:\Program Files\Microsoft Games\FreeCell\fr-FR\backup.exe"C:\Program Files\Microsoft Games\FreeCell\fr-FR\backup.exe" C:\Program Files\Microsoft Games\FreeCell\fr-FR\4⤵
-
-
C:\Program Files\Microsoft Games\FreeCell\ja-JP\backup.exe"C:\Program Files\Microsoft Games\FreeCell\ja-JP\backup.exe" C:\Program Files\Microsoft Games\FreeCell\ja-JP\4⤵
-
-
C:\Program Files\Microsoft Games\FreeCell\it-IT\backup.exe"C:\Program Files\Microsoft Games\FreeCell\it-IT\backup.exe" C:\Program Files\Microsoft Games\FreeCell\it-IT\4⤵
-
-
-
C:\Program Files\Microsoft Games\Hearts\backup.exe"C:\Program Files\Microsoft Games\Hearts\backup.exe" C:\Program Files\Microsoft Games\Hearts\3⤵
-
C:\Program Files\Microsoft Games\Hearts\de-DE\backup.exe"C:\Program Files\Microsoft Games\Hearts\de-DE\backup.exe" C:\Program Files\Microsoft Games\Hearts\de-DE\4⤵
-
-
C:\Program Files\Microsoft Games\Hearts\en-US\backup.exe"C:\Program Files\Microsoft Games\Hearts\en-US\backup.exe" C:\Program Files\Microsoft Games\Hearts\en-US\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
-
C:\Program Files\Microsoft Games\Hearts\es-ES\backup.exe"C:\Program Files\Microsoft Games\Hearts\es-ES\backup.exe" C:\Program Files\Microsoft Games\Hearts\es-ES\4⤵
-
-
C:\Program Files\Microsoft Games\Hearts\fr-FR\backup.exe"C:\Program Files\Microsoft Games\Hearts\fr-FR\backup.exe" C:\Program Files\Microsoft Games\Hearts\fr-FR\4⤵
-
-
C:\Program Files\Microsoft Games\Hearts\it-IT\backup.exe"C:\Program Files\Microsoft Games\Hearts\it-IT\backup.exe" C:\Program Files\Microsoft Games\Hearts\it-IT\4⤵
-
-
C:\Program Files\Microsoft Games\Hearts\ja-JP\backup.exe"C:\Program Files\Microsoft Games\Hearts\ja-JP\backup.exe" C:\Program Files\Microsoft Games\Hearts\ja-JP\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\Microsoft Games\Mahjong\backup.exe"C:\Program Files\Microsoft Games\Mahjong\backup.exe" C:\Program Files\Microsoft Games\Mahjong\3⤵
-
C:\Program Files\Microsoft Games\Mahjong\de-DE\backup.exe"C:\Program Files\Microsoft Games\Mahjong\de-DE\backup.exe" C:\Program Files\Microsoft Games\Mahjong\de-DE\4⤵
-
-
C:\Program Files\Microsoft Games\Mahjong\en-US\backup.exe"C:\Program Files\Microsoft Games\Mahjong\en-US\backup.exe" C:\Program Files\Microsoft Games\Mahjong\en-US\4⤵
-
-
C:\Program Files\Microsoft Games\Mahjong\es-ES\backup.exe"C:\Program Files\Microsoft Games\Mahjong\es-ES\backup.exe" C:\Program Files\Microsoft Games\Mahjong\es-ES\4⤵
-
-
C:\Program Files\Microsoft Games\Mahjong\it-IT\backup.exe"C:\Program Files\Microsoft Games\Mahjong\it-IT\backup.exe" C:\Program Files\Microsoft Games\Mahjong\it-IT\4⤵
-
-
C:\Program Files\Microsoft Games\Mahjong\fr-FR\backup.exe"C:\Program Files\Microsoft Games\Mahjong\fr-FR\backup.exe" C:\Program Files\Microsoft Games\Mahjong\fr-FR\4⤵
-
-
C:\Program Files\Microsoft Games\Mahjong\ja-JP\backup.exe"C:\Program Files\Microsoft Games\Mahjong\ja-JP\backup.exe" C:\Program Files\Microsoft Games\Mahjong\ja-JP\4⤵
-
-
-
C:\Program Files\Microsoft Games\Minesweeper\backup.exe"C:\Program Files\Microsoft Games\Minesweeper\backup.exe" C:\Program Files\Microsoft Games\Minesweeper\3⤵
-
C:\Program Files\Microsoft Games\Minesweeper\de-DE\backup.exe"C:\Program Files\Microsoft Games\Minesweeper\de-DE\backup.exe" C:\Program Files\Microsoft Games\Minesweeper\de-DE\4⤵
-
-
C:\Program Files\Microsoft Games\Minesweeper\en-US\backup.exe"C:\Program Files\Microsoft Games\Minesweeper\en-US\backup.exe" C:\Program Files\Microsoft Games\Minesweeper\en-US\4⤵
-
-
C:\Program Files\Microsoft Games\Minesweeper\es-ES\backup.exe"C:\Program Files\Microsoft Games\Minesweeper\es-ES\backup.exe" C:\Program Files\Microsoft Games\Minesweeper\es-ES\4⤵
-
-
C:\Program Files\Microsoft Games\Minesweeper\it-IT\backup.exe"C:\Program Files\Microsoft Games\Minesweeper\it-IT\backup.exe" C:\Program Files\Microsoft Games\Minesweeper\it-IT\4⤵
-
-
C:\Program Files\Microsoft Games\Minesweeper\fr-FR\backup.exe"C:\Program Files\Microsoft Games\Minesweeper\fr-FR\backup.exe" C:\Program Files\Microsoft Games\Minesweeper\fr-FR\4⤵
-
-
C:\Program Files\Microsoft Games\Minesweeper\ja-JP\data.exe"C:\Program Files\Microsoft Games\Minesweeper\ja-JP\data.exe" C:\Program Files\Microsoft Games\Minesweeper\ja-JP\4⤵
-
-
-
C:\Program Files\Microsoft Games\More Games\backup.exe"C:\Program Files\Microsoft Games\More Games\backup.exe" C:\Program Files\Microsoft Games\More Games\3⤵
-
C:\Program Files\Microsoft Games\More Games\de-DE\backup.exe"C:\Program Files\Microsoft Games\More Games\de-DE\backup.exe" C:\Program Files\Microsoft Games\More Games\de-DE\4⤵
-
-
C:\Program Files\Microsoft Games\More Games\en-US\backup.exe"C:\Program Files\Microsoft Games\More Games\en-US\backup.exe" C:\Program Files\Microsoft Games\More Games\en-US\4⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Microsoft Games\More Games\es-ES\backup.exe"C:\Program Files\Microsoft Games\More Games\es-ES\backup.exe" C:\Program Files\Microsoft Games\More Games\es-ES\4⤵
-
-
C:\Program Files\Microsoft Games\More Games\fr-FR\backup.exe"C:\Program Files\Microsoft Games\More Games\fr-FR\backup.exe" C:\Program Files\Microsoft Games\More Games\fr-FR\4⤵
-
-
C:\Program Files\Microsoft Games\More Games\it-IT\backup.exe"C:\Program Files\Microsoft Games\More Games\it-IT\backup.exe" C:\Program Files\Microsoft Games\More Games\it-IT\4⤵
-
-
C:\Program Files\Microsoft Games\More Games\ja-JP\backup.exe"C:\Program Files\Microsoft Games\More Games\ja-JP\backup.exe" C:\Program Files\Microsoft Games\More Games\ja-JP\4⤵
-
-
-
C:\Program Files\Microsoft Games\Multiplayer\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\3⤵
-
C:\Program Files\Microsoft Games\Multiplayer\Backgammon\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Backgammon\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Backgammon\4⤵
-
C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\5⤵
-
-
C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\5⤵
-
-
C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\5⤵
-
C:\Program Files\Mozilla Firefox\browser\backup.exe"C:\Program Files\Mozilla Firefox\browser\backup.exe" C:\Program Files\Mozilla Firefox\browser\6⤵
-
C:\Program Files\Mozilla Firefox\browser\features\System Restore.exe"C:\Program Files\Mozilla Firefox\browser\features\System Restore.exe" C:\Program Files\Mozilla Firefox\browser\features\7⤵
-
-
C:\Program Files\Mozilla Firefox\browser\VisualElements\update.exe"C:\Program Files\Mozilla Firefox\browser\VisualElements\update.exe" C:\Program Files\Mozilla Firefox\browser\VisualElements\7⤵
-
-
-
C:\Program Files\Mozilla Firefox\fonts\backup.exe"C:\Program Files\Mozilla Firefox\fonts\backup.exe" C:\Program Files\Mozilla Firefox\fonts\6⤵
-
-
C:\Program Files\Mozilla Firefox\uninstall\backup.exe"C:\Program Files\Mozilla Firefox\uninstall\backup.exe" C:\Program Files\Mozilla Firefox\uninstall\6⤵
-
-
C:\Program Files\Mozilla Firefox\gmp-clearkey\backup.exe"C:\Program Files\Mozilla Firefox\gmp-clearkey\backup.exe" C:\Program Files\Mozilla Firefox\gmp-clearkey\6⤵
-
-
C:\Program Files\Mozilla Firefox\defaults\backup.exe"C:\Program Files\Mozilla Firefox\defaults\backup.exe" C:\Program Files\Mozilla Firefox\defaults\6⤵
-
-
-
C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\5⤵
-
-
C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\5⤵
-
-
C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\5⤵
-
C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\data.exe"C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\data.exe" C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\6⤵
-
-
-
-
C:\Program Files\Microsoft Games\Multiplayer\Checkers\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Checkers\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Checkers\4⤵
-
C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\5⤵
-
C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\6⤵
-
-
-
C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\5⤵
-
-
C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\5⤵
-
-
C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\5⤵
-
-
C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\5⤵
-
-
-
C:\Program Files\Microsoft Games\Multiplayer\Spades\update.exe"C:\Program Files\Microsoft Games\Multiplayer\Spades\update.exe" C:\Program Files\Microsoft Games\Multiplayer\Spades\4⤵
-
C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\5⤵
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\6⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Updater6\6⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\6⤵
-
-
-
C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\5⤵
-
-
C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\5⤵
-
-
C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\5⤵
-
C:\Program Files\Reference Assemblies\Microsoft\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\6⤵
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\7⤵
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\8⤵
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\9⤵
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\9⤵
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\9⤵
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\9⤵
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\9⤵
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\9⤵
-
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\8⤵
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\9⤵
-
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\Versions\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\Versions\10⤵
-
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\11⤵
-
-
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\9⤵
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\9⤵
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\9⤵
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\9⤵
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\data.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\data.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\9⤵
-
-
-
-
-
-
C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\5⤵
-
-
C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\5⤵
-
-
-
-
C:\Program Files\Microsoft Games\Purble Place\update.exe"C:\Program Files\Microsoft Games\Purble Place\update.exe" C:\Program Files\Microsoft Games\Purble Place\3⤵
-
C:\Program Files\Microsoft Games\Purble Place\de-DE\data.exe"C:\Program Files\Microsoft Games\Purble Place\de-DE\data.exe" C:\Program Files\Microsoft Games\Purble Place\de-DE\4⤵
-
-
C:\Program Files\Microsoft Games\Purble Place\en-US\System Restore.exe"C:\Program Files\Microsoft Games\Purble Place\en-US\System Restore.exe" C:\Program Files\Microsoft Games\Purble Place\en-US\4⤵
-
-
C:\Program Files\Microsoft Games\Purble Place\es-ES\backup.exe"C:\Program Files\Microsoft Games\Purble Place\es-ES\backup.exe" C:\Program Files\Microsoft Games\Purble Place\es-ES\4⤵
-
-
C:\Program Files\Microsoft Games\Purble Place\fr-FR\backup.exe"C:\Program Files\Microsoft Games\Purble Place\fr-FR\backup.exe" C:\Program Files\Microsoft Games\Purble Place\fr-FR\4⤵
-
-
C:\Program Files\Microsoft Games\Purble Place\it-IT\backup.exe"C:\Program Files\Microsoft Games\Purble Place\it-IT\backup.exe" C:\Program Files\Microsoft Games\Purble Place\it-IT\4⤵
-
-
C:\Program Files\Microsoft Games\Purble Place\ja-JP\backup.exe"C:\Program Files\Microsoft Games\Purble Place\ja-JP\backup.exe" C:\Program Files\Microsoft Games\Purble Place\ja-JP\4⤵
-
-
-
C:\Program Files\Microsoft Games\Solitaire\backup.exe"C:\Program Files\Microsoft Games\Solitaire\backup.exe" C:\Program Files\Microsoft Games\Solitaire\3⤵
-
C:\Program Files\Microsoft Games\Solitaire\de-DE\backup.exe"C:\Program Files\Microsoft Games\Solitaire\de-DE\backup.exe" C:\Program Files\Microsoft Games\Solitaire\de-DE\4⤵
-
-
C:\Program Files\Microsoft Games\Solitaire\en-US\backup.exe"C:\Program Files\Microsoft Games\Solitaire\en-US\backup.exe" C:\Program Files\Microsoft Games\Solitaire\en-US\4⤵
-
-
C:\Program Files\Microsoft Games\Solitaire\es-ES\backup.exe"C:\Program Files\Microsoft Games\Solitaire\es-ES\backup.exe" C:\Program Files\Microsoft Games\Solitaire\es-ES\4⤵
-
-
C:\Program Files\Microsoft Games\Solitaire\fr-FR\backup.exe"C:\Program Files\Microsoft Games\Solitaire\fr-FR\backup.exe" C:\Program Files\Microsoft Games\Solitaire\fr-FR\4⤵
-
-
C:\Program Files\Microsoft Games\Solitaire\it-IT\backup.exe"C:\Program Files\Microsoft Games\Solitaire\it-IT\backup.exe" C:\Program Files\Microsoft Games\Solitaire\it-IT\4⤵
-
-
C:\Program Files\Microsoft Games\Solitaire\ja-JP\backup.exe"C:\Program Files\Microsoft Games\Solitaire\ja-JP\backup.exe" C:\Program Files\Microsoft Games\Solitaire\ja-JP\4⤵
-
-
-
C:\Program Files\Microsoft Games\SpiderSolitaire\data.exe"C:\Program Files\Microsoft Games\SpiderSolitaire\data.exe" C:\Program Files\Microsoft Games\SpiderSolitaire\3⤵
-
C:\Program Files\Microsoft Games\SpiderSolitaire\de-DE\backup.exe"C:\Program Files\Microsoft Games\SpiderSolitaire\de-DE\backup.exe" C:\Program Files\Microsoft Games\SpiderSolitaire\de-DE\4⤵
-
-
C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\backup.exe"C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\backup.exe" C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\4⤵
-
-
C:\Program Files\Microsoft Games\SpiderSolitaire\es-ES\backup.exe"C:\Program Files\Microsoft Games\SpiderSolitaire\es-ES\backup.exe" C:\Program Files\Microsoft Games\SpiderSolitaire\es-ES\4⤵
-
-
C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\backup.exe"C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\backup.exe" C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\4⤵
-
-
C:\Program Files\Microsoft Games\SpiderSolitaire\it-IT\backup.exe"C:\Program Files\Microsoft Games\SpiderSolitaire\it-IT\backup.exe" C:\Program Files\Microsoft Games\SpiderSolitaire\it-IT\4⤵
-
-
C:\Program Files\Microsoft Games\SpiderSolitaire\fr-FR\backup.exe"C:\Program Files\Microsoft Games\SpiderSolitaire\fr-FR\backup.exe" C:\Program Files\Microsoft Games\SpiderSolitaire\fr-FR\4⤵
-
-
-
-
C:\Program Files\Microsoft Office\backup.exe"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\2⤵
- System policy modification
-
C:\Program Files\Microsoft Office\Office14\backup.exe"C:\Program Files\Microsoft Office\Office14\backup.exe" C:\Program Files\Microsoft Office\Office14\3⤵
-
C:\Program Files\Microsoft Office\Office14\1033\backup.exe"C:\Program Files\Microsoft Office\Office14\1033\backup.exe" C:\Program Files\Microsoft Office\Office14\1033\4⤵
-
-
-
-
C:\Program Files\MSBuild\backup.exe"C:\Program Files\MSBuild\backup.exe" C:\Program Files\MSBuild\2⤵
-
C:\Program Files\MSBuild\Microsoft\backup.exe"C:\Program Files\MSBuild\Microsoft\backup.exe" C:\Program Files\MSBuild\Microsoft\3⤵
-
C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\backup.exe"C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\backup.exe" C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\4⤵
-
C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\backup.exe"C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\backup.exe" C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\5⤵
-
C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\6⤵
-
-
-
C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\backup.exe"C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\backup.exe" C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\5⤵
-
-
-
-
-
C:\Program Files\Reference Assemblies\backup.exe"C:\Program Files\Reference Assemblies\backup.exe" C:\Program Files\Reference Assemblies\2⤵
-
-
C:\Program Files\VideoLAN\backup.exe"C:\Program Files\VideoLAN\backup.exe" C:\Program Files\VideoLAN\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\VideoLAN\VLC\backup.exe"C:\Program Files\VideoLAN\VLC\backup.exe" C:\Program Files\VideoLAN\VLC\3⤵
-
C:\Program Files\VideoLAN\VLC\locale\backup.exe"C:\Program Files\VideoLAN\VLC\locale\backup.exe" C:\Program Files\VideoLAN\VLC\locale\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\VideoLAN\VLC\locale\ach\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ach\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ach\5⤵
-
C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\6⤵
-
-
-
C:\Program Files\VideoLAN\VLC\locale\af\backup.exe"C:\Program Files\VideoLAN\VLC\locale\af\backup.exe" C:\Program Files\VideoLAN\VLC\locale\af\5⤵
-
C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\6⤵
-
-
-
C:\Program Files\VideoLAN\VLC\locale\am\backup.exe"C:\Program Files\VideoLAN\VLC\locale\am\backup.exe" C:\Program Files\VideoLAN\VLC\locale\am\5⤵
- System policy modification
-
-
C:\Program Files\VideoLAN\VLC\locale\an\backup.exe"C:\Program Files\VideoLAN\VLC\locale\an\backup.exe" C:\Program Files\VideoLAN\VLC\locale\an\5⤵
-
C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\6⤵
-
-
-
C:\Program Files\VideoLAN\VLC\locale\as_IN\backup.exe"C:\Program Files\VideoLAN\VLC\locale\as_IN\backup.exe" C:\Program Files\VideoLAN\VLC\locale\as_IN\5⤵
-
C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\6⤵
-
-
-
C:\Program Files\VideoLAN\VLC\locale\ast\System Restore.exe"C:\Program Files\VideoLAN\VLC\locale\ast\System Restore.exe" C:\Program Files\VideoLAN\VLC\locale\ast\5⤵
-
C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\6⤵
-
-
-
C:\Program Files\VideoLAN\VLC\locale\az\update.exe"C:\Program Files\VideoLAN\VLC\locale\az\update.exe" C:\Program Files\VideoLAN\VLC\locale\az\5⤵
-
C:\Program Files\VideoLAN\VLC\locale\az\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\az\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\az\LC_MESSAGES\6⤵
-
-
-
C:\Program Files\VideoLAN\VLC\locale\be\backup.exe"C:\Program Files\VideoLAN\VLC\locale\be\backup.exe" C:\Program Files\VideoLAN\VLC\locale\be\5⤵
-
C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\6⤵
-
-
-
C:\Program Files\VideoLAN\VLC\locale\ar\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ar\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ar\5⤵
-
-
C:\Program Files\VideoLAN\VLC\locale\bg\backup.exe"C:\Program Files\VideoLAN\VLC\locale\bg\backup.exe" C:\Program Files\VideoLAN\VLC\locale\bg\5⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\6⤵
-
-
-
C:\Program Files\VideoLAN\VLC\locale\bn\backup.exe"C:\Program Files\VideoLAN\VLC\locale\bn\backup.exe" C:\Program Files\VideoLAN\VLC\locale\bn\5⤵
-
C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\6⤵
-
-
-
C:\Program Files\VideoLAN\VLC\locale\bn_IN\backup.exe"C:\Program Files\VideoLAN\VLC\locale\bn_IN\backup.exe" C:\Program Files\VideoLAN\VLC\locale\bn_IN\5⤵
-
C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\6⤵
-
-
-
C:\Program Files\VideoLAN\VLC\locale\br\backup.exe"C:\Program Files\VideoLAN\VLC\locale\br\backup.exe" C:\Program Files\VideoLAN\VLC\locale\br\5⤵
-
C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\System Restore.exe"C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\System Restore.exe" C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\6⤵
-
-
-
C:\Program Files\VideoLAN\VLC\locale\brx\backup.exe"C:\Program Files\VideoLAN\VLC\locale\brx\backup.exe" C:\Program Files\VideoLAN\VLC\locale\brx\5⤵
-
C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\6⤵
-
-
-
C:\Program Files\VideoLAN\VLC\locale\bs\backup.exe"C:\Program Files\VideoLAN\VLC\locale\bs\backup.exe" C:\Program Files\VideoLAN\VLC\locale\bs\5⤵
-
C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\6⤵
-
-
-
C:\Program Files\VideoLAN\VLC\locale\ckb\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ckb\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ckb\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\VideoLAN\VLC\locale\ckb\LC_MESSAGES\data.exe"C:\Program Files\VideoLAN\VLC\locale\ckb\LC_MESSAGES\data.exe" C:\Program Files\VideoLAN\VLC\locale\ckb\LC_MESSAGES\6⤵
-
-
-
C:\Program Files\VideoLAN\VLC\locale\co\backup.exe"C:\Program Files\VideoLAN\VLC\locale\co\backup.exe" C:\Program Files\VideoLAN\VLC\locale\co\5⤵
-
C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\VideoLAN\VLC\locale\cs\backup.exe"C:\Program Files\VideoLAN\VLC\locale\cs\backup.exe" C:\Program Files\VideoLAN\VLC\locale\cs\5⤵
-
C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\6⤵
-
-
-
C:\Program Files\VideoLAN\VLC\locale\cgg\backup.exe"C:\Program Files\VideoLAN\VLC\locale\cgg\backup.exe" C:\Program Files\VideoLAN\VLC\locale\cgg\5⤵
-
-
C:\Program Files\VideoLAN\VLC\locale\cy\System Restore.exe"C:\Program Files\VideoLAN\VLC\locale\cy\System Restore.exe" C:\Program Files\VideoLAN\VLC\locale\cy\5⤵
-
C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\6⤵
-
-
-
C:\Program Files\VideoLAN\VLC\locale\da\backup.exe"C:\Program Files\VideoLAN\VLC\locale\da\backup.exe" C:\Program Files\VideoLAN\VLC\locale\da\5⤵
-
-
C:\Program Files\VideoLAN\VLC\locale\es\backup.exe"C:\Program Files\VideoLAN\VLC\locale\es\backup.exe" C:\Program Files\VideoLAN\VLC\locale\es\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\System Restore.exe"C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\System Restore.exe" C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\6⤵
-
-
-
C:\Program Files\VideoLAN\VLC\locale\et\backup.exe"C:\Program Files\VideoLAN\VLC\locale\et\backup.exe" C:\Program Files\VideoLAN\VLC\locale\et\5⤵
-
-
C:\Program Files\VideoLAN\VLC\locale\ff\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ff\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ff\5⤵
-
C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\6⤵
-
-
-
C:\Program Files\VideoLAN\VLC\locale\fa\backup.exe"C:\Program Files\VideoLAN\VLC\locale\fa\backup.exe" C:\Program Files\VideoLAN\VLC\locale\fa\5⤵
-
-
C:\Program Files\VideoLAN\VLC\locale\fi\backup.exe"C:\Program Files\VideoLAN\VLC\locale\fi\backup.exe" C:\Program Files\VideoLAN\VLC\locale\fi\5⤵
-
C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\6⤵
-
-
-
C:\Program Files\VideoLAN\VLC\locale\eu\backup.exe"C:\Program Files\VideoLAN\VLC\locale\eu\backup.exe" C:\Program Files\VideoLAN\VLC\locale\eu\5⤵
-
-
C:\Program Files\VideoLAN\VLC\locale\fr\backup.exe"C:\Program Files\VideoLAN\VLC\locale\fr\backup.exe" C:\Program Files\VideoLAN\VLC\locale\fr\5⤵
-
C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\6⤵
-
-
-
C:\Program Files\VideoLAN\VLC\locale\fur\update.exe"C:\Program Files\VideoLAN\VLC\locale\fur\update.exe" C:\Program Files\VideoLAN\VLC\locale\fur\5⤵
-
C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\6⤵
-
-
-
C:\Program Files\VideoLAN\VLC\locale\fy\backup.exe"C:\Program Files\VideoLAN\VLC\locale\fy\backup.exe" C:\Program Files\VideoLAN\VLC\locale\fy\5⤵
-
C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\6⤵
-
-
-
C:\Program Files\VideoLAN\VLC\locale\gd\data.exe"C:\Program Files\VideoLAN\VLC\locale\gd\data.exe" C:\Program Files\VideoLAN\VLC\locale\gd\5⤵
-
C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\6⤵
-
-
-
C:\Program Files\VideoLAN\VLC\locale\gl\backup.exe"C:\Program Files\VideoLAN\VLC\locale\gl\backup.exe" C:\Program Files\VideoLAN\VLC\locale\gl\5⤵
-
C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\6⤵
-
-
-
C:\Program Files\VideoLAN\VLC\locale\gu\backup.exe"C:\Program Files\VideoLAN\VLC\locale\gu\backup.exe" C:\Program Files\VideoLAN\VLC\locale\gu\5⤵
- Loads dropped DLL
- Drops file in Program Files directory
-
C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\6⤵
-
-
-
C:\Program Files\VideoLAN\VLC\locale\ga\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ga\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ga\5⤵
-
-
C:\Program Files\VideoLAN\VLC\locale\he\data.exe"C:\Program Files\VideoLAN\VLC\locale\he\data.exe" C:\Program Files\VideoLAN\VLC\locale\he\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\6⤵
-
-
-
C:\Program Files\VideoLAN\VLC\locale\hi\backup.exe"C:\Program Files\VideoLAN\VLC\locale\hi\backup.exe" C:\Program Files\VideoLAN\VLC\locale\hi\5⤵
-
C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\6⤵
-
-
-
C:\Program Files\VideoLAN\VLC\locale\en_GB\backup.exe"C:\Program Files\VideoLAN\VLC\locale\en_GB\backup.exe" C:\Program Files\VideoLAN\VLC\locale\en_GB\5⤵
-
-
C:\Program Files\VideoLAN\VLC\locale\el\backup.exe"C:\Program Files\VideoLAN\VLC\locale\el\backup.exe" C:\Program Files\VideoLAN\VLC\locale\el\5⤵
-
-
C:\Program Files\VideoLAN\VLC\locale\hu\backup.exe"C:\Program Files\VideoLAN\VLC\locale\hu\backup.exe" C:\Program Files\VideoLAN\VLC\locale\hu\5⤵
-
C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\6⤵
-
-
-
C:\Program Files\VideoLAN\VLC\locale\hy\backup.exe"C:\Program Files\VideoLAN\VLC\locale\hy\backup.exe" C:\Program Files\VideoLAN\VLC\locale\hy\5⤵
-
C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\6⤵
-
-
-
C:\Program Files\VideoLAN\VLC\locale\ia\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ia\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ia\5⤵
-
C:\Program Files\VideoLAN\VLC\locale\ia\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ia\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ia\LC_MESSAGES\6⤵
-
-
-
C:\Program Files\VideoLAN\VLC\locale\id\backup.exe"C:\Program Files\VideoLAN\VLC\locale\id\backup.exe" C:\Program Files\VideoLAN\VLC\locale\id\5⤵
-
C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
-
C:\Program Files\VideoLAN\VLC\locale\hr\data.exe"C:\Program Files\VideoLAN\VLC\locale\hr\data.exe" C:\Program Files\VideoLAN\VLC\locale\hr\5⤵
-
-
C:\Program Files\VideoLAN\VLC\locale\is\backup.exe"C:\Program Files\VideoLAN\VLC\locale\is\backup.exe" C:\Program Files\VideoLAN\VLC\locale\is\5⤵
-
C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\6⤵
-
-
-
C:\Program Files\VideoLAN\VLC\locale\de\backup.exe"C:\Program Files\VideoLAN\VLC\locale\de\backup.exe" C:\Program Files\VideoLAN\VLC\locale\de\5⤵
-
-
C:\Program Files\VideoLAN\VLC\locale\it\backup.exe"C:\Program Files\VideoLAN\VLC\locale\it\backup.exe" C:\Program Files\VideoLAN\VLC\locale\it\5⤵
-
C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\6⤵
-
-
-
C:\Program Files\VideoLAN\VLC\locale\ca\data.exe"C:\Program Files\VideoLAN\VLC\locale\ca\data.exe" C:\Program Files\VideoLAN\VLC\locale\ca\5⤵
-
-
C:\Program Files\VideoLAN\VLC\locale\ja\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ja\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ja\5⤵
-
C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\VideoLAN\VLC\locale\ka\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ka\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ka\5⤵
-
C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\6⤵
-
-
-
C:\Program Files\VideoLAN\VLC\locale\kk\backup.exe"C:\Program Files\VideoLAN\VLC\locale\kk\backup.exe" C:\Program Files\VideoLAN\VLC\locale\kk\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\6⤵
-
-
-
C:\Program Files\VideoLAN\VLC\locale\km\backup.exe"C:\Program Files\VideoLAN\VLC\locale\km\backup.exe" C:\Program Files\VideoLAN\VLC\locale\km\5⤵
-
C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\6⤵
-
-
-
C:\Program Files\VideoLAN\VLC\locale\kn\backup.exe"C:\Program Files\VideoLAN\VLC\locale\kn\backup.exe" C:\Program Files\VideoLAN\VLC\locale\kn\5⤵
-
-
C:\Program Files\VideoLAN\VLC\locale\ko\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ko\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ko\5⤵
-
-
C:\Program Files\VideoLAN\VLC\locale\ks_IN\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ks_IN\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ks_IN\5⤵
-
C:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\6⤵
-
-
-
C:\Program Files\VideoLAN\VLC\locale\ky\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ky\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ky\5⤵
-
-
C:\Program Files\VideoLAN\VLC\locale\lg\update.exe"C:\Program Files\VideoLAN\VLC\locale\lg\update.exe" C:\Program Files\VideoLAN\VLC\locale\lg\5⤵
-
-
C:\Program Files\VideoLAN\VLC\locale\lt\backup.exe"C:\Program Files\VideoLAN\VLC\locale\lt\backup.exe" C:\Program Files\VideoLAN\VLC\locale\lt\5⤵
-
-
C:\Program Files\VideoLAN\VLC\locale\lv\backup.exe"C:\Program Files\VideoLAN\VLC\locale\lv\backup.exe" C:\Program Files\VideoLAN\VLC\locale\lv\5⤵
-
-
C:\Program Files\VideoLAN\VLC\locale\mai\backup.exe"C:\Program Files\VideoLAN\VLC\locale\mai\backup.exe" C:\Program Files\VideoLAN\VLC\locale\mai\5⤵
-
-
C:\Program Files\VideoLAN\VLC\locale\mk\backup.exe"C:\Program Files\VideoLAN\VLC\locale\mk\backup.exe" C:\Program Files\VideoLAN\VLC\locale\mk\5⤵
-
-
-
C:\Program Files\VideoLAN\VLC\hrtfs\backup.exe"C:\Program Files\VideoLAN\VLC\hrtfs\backup.exe" C:\Program Files\VideoLAN\VLC\hrtfs\4⤵
-
-
C:\Program Files\VideoLAN\VLC\lua\backup.exe"C:\Program Files\VideoLAN\VLC\lua\backup.exe" C:\Program Files\VideoLAN\VLC\lua\4⤵
-
C:\Program Files\VideoLAN\VLC\lua\extensions\backup.exe"C:\Program Files\VideoLAN\VLC\lua\extensions\backup.exe" C:\Program Files\VideoLAN\VLC\lua\extensions\5⤵
-
-
C:\Program Files\VideoLAN\VLC\lua\http\backup.exe"C:\Program Files\VideoLAN\VLC\lua\http\backup.exe" C:\Program Files\VideoLAN\VLC\lua\http\5⤵
-
C:\Program Files\VideoLAN\VLC\lua\http\css\backup.exe"C:\Program Files\VideoLAN\VLC\lua\http\css\backup.exe" C:\Program Files\VideoLAN\VLC\lua\http\css\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\backup.exe"C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\backup.exe" C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\7⤵
-
C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\backup.exe"C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\backup.exe" C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\8⤵
-
-
-
-
C:\Program Files\VideoLAN\VLC\lua\http\dialogs\backup.exe"C:\Program Files\VideoLAN\VLC\lua\http\dialogs\backup.exe" C:\Program Files\VideoLAN\VLC\lua\http\dialogs\6⤵
-
-
C:\Program Files\VideoLAN\VLC\lua\http\images\backup.exe"C:\Program Files\VideoLAN\VLC\lua\http\images\backup.exe" C:\Program Files\VideoLAN\VLC\lua\http\images\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\VideoLAN\VLC\lua\http\js\backup.exe"C:\Program Files\VideoLAN\VLC\lua\http\js\backup.exe" C:\Program Files\VideoLAN\VLC\lua\http\js\6⤵
-
-
C:\Program Files\VideoLAN\VLC\lua\http\requests\backup.exe"C:\Program Files\VideoLAN\VLC\lua\http\requests\backup.exe" C:\Program Files\VideoLAN\VLC\lua\http\requests\6⤵
-
-
-
C:\Program Files\VideoLAN\VLC\lua\intf\backup.exe"C:\Program Files\VideoLAN\VLC\lua\intf\backup.exe" C:\Program Files\VideoLAN\VLC\lua\intf\5⤵
-
C:\Program Files\VideoLAN\VLC\lua\intf\modules\backup.exe"C:\Program Files\VideoLAN\VLC\lua\intf\modules\backup.exe" C:\Program Files\VideoLAN\VLC\lua\intf\modules\6⤵
-
-
-
C:\Program Files\VideoLAN\VLC\lua\meta\backup.exe"C:\Program Files\VideoLAN\VLC\lua\meta\backup.exe" C:\Program Files\VideoLAN\VLC\lua\meta\5⤵
-
-
C:\Program Files\VideoLAN\VLC\lua\modules\backup.exe"C:\Program Files\VideoLAN\VLC\lua\modules\backup.exe" C:\Program Files\VideoLAN\VLC\lua\modules\5⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\VideoLAN\VLC\lua\playlist\backup.exe"C:\Program Files\VideoLAN\VLC\lua\playlist\backup.exe" C:\Program Files\VideoLAN\VLC\lua\playlist\5⤵
-
-
C:\Program Files\VideoLAN\VLC\lua\sd\backup.exe"C:\Program Files\VideoLAN\VLC\lua\sd\backup.exe" C:\Program Files\VideoLAN\VLC\lua\sd\5⤵
-
-
-
C:\Program Files\VideoLAN\VLC\plugins\backup.exe"C:\Program Files\VideoLAN\VLC\plugins\backup.exe" C:\Program Files\VideoLAN\VLC\plugins\4⤵
-
C:\Program Files\VideoLAN\VLC\plugins\access\update.exe"C:\Program Files\VideoLAN\VLC\plugins\access\update.exe" C:\Program Files\VideoLAN\VLC\plugins\access\5⤵
-
-
C:\Program Files\VideoLAN\VLC\plugins\access_output\data.exe"C:\Program Files\VideoLAN\VLC\plugins\access_output\data.exe" C:\Program Files\VideoLAN\VLC\plugins\access_output\5⤵
-
-
C:\Program Files\VideoLAN\VLC\plugins\audio_filter\backup.exe"C:\Program Files\VideoLAN\VLC\plugins\audio_filter\backup.exe" C:\Program Files\VideoLAN\VLC\plugins\audio_filter\5⤵
-
-
C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\backup.exe"C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\backup.exe" C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\5⤵
-
-
C:\Program Files\VideoLAN\VLC\plugins\audio_output\backup.exe"C:\Program Files\VideoLAN\VLC\plugins\audio_output\backup.exe" C:\Program Files\VideoLAN\VLC\plugins\audio_output\5⤵
-
-
C:\Program Files\VideoLAN\VLC\plugins\codec\update.exe"C:\Program Files\VideoLAN\VLC\plugins\codec\update.exe" C:\Program Files\VideoLAN\VLC\plugins\codec\5⤵
-
-
C:\Program Files\VideoLAN\VLC\plugins\control\backup.exe"C:\Program Files\VideoLAN\VLC\plugins\control\backup.exe" C:\Program Files\VideoLAN\VLC\plugins\control\5⤵
-
-
-
C:\Program Files\VideoLAN\VLC\skins\backup.exe"C:\Program Files\VideoLAN\VLC\skins\backup.exe" C:\Program Files\VideoLAN\VLC\skins\4⤵
-
-
-
-
C:\Program Files\Mozilla Firefox\backup.exe"C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\2⤵
-
-
C:\Program Files\Windows Defender\backup.exe"C:\Program Files\Windows Defender\backup.exe" C:\Program Files\Windows Defender\2⤵
-
C:\Program Files\Windows Defender\de-DE\System Restore.exe"C:\Program Files\Windows Defender\de-DE\System Restore.exe" C:\Program Files\Windows Defender\de-DE\3⤵
-
-
C:\Program Files\Windows Defender\en-US\backup.exe"C:\Program Files\Windows Defender\en-US\backup.exe" C:\Program Files\Windows Defender\en-US\3⤵
-
-
C:\Program Files\Windows Defender\es-ES\update.exe"C:\Program Files\Windows Defender\es-ES\update.exe" C:\Program Files\Windows Defender\es-ES\3⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Windows Defender\fr-FR\backup.exe"C:\Program Files\Windows Defender\fr-FR\backup.exe" C:\Program Files\Windows Defender\fr-FR\3⤵
-
-
C:\Program Files\Windows Defender\it-IT\backup.exe"C:\Program Files\Windows Defender\it-IT\backup.exe" C:\Program Files\Windows Defender\it-IT\3⤵
-
-
C:\Program Files\Windows Defender\ja-JP\backup.exe"C:\Program Files\Windows Defender\ja-JP\backup.exe" C:\Program Files\Windows Defender\ja-JP\3⤵
-
-
-
C:\Program Files\Windows Journal\backup.exe"C:\Program Files\Windows Journal\backup.exe" C:\Program Files\Windows Journal\2⤵
- Drops file in Program Files directory
-
C:\Program Files\Windows Journal\de-DE\backup.exe"C:\Program Files\Windows Journal\de-DE\backup.exe" C:\Program Files\Windows Journal\de-DE\3⤵
-
-
C:\Program Files\Windows Journal\en-US\backup.exe"C:\Program Files\Windows Journal\en-US\backup.exe" C:\Program Files\Windows Journal\en-US\3⤵
-
-
C:\Program Files\Windows Journal\es-ES\backup.exe"C:\Program Files\Windows Journal\es-ES\backup.exe" C:\Program Files\Windows Journal\es-ES\3⤵
-
-
C:\Program Files\Windows Journal\fr-FR\backup.exe"C:\Program Files\Windows Journal\fr-FR\backup.exe" C:\Program Files\Windows Journal\fr-FR\3⤵
-
-
C:\Program Files\Windows Journal\it-IT\backup.exe"C:\Program Files\Windows Journal\it-IT\backup.exe" C:\Program Files\Windows Journal\it-IT\3⤵
-
-
C:\Program Files\Windows Journal\ja-JP\backup.exe"C:\Program Files\Windows Journal\ja-JP\backup.exe" C:\Program Files\Windows Journal\ja-JP\3⤵
-
-
C:\Program Files\Windows Journal\Templates\backup.exe"C:\Program Files\Windows Journal\Templates\backup.exe" C:\Program Files\Windows Journal\Templates\3⤵
-
-
-
C:\Program Files\Windows Mail\backup.exe"C:\Program Files\Windows Mail\backup.exe" C:\Program Files\Windows Mail\2⤵
-
C:\Program Files\Windows Mail\de-DE\backup.exe"C:\Program Files\Windows Mail\de-DE\backup.exe" C:\Program Files\Windows Mail\de-DE\3⤵
-
-
C:\Program Files\Windows Mail\en-US\update.exe"C:\Program Files\Windows Mail\en-US\update.exe" C:\Program Files\Windows Mail\en-US\3⤵
-
-
C:\Program Files\Windows Mail\es-ES\backup.exe"C:\Program Files\Windows Mail\es-ES\backup.exe" C:\Program Files\Windows Mail\es-ES\3⤵
-
-
C:\Program Files\Windows Mail\fr-FR\backup.exe"C:\Program Files\Windows Mail\fr-FR\backup.exe" C:\Program Files\Windows Mail\fr-FR\3⤵
-
-
C:\Program Files\Windows Mail\it-IT\backup.exe"C:\Program Files\Windows Mail\it-IT\backup.exe" C:\Program Files\Windows Mail\it-IT\3⤵
-
-
C:\Program Files\Windows Mail\ja-JP\backup.exe"C:\Program Files\Windows Mail\ja-JP\backup.exe" C:\Program Files\Windows Mail\ja-JP\3⤵
-
-
-
C:\Program Files\Windows Media Player\backup.exe"C:\Program Files\Windows Media Player\backup.exe" C:\Program Files\Windows Media Player\2⤵
-
-
C:\Program Files\Windows NT\backup.exe"C:\Program Files\Windows NT\backup.exe" C:\Program Files\Windows NT\2⤵
-
C:\Program Files\Windows NT\Accessories\backup.exe"C:\Program Files\Windows NT\Accessories\backup.exe" C:\Program Files\Windows NT\Accessories\3⤵
-
-
C:\Program Files\Windows NT\TableTextService\backup.exe"C:\Program Files\Windows NT\TableTextService\backup.exe" C:\Program Files\Windows NT\TableTextService\3⤵
-
-
-
C:\Program Files\Windows Photo Viewer\backup.exe"C:\Program Files\Windows Photo Viewer\backup.exe" C:\Program Files\Windows Photo Viewer\2⤵
-
-
C:\Program Files\Windows Portable Devices\backup.exe"C:\Program Files\Windows Portable Devices\backup.exe" C:\Program Files\Windows Portable Devices\2⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Windows Sidebar\backup.exe"C:\Program Files\Windows Sidebar\backup.exe" C:\Program Files\Windows Sidebar\2⤵
-
-
C:\PerfLogs\System Restore.exe"C:\PerfLogs\System Restore.exe" C:\PerfLogs\1⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\1⤵
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\1⤵
-
C:\Program Files\Common Files\System\Ole DB\de-DE\backup.exe"C:\Program Files\Common Files\System\Ole DB\de-DE\backup.exe" C:\Program Files\Common Files\System\Ole DB\de-DE\1⤵
-
C:\Program Files\DVD Maker\de-DE\backup.exe"C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\1⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\1⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\2⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\2⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\data.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\data.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\2⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Full\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\2⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\2⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\2⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\2⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\2⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\2⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Push\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Push\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Push\2⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\2⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\2⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\2⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\2⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\2⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\2⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\2⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\2⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\2⤵
-
-
C:\Program Files\Internet Explorer\de-DE\backup.exe"C:\Program Files\Internet Explorer\de-DE\backup.exe" C:\Program Files\Internet Explorer\de-DE\1⤵
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\1⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\2⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\update.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\update.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\2⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\2⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\data.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\data.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\1⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\1⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\1⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\1⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\2⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\1⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\2⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\2⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\2⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\1⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\2⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\3⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\2⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\3⤵
-
-
-
C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\1⤵
-
C:\Program Files\Mozilla Firefox\defaults\pref\backup.exe"C:\Program Files\Mozilla Firefox\defaults\pref\backup.exe" C:\Program Files\Mozilla Firefox\defaults\pref\1⤵
-
C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\backup.exe"C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\backup.exe" C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\1⤵
-
C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\1⤵
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\1⤵
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\2⤵
-
-
C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\1⤵
-
C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\1⤵
-
C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\1⤵
-
C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\1⤵
-
C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\1⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD571ddc391d6eddd9744a6536e2bdbace0
SHA119dfd1c8fd12dc4e46929d56ac8fb30b229fd18a
SHA2564e03fc0b63958f6dfaa80a185986147bcd8e2289383d1992c257b963eec2341c
SHA512a53a8dde23e186132304732e836ca5ce3f1deea0335fcc15d5d42beb3dc63b30a4f6fb383206edd7a5bd0ca6525c5895e9a8b1e98732ee333cedf89a8d314b75
-
Filesize
64KB
MD5766dff019a5f3de9b61e9073dc62e049
SHA12a326e4ec4d093705b73f7dfab2225e2e9bc103e
SHA256674fa34912246e2ab98f4a70a8f2090d5b3a3cdb5f962f98f408c91ea764d3a1
SHA51283fad9ed6442bbd642fbb115bdb727560c7b29707afa77e2577711b65b5a5bccd6b057c922eee63cb792ba36470d3e011a4696639e77ea91e0653ab28b343f25
-
Filesize
72KB
MD597c9709543e94be2ea4e239801595100
SHA1af61558746bfa20fe2cff3c033000a6414338f28
SHA256af35c208330dc5883fa561594f2bf0085db4b670af9bcd52c5ddc5c93eaf60c8
SHA5126baeda7ce60a5ee02a819623ead4a85f2a84e0ab60146f971b60b8f58490a059caa01f37cb50cbc5fb8c9b04edd5244b9a00fe04072b9359eb42c07ea4110182
-
Filesize
72KB
MD57d6febc9f86d35c36d67aa6952ecb664
SHA118f705acad3adb2744dfecb3b0db1531d5b55897
SHA25631f281abd14c90e0463d651addd7b96b5bfc987e9c6b214556d2990f2cf24d29
SHA512c90f02600c23ba2cabad05c7633e540bbc24f73487abb5f6c8c6d88295c120af80d9016d0cf52b5b8a6457ffcc2770e026aa36bc2c97c7aa536a00dcef4e2cb1
-
Filesize
72KB
MD5ec00fb4cc36a0365711fdc02a8f16e36
SHA1c0cbd82107c141b6fc7d4b51f51d9f44a32fe144
SHA25634ccbd1156704841352ee49c0808b8ae22076df5aea841502214b61f19f578d8
SHA512c2313a3a58c1a9d373eb1236d467def349f0079fe4029f4c9e9a29686802c59c2fb35b7992c95d0ae572f7cea2c00d705dcf2387781506819b9756f1a5836fac
-
Filesize
72KB
MD5ce027e4dfcf9ed3fe56b21e4824981ce
SHA1fe4e7f1ac2ee1b708239f7f3a2736dadc377b1c5
SHA25625225cbb9e8a7611502d5f7147e0cf6bf8ac36ced327fd8f317d068f9f89bb42
SHA51201279a97ce50cf3f773001cfef420ab6cea7be4d14c51094e76f4019283fded30c7a3de0e4c399bccf82fe82a8627ff36222a8cb7615a8375b1c1b4f48d16a6e
-
Filesize
21KB
MD5f120919574471d77e8b02f589ce9edf4
SHA1e2ae667445d70ae11e8bcecaff886cd5edee27fc
SHA2564b39da0a6e01b1f8198c365f7613d55c211ec2159e478dfabd8916a76b285376
SHA512d6e8c6f46e21eaa0de119d053545a6f1927d3168632d3a86153b3c2742c9536405447d8c6ceb8799bda343058a2d0e4e20ce7d436dabb8ee47df7adc000a9843
-
Filesize
22B
MD576cdb2bad9582d23c1f6f4d868218d6c
SHA1b04f3ee8f5e43fa3b162981b50bb72fe1acabb33
SHA2568739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85
SHA5125e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f
-
Filesize
72KB
MD598d3e610878d5409b61f75e99ac1b39e
SHA13f784f15ea5a02820aebde987b2e044493e247dc
SHA25690e5909c35894f071bacc779f5f2f2ec12af1a4e395e9754cb15b074d05a7e2b
SHA5129b40e16ccd8bfec442efd5afed57760e1b6c4fa7162251ed33cd3fb8cff28bb58a6ddb7a07de80d16928d3dab082ae5d2081516ae78f403abb34ee67d7063c73
-
Filesize
71KB
MD5f669d169ecf02ea78c2d2a87773d0ba9
SHA13f062a612038b0400d92c04f6410d1bce9d2bf66
SHA25637d359a3c9f61f5465b21a65685dc936f91308ac222fb4db70d86d7ade0f536a
SHA51227fc454ced66f7edce84a28930124af01f2d7ab449b62e837ea2da4f891d67651058a41b4265eb5812a6e9e051713f2dd697569aa1381e48510647e7dd4d2fac
-
Filesize
72KB
MD54b0313bafd7f1c2486bf7d1be0e4aeb4
SHA1cee5eedbd7cf92efcb1d9ea1c4dc324307619238
SHA2560b80033780d24db1ba91819fbc887b2c5b7df9a2bc06c5de4c06463a01308d66
SHA512f36e96da61d8d3a8b5dfc4936721329db3ac2d13ae040cbc59095bfda26139ce7acec30984688437879b953ebc1da0ea59f102baf356301c507f9d7a703c43e0
-
Filesize
4KB