Analysis
-
max time kernel
39s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 22:57
Static task
static1
Behavioral task
behavioral1
Sample
8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exe
-
Size
72KB
-
MD5
8df12ed52267f11039a4a6840b1f8980
-
SHA1
bc4fb220c40a535773047d62cecce04668a3b5c0
-
SHA256
7b60dc506f5ed070b13737bade5899aa1884d2aaf8626f2e51c10dd5eaa905bf
-
SHA512
90136aac4ab2f734373fb5663de391ed17a8e9335f761f84d73ee97f76dc77600be4683d427f15ef6fcfbe540b037d82876a68bdc25ac7258a7072e366f1286d
-
SSDEEP
384:y6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2I:ypQNwC3BEddsEqOt/hyJF+x3BEJwRrU
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
Processes:
backup.exebackup.exebackup.exedata.exebackup.exebackup.exeSystem Restore.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exedata.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exedata.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exeupdate.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exedata.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" data.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" System Restore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" data.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" data.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" update.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" data.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe -
Disables RegEdit via registry modification 64 IoCs
Processes:
backup.exebackup.exeupdate.exebackup.exebackup.exebackup.exebackup.exeSystem Restore.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exedata.exebackup.exebackup.exebackup.exeSystem Restore.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exedata.exedata.exebackup.exebackup.exebackup.exeupdate.exeSystem Restore.exebackup.exebackup.exebackup.exedata.exeupdate.exebackup.exedata.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" update.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" System Restore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" data.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" System Restore.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" data.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" data.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" update.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" System Restore.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" data.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" update.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" data.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe -
Executes dropped EXE 64 IoCs
Processes:
backup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exeupdate.exebackup.exebackup.exebackup.exebackup.exebackup.exedata.exebackup.exebackup.exebackup.exeSystem Restore.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exeupdate.exebackup.exebackup.exeupdate.exebackup.exebackup.exebackup.exebackup.exebackup.exeSystem Restore.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exeSystem Restore.exebackup.exedata.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exeupdate.exepid process 2792 backup.exe 1004 backup.exe 3592 backup.exe 1116 backup.exe 5052 backup.exe 3000 backup.exe 5008 backup.exe 3668 backup.exe 3828 update.exe 1964 backup.exe 2996 backup.exe 2632 backup.exe 804 backup.exe 3336 backup.exe 4084 data.exe 4944 backup.exe 3212 backup.exe 316 backup.exe 2484 System Restore.exe 2712 backup.exe 1612 backup.exe 2824 backup.exe 3520 backup.exe 4964 backup.exe 5068 backup.exe 2856 update.exe 3660 backup.exe 4368 backup.exe 4268 update.exe 3184 backup.exe 4904 backup.exe 3640 backup.exe 636 backup.exe 4992 backup.exe 1380 System Restore.exe 4856 backup.exe 4728 backup.exe 1332 backup.exe 1756 backup.exe 1424 backup.exe 3828 backup.exe 3880 backup.exe 2844 backup.exe 772 backup.exe 2728 backup.exe 4060 backup.exe 2664 backup.exe 1992 backup.exe 864 backup.exe 316 backup.exe 4796 backup.exe 4272 backup.exe 4960 backup.exe 4676 backup.exe 3520 System Restore.exe 2468 backup.exe 324 data.exe 1076 backup.exe 4560 backup.exe 2020 backup.exe 3800 backup.exe 1140 backup.exe 4948 backup.exe 1232 update.exe -
Drops file in Program Files directory 64 IoCs
Processes:
System Restore.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exeSystem Restore.exebackup.exebackup.exeSystem Restore.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exedata.exebackup.exedata.exedata.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exedescription ioc process File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\de-de\backup.exe System Restore.exe File opened for modification C:\Program Files (x86)\Common Files\System\ado\en-US\backup.exe backup.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000009\backup.exe backup.exe File opened for modification C:\Program Files\Mozilla Firefox\uninstall\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\dev\libs\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\da-dk\backup.exe System Restore.exe File opened for modification C:\Program Files\Java\jdk-1.8\include\win32\data.exe backup.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\nb-no\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\en-gb\System Restore.exe backup.exe File opened for modification C:\Program Files\Java\jre-1.8\lib\cmm\backup.exe System Restore.exe File opened for modification C:\Program Files\Microsoft Office\root\loc\backup.exe backup.exe File opened for modification C:\Program Files\Common Files\System\ado\de-DE\backup.exe backup.exe File opened for modification C:\Program Files\Common Files\System\Ole DB\backup.exe System Restore.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sv-se\backup.exe System Restore.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\backup.exe backup.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\es-es\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_proxy\win11\System Restore.exe backup.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\backup.exe backup.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\backup.exe backup.exe File opened for modification C:\Program Files\Java\jdk-1.8\legal\javafx\backup.exe backup.exe File opened for modification C:\Program Files\Microsoft Office\root\Office15\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\uk-ua\backup.exe System Restore.exe File opened for modification C:\Program Files\Common Files\microsoft shared\Source Engine\update.exe backup.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\cs-cz\backup.exe System Restore.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\backup.exe data.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\pl-PL\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ja-jp\backup.exe backup.exe File opened for modification C:\Program Files\Java\jdk-1.8\include\win32\bridge\backup.exe data.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sv-se\update.exe backup.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\backup.exe data.exe File opened for modification C:\Program Files\Java\jre-1.8\lib\security\backup.exe System Restore.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe backup.exe File opened for modification C:\Program Files\Common Files\System\de-DE\backup.exe System Restore.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\backup.exe backup.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000050\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ro-ro\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\nl-nl\backup.exe System Restore.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\Extensions\backup.exe backup.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\lt-LT\backup.exe backup.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\nb-NO\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\hr-hr\backup.exe System Restore.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\hr-hr\backup.exe backup.exe File opened for modification C:\Program Files\Internet Explorer\it-IT\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fr-fr\backup.exe backup.exe File opened for modification C:\Program Files\Common Files\microsoft shared\TextConv\en-US\backup.exe backup.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\backup.exe backup.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\deploy\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\zh-cn\backup.exe System Restore.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exe backup.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-il\data.exe System Restore.exe File opened for modification C:\Program Files (x86)\Internet Explorer\images\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Common Files\System\uk-UA\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\backup.exe backup.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\server\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\backup.exe backup.exe -
Drops file in Windows directory 64 IoCs
Processes:
backup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exedata.exebackup.exedata.exebackup.exebackup.exebackup.exebackup.exebackup.exeSystem Restore.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exedescription ioc process File opened for modification C:\Windows\assembly\GAC_32\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC_64\ISymWrapper\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC_64\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\update.exe backup.exe File opened for modification C:\Windows\appcompat\encapsulation\backup.exe backup.exe File opened for modification C:\Windows\apppatch\de-DE\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC\Extensibility\backup.exe backup.exe File opened for modification C:\Windows\assembly\backup.exe backup.exe File opened for modification C:\Windows\appcompat\appraiser\Telemetry\backup.exe data.exe File opened for modification C:\Windows\appcompat\Programs\backup.exe backup.exe File opened for modification C:\Windows\AppReadiness\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\backup.exe backup.exe File opened for modification C:\Windows\appcompat\appraiser\data.exe backup.exe File opened for modification C:\Windows\apppatch\ja-JP\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\System Restore.exe data.exe File opened for modification C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC_64\Microsoft.Ink\System Restore.exe backup.exe File opened for modification C:\Windows\assembly\GAC\Microsoft.mshtml\data.exe backup.exe File opened for modification C:\Windows\assembly\GAC_32\System.Data\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC_32\System.Transactions\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC_32\System.EnterpriseServices\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC_64\backup.exe backup.exe File opened for modification C:\Windows\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC_32\ISymWrapper\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC\ADODB\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC_64\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC_64\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\backup.exe System Restore.exe File opened for modification C:\Windows\apppatch\fr-FR\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC_32\Microsoft.Ink\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\backup.exe backup.exe File opened for modification C:\Windows\apppatch\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC\Microsoft.StdFormat\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC\MSDATASRC\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC_32\System.Web\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC_64\Microsoft.Interop.Security.AzRoles\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC_32\System.Data.OracleClient\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC_64\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\backup.exe backup.exe File opened for modification C:\Windows\apppatch\it-IT\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\backup.exe backup.exe File opened for modification C:\Windows\apppatch\AppPatch64\backup.exe backup.exe File opened for modification C:\Windows\apppatch\Custom\update.exe backup.exe File opened for modification C:\Windows\assembly\GAC\stdole\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC_32\CustomMarshalers\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC_32\mscorlib\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC_32\PresentationCore\backup.exe backup.exe File opened for modification C:\Windows\apppatch\CustomSDB\backup.exe backup.exe File opened for modification C:\Windows\apppatch\en-US\System Restore.exe backup.exe File opened for modification C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC_32\srmlib\1.0.0.0__31bf3856ad364e35\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC_64\CustomMarshalers\backup.exe backup.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exepid process 4548 8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
Processes:
8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exeupdate.exebackup.exebackup.exebackup.exebackup.exebackup.exedata.exebackup.exebackup.exebackup.exeSystem Restore.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exeupdate.exebackup.exebackup.exeupdate.exebackup.exebackup.exebackup.exebackup.exebackup.exeSystem Restore.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exeSystem Restore.exebackup.exedata.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exepid process 4548 8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exe 2792 backup.exe 1004 backup.exe 3592 backup.exe 1116 backup.exe 5052 backup.exe 3000 backup.exe 5008 backup.exe 3668 backup.exe 3828 update.exe 1964 backup.exe 2996 backup.exe 2632 backup.exe 804 backup.exe 3336 backup.exe 4084 data.exe 4944 backup.exe 3212 backup.exe 316 backup.exe 2484 System Restore.exe 2712 backup.exe 1612 backup.exe 2824 backup.exe 3520 backup.exe 4964 backup.exe 5068 backup.exe 2856 update.exe 3660 backup.exe 4368 backup.exe 4268 update.exe 3184 backup.exe 4904 backup.exe 3640 backup.exe 636 backup.exe 4992 backup.exe 1380 System Restore.exe 4856 backup.exe 4728 backup.exe 1332 backup.exe 1756 backup.exe 1424 backup.exe 3828 backup.exe 3880 backup.exe 2844 backup.exe 772 backup.exe 2728 backup.exe 4060 backup.exe 2664 backup.exe 1992 backup.exe 864 backup.exe 316 backup.exe 4796 backup.exe 4272 backup.exe 4960 backup.exe 4676 backup.exe 3520 System Restore.exe 2468 backup.exe 324 data.exe 4560 backup.exe 1076 backup.exe 2020 backup.exe 3800 backup.exe 1140 backup.exe 4948 backup.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exeupdate.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exedescription pid process target process PID 4548 wrote to memory of 2792 4548 8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exe backup.exe PID 4548 wrote to memory of 2792 4548 8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exe backup.exe PID 4548 wrote to memory of 2792 4548 8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exe backup.exe PID 4548 wrote to memory of 1004 4548 8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exe backup.exe PID 4548 wrote to memory of 1004 4548 8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exe backup.exe PID 4548 wrote to memory of 1004 4548 8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exe backup.exe PID 4548 wrote to memory of 3592 4548 8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exe backup.exe PID 4548 wrote to memory of 3592 4548 8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exe backup.exe PID 4548 wrote to memory of 3592 4548 8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exe backup.exe PID 4548 wrote to memory of 1116 4548 8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exe backup.exe PID 4548 wrote to memory of 1116 4548 8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exe backup.exe PID 4548 wrote to memory of 1116 4548 8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exe backup.exe PID 4548 wrote to memory of 5052 4548 8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exe backup.exe PID 4548 wrote to memory of 5052 4548 8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exe backup.exe PID 4548 wrote to memory of 5052 4548 8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exe backup.exe PID 4548 wrote to memory of 3000 4548 8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exe backup.exe PID 4548 wrote to memory of 3000 4548 8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exe backup.exe PID 4548 wrote to memory of 3000 4548 8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exe backup.exe PID 4548 wrote to memory of 5008 4548 8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exe backup.exe PID 4548 wrote to memory of 5008 4548 8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exe backup.exe PID 4548 wrote to memory of 5008 4548 8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exe backup.exe PID 4548 wrote to memory of 3668 4548 8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exe backup.exe PID 4548 wrote to memory of 3668 4548 8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exe backup.exe PID 4548 wrote to memory of 3668 4548 8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exe backup.exe PID 4548 wrote to memory of 3828 4548 8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exe update.exe PID 4548 wrote to memory of 3828 4548 8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exe update.exe PID 4548 wrote to memory of 3828 4548 8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exe update.exe PID 3828 wrote to memory of 1964 3828 update.exe backup.exe PID 3828 wrote to memory of 1964 3828 update.exe backup.exe PID 3828 wrote to memory of 1964 3828 update.exe backup.exe PID 1964 wrote to memory of 2996 1964 backup.exe backup.exe PID 1964 wrote to memory of 2996 1964 backup.exe backup.exe PID 1964 wrote to memory of 2996 1964 backup.exe backup.exe PID 4548 wrote to memory of 2632 4548 8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exe backup.exe PID 4548 wrote to memory of 2632 4548 8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exe backup.exe PID 4548 wrote to memory of 2632 4548 8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exe backup.exe PID 2632 wrote to memory of 804 2632 backup.exe backup.exe PID 2632 wrote to memory of 804 2632 backup.exe backup.exe PID 2632 wrote to memory of 804 2632 backup.exe backup.exe PID 804 wrote to memory of 3336 804 backup.exe backup.exe PID 804 wrote to memory of 3336 804 backup.exe backup.exe PID 804 wrote to memory of 3336 804 backup.exe backup.exe PID 3336 wrote to memory of 4084 3336 backup.exe data.exe PID 3336 wrote to memory of 4084 3336 backup.exe data.exe PID 3336 wrote to memory of 4084 3336 backup.exe data.exe PID 2792 wrote to memory of 4944 2792 backup.exe backup.exe PID 2792 wrote to memory of 4944 2792 backup.exe backup.exe PID 2792 wrote to memory of 4944 2792 backup.exe backup.exe PID 3336 wrote to memory of 3212 3336 backup.exe backup.exe PID 3336 wrote to memory of 3212 3336 backup.exe backup.exe PID 3336 wrote to memory of 3212 3336 backup.exe backup.exe PID 4944 wrote to memory of 316 4944 backup.exe backup.exe PID 4944 wrote to memory of 316 4944 backup.exe backup.exe PID 4944 wrote to memory of 316 4944 backup.exe backup.exe PID 3336 wrote to memory of 2484 3336 backup.exe System Restore.exe PID 3336 wrote to memory of 2484 3336 backup.exe System Restore.exe PID 3336 wrote to memory of 2484 3336 backup.exe System Restore.exe PID 4944 wrote to memory of 2712 4944 backup.exe backup.exe PID 4944 wrote to memory of 2712 4944 backup.exe backup.exe PID 4944 wrote to memory of 2712 4944 backup.exe backup.exe PID 3336 wrote to memory of 1612 3336 backup.exe backup.exe PID 3336 wrote to memory of 1612 3336 backup.exe backup.exe PID 3336 wrote to memory of 1612 3336 backup.exe backup.exe PID 2712 wrote to memory of 2824 2712 backup.exe backup.exe -
System policy modification 1 TTPs 64 IoCs
Processes:
backup.exe8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exedata.exebackup.exebackup.exeSystem Restore.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exedata.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exebackup.exeupdate.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer 8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" data.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" System Restore.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" data.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer update.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\8df12ed52267f11039a4a6840b1f8980_NeikiAnalytics.exe"1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\{6455400B-3467-4E51-808B-8821A1FE6438}\backup.exeC:\Users\Admin\AppData\Local\Temp\{6455400B-3467-4E51-808B-8821A1FE6438}\backup.exe C:\Users\Admin\AppData\Local\Temp\{6455400B-3467-4E51-808B-8821A1FE6438}\2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\backup.exe\backup.exe \3⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\update.exe"C:\Program Files\Common Files\update.exe" C:\Program Files\Common Files\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\DESIGNER\backup.exe"C:\Program Files\Common Files\DESIGNER\backup.exe" C:\Program Files\Common Files\DESIGNER\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\backup.exe"C:\Program Files\Common Files\microsoft shared\backup.exe" C:\Program Files\Common Files\microsoft shared\6⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe"C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe" C:\Program Files\Common Files\microsoft shared\ClickToRun\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ar-SA\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\bg-BG\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\da-DK\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\de-DE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\el-GR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\en-GB\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\en-GB\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\en-US\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\es-ES\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\es-MX\System Restore.exe"C:\Program Files\Common Files\microsoft shared\ink\es-MX\System Restore.exe" C:\Program Files\Common Files\microsoft shared\ink\es-MX\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\et-EE\data.exe"C:\Program Files\Common Files\microsoft shared\ink\et-EE\data.exe" C:\Program Files\Common Files\microsoft shared\ink\et-EE\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fi-FI\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\fr-CA\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fr-CA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-CA\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-FR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\9⤵
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\9⤵
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\9⤵
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\9⤵
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\9⤵
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\9⤵
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\9⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\System Restore.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\System Restore.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\9⤵
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\9⤵
-
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\9⤵
-
C:\Program Files\Common Files\microsoft shared\ink\he-IL\System Restore.exe"C:\Program Files\Common Files\microsoft shared\ink\he-IL\System Restore.exe" C:\Program Files\Common Files\microsoft shared\ink\he-IL\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\hr-HR\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\microsoft shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\hu-HU\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\it-IT\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ja-JP\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ko-KR\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\8⤵
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\lt-LT\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\lv-LV\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\nb-NO\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\nb-NO\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\nl-NL\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\nl-NL\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\pl-PL\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\pl-PL\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\pt-BR\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\pt-BR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\pt-BR\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\microsoft shared\ink\pt-PT\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\pt-PT\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\pt-PT\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\ro-RO\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ro-RO\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ro-RO\8⤵
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\ru-RU\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\ru-RU\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ru-RU\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\sk-SK\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\sk-SK\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\sk-SK\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\sl-SI\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\sl-SI\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\sl-SI\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\sv-SE\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\sv-SE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\sv-SE\8⤵
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\ink\th-TH\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\th-TH\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\th-TH\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\microsoft shared\ink\tr-TR\update.exe"C:\Program Files\Common Files\microsoft shared\ink\tr-TR\update.exe" C:\Program Files\Common Files\microsoft shared\ink\tr-TR\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\uk-UA\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\uk-UA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\uk-UA\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\microsoft shared\ink\zh-CN\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\zh-CN\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\zh-CN\8⤵
-
C:\Program Files\Common Files\microsoft shared\ink\zh-TW\backup.exe"C:\Program Files\Common Files\microsoft shared\ink\zh-TW\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\zh-TW\8⤵
-
C:\Program Files\Common Files\microsoft shared\MSInfo\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\7⤵
-
C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\8⤵
-
C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\8⤵
-
C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\8⤵
-
C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\8⤵
-
C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\backup.exe"C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\8⤵
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\OFFICE16\backup.exe"C:\Program Files\Common Files\microsoft shared\OFFICE16\backup.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\7⤵
-
C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\backup.exe"C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\backup.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\8⤵
-
C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\data.exe"C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\data.exe" C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\7⤵
-
C:\Program Files\Common Files\microsoft shared\Source Engine\update.exe"C:\Program Files\Common Files\microsoft shared\Source Engine\update.exe" C:\Program Files\Common Files\microsoft shared\Source Engine\7⤵
-
C:\Program Files\Common Files\microsoft shared\Stationery\backup.exe"C:\Program Files\Common Files\microsoft shared\Stationery\backup.exe" C:\Program Files\Common Files\microsoft shared\Stationery\7⤵
-
C:\Program Files\Common Files\microsoft shared\TextConv\backup.exe"C:\Program Files\Common Files\microsoft shared\TextConv\backup.exe" C:\Program Files\Common Files\microsoft shared\TextConv\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\microsoft shared\TextConv\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\TextConv\en-US\8⤵
-
C:\Program Files\Common Files\microsoft shared\Triedit\backup.exe"C:\Program Files\Common Files\microsoft shared\Triedit\backup.exe" C:\Program Files\Common Files\microsoft shared\Triedit\7⤵
-
C:\Program Files\Common Files\microsoft shared\Triedit\en-US\backup.exe"C:\Program Files\Common Files\microsoft shared\Triedit\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\Triedit\en-US\8⤵
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\VC\backup.exe"C:\Program Files\Common Files\microsoft shared\VC\backup.exe" C:\Program Files\Common Files\microsoft shared\VC\7⤵
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\VGX\update.exe"C:\Program Files\Common Files\microsoft shared\VGX\update.exe" C:\Program Files\Common Files\microsoft shared\VGX\7⤵
-
C:\Program Files\Common Files\microsoft shared\VSTO\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\7⤵
-
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\10.0\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\10.0\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\backup.exe"C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
-
C:\Program Files\Common Files\System\System Restore.exe"C:\Program Files\Common Files\System\System Restore.exe" C:\Program Files\Common Files\System\6⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\7⤵
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
-
C:\Program Files\Common Files\System\msadc\backup.exe"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\7⤵
-
C:\Program Files\Common Files\System\msadc\de-DE\backup.exe"C:\Program Files\Common Files\System\msadc\de-DE\backup.exe" C:\Program Files\Common Files\System\msadc\de-DE\8⤵
-
C:\Program Files\Common Files\System\msadc\en-US\backup.exe"C:\Program Files\Common Files\System\msadc\en-US\backup.exe" C:\Program Files\Common Files\System\msadc\en-US\8⤵
-
C:\Program Files\Common Files\System\msadc\es-ES\backup.exe"C:\Program Files\Common Files\System\msadc\es-ES\backup.exe" C:\Program Files\Common Files\System\msadc\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe"C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe" C:\Program Files\Common Files\System\msadc\fr-FR\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Common Files\System\msadc\it-IT\backup.exe"C:\Program Files\Common Files\System\msadc\it-IT\backup.exe" C:\Program Files\Common Files\System\msadc\it-IT\8⤵
-
C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe"C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe" C:\Program Files\Common Files\System\msadc\ja-JP\8⤵
-
C:\Program Files\Common Files\System\Ole DB\backup.exe"C:\Program Files\Common Files\System\Ole DB\backup.exe" C:\Program Files\Common Files\System\Ole DB\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\System\Ole DB\de-DE\data.exe"C:\Program Files\Common Files\System\Ole DB\de-DE\data.exe" C:\Program Files\Common Files\System\Ole DB\de-DE\8⤵
-
C:\Program Files\Common Files\System\Ole DB\en-US\backup.exe"C:\Program Files\Common Files\System\Ole DB\en-US\backup.exe" C:\Program Files\Common Files\System\Ole DB\en-US\8⤵
-
C:\Program Files\Common Files\System\Ole DB\es-ES\backup.exe"C:\Program Files\Common Files\System\Ole DB\es-ES\backup.exe" C:\Program Files\Common Files\System\Ole DB\es-ES\8⤵
-
C:\Program Files\Common Files\System\Ole DB\fr-FR\backup.exe"C:\Program Files\Common Files\System\Ole DB\fr-FR\backup.exe" C:\Program Files\Common Files\System\Ole DB\fr-FR\8⤵
-
C:\Program Files\Common Files\System\Ole DB\it-IT\backup.exe"C:\Program Files\Common Files\System\Ole DB\it-IT\backup.exe" C:\Program Files\Common Files\System\Ole DB\it-IT\8⤵
-
C:\Program Files\Common Files\System\Ole DB\ja-JP\backup.exe"C:\Program Files\Common Files\System\Ole DB\ja-JP\backup.exe" C:\Program Files\Common Files\System\Ole DB\ja-JP\8⤵
-
C:\Program Files\Common Files\System\uk-UA\backup.exe"C:\Program Files\Common Files\System\uk-UA\backup.exe" C:\Program Files\Common Files\System\uk-UA\7⤵
-
C:\Program Files\dotnet\backup.exe"C:\Program Files\dotnet\backup.exe" C:\Program Files\dotnet\5⤵
-
C:\Program Files\dotnet\host\backup.exe"C:\Program Files\dotnet\host\backup.exe" C:\Program Files\dotnet\host\6⤵
- System policy modification
-
C:\Program Files\dotnet\host\fxr\backup.exe"C:\Program Files\dotnet\host\fxr\backup.exe" C:\Program Files\dotnet\host\fxr\7⤵
-
C:\Program Files\dotnet\host\fxr\6.0.27\backup.exe"C:\Program Files\dotnet\host\fxr\6.0.27\backup.exe" C:\Program Files\dotnet\host\fxr\6.0.27\8⤵
-
C:\Program Files\dotnet\host\fxr\7.0.16\backup.exe"C:\Program Files\dotnet\host\fxr\7.0.16\backup.exe" C:\Program Files\dotnet\host\fxr\7.0.16\8⤵
-
C:\Program Files\dotnet\host\fxr\8.0.2\backup.exe"C:\Program Files\dotnet\host\fxr\8.0.2\backup.exe" C:\Program Files\dotnet\host\fxr\8.0.2\8⤵
-
C:\Program Files\dotnet\shared\backup.exe"C:\Program Files\dotnet\shared\backup.exe" C:\Program Files\dotnet\shared\6⤵
-
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\backup.exe"C:\Program Files\dotnet\shared\Microsoft.NETCore.App\backup.exe" C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7⤵
-
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\backup.exe"C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\backup.exe" C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\8⤵
-
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\data.exe"C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\data.exe" C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\backup.exe"C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\backup.exe" C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\8⤵
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\backup.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7⤵
- Drops file in Program Files directory
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\backup.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\8⤵
- Drops file in Program Files directory
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\backup.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\9⤵
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\backup.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\9⤵
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\backup.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\backup.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\9⤵
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\backup.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\9⤵
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\backup.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\9⤵
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System Restore.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System Restore.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\9⤵
- Disables RegEdit via registry modification
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\backup.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\9⤵
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\backup.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\9⤵
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\backup.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\9⤵
- Disables RegEdit via registry modification
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\backup.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\9⤵
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\backup.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\9⤵
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\backup.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\9⤵
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\backup.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\8⤵
- Drops file in Program Files directory
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\backup.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\9⤵
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\backup.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\9⤵
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\backup.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\9⤵
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\data.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\data.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\9⤵
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\backup.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\9⤵
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\backup.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\9⤵
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\data.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\data.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\9⤵
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\backup.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\9⤵
- System policy modification
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\backup.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\9⤵
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\backup.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\9⤵
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\backup.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\9⤵
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\backup.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\9⤵
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\backup.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\9⤵
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\backup.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\8⤵
- Drops file in Program Files directory
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\backup.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\9⤵
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\data.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\data.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\9⤵
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\backup.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\9⤵
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System Restore.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System Restore.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\9⤵
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System Restore.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System Restore.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\9⤵
- Disables RegEdit via registry modification
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\backup.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\9⤵
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\backup.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\9⤵
- Disables RegEdit via registry modification
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\backup.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\9⤵
- Disables RegEdit via registry modification
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\backup.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\9⤵
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\update.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\update.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\backup.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\9⤵
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\backup.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\9⤵
-
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\backup.exe"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\9⤵
-
C:\Program Files\dotnet\swidtag\backup.exe"C:\Program Files\dotnet\swidtag\backup.exe" C:\Program Files\dotnet\swidtag\6⤵
-
C:\Program Files\Google\data.exe"C:\Program Files\Google\data.exe" C:\Program Files\Google\5⤵
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\7⤵
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\backup.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\backup.exe" C:\Program Files\Google\Chrome\Application\110.0.5481.104\8⤵
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\default_apps\update.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\default_apps\update.exe" C:\Program Files\Google\Chrome\Application\110.0.5481.104\default_apps\9⤵
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Extensions\backup.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Extensions\backup.exe" C:\Program Files\Google\Chrome\Application\110.0.5481.104\Extensions\9⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\backup.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\backup.exe" C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\9⤵
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\backup.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\backup.exe" C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\9⤵
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\MEIPreload\backup.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\MEIPreload\backup.exe" C:\Program Files\Google\Chrome\Application\110.0.5481.104\MEIPreload\9⤵
- System policy modification
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\backup.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\backup.exe" C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\9⤵
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\backup.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\backup.exe" C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\_platform_specific\backup.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\_platform_specific\backup.exe" C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\_platform_specific\10⤵
- System policy modification
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\_platform_specific\win_x64\System Restore.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\_platform_specific\win_x64\System Restore.exe" C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\_platform_specific\win_x64\11⤵
-
C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe"C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\8⤵
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
- Drops file in Program Files directory
-
C:\Program Files\Internet Explorer\de-DE\backup.exe"C:\Program Files\Internet Explorer\de-DE\backup.exe" C:\Program Files\Internet Explorer\de-DE\6⤵
-
C:\Program Files\Internet Explorer\en-US\backup.exe"C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\6⤵
-
C:\Program Files\Internet Explorer\es-ES\backup.exe"C:\Program Files\Internet Explorer\es-ES\backup.exe" C:\Program Files\Internet Explorer\es-ES\6⤵
-
C:\Program Files\Internet Explorer\fr-FR\backup.exe"C:\Program Files\Internet Explorer\fr-FR\backup.exe" C:\Program Files\Internet Explorer\fr-FR\6⤵
-
C:\Program Files\Internet Explorer\images\backup.exe"C:\Program Files\Internet Explorer\images\backup.exe" C:\Program Files\Internet Explorer\images\6⤵
-
C:\Program Files\Internet Explorer\it-IT\backup.exe"C:\Program Files\Internet Explorer\it-IT\backup.exe" C:\Program Files\Internet Explorer\it-IT\6⤵
-
C:\Program Files\Internet Explorer\ja-JP\backup.exe"C:\Program Files\Internet Explorer\ja-JP\backup.exe" C:\Program Files\Internet Explorer\ja-JP\6⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Internet Explorer\SIGNUP\backup.exe"C:\Program Files\Internet Explorer\SIGNUP\backup.exe" C:\Program Files\Internet Explorer\SIGNUP\6⤵
-
C:\Program Files\Internet Explorer\uk-UA\backup.exe"C:\Program Files\Internet Explorer\uk-UA\backup.exe" C:\Program Files\Internet Explorer\uk-UA\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
-
C:\Program Files\Java\jdk-1.8\backup.exe"C:\Program Files\Java\jdk-1.8\backup.exe" C:\Program Files\Java\jdk-1.8\6⤵
-
C:\Program Files\Java\jdk-1.8\bin\System Restore.exe"C:\Program Files\Java\jdk-1.8\bin\System Restore.exe" C:\Program Files\Java\jdk-1.8\bin\7⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\Java\jdk-1.8\include\backup.exe"C:\Program Files\Java\jdk-1.8\include\backup.exe" C:\Program Files\Java\jdk-1.8\include\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk-1.8\include\win32\data.exe"C:\Program Files\Java\jdk-1.8\include\win32\data.exe" C:\Program Files\Java\jdk-1.8\include\win32\8⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk-1.8\include\win32\bridge\backup.exe"C:\Program Files\Java\jdk-1.8\include\win32\bridge\backup.exe" C:\Program Files\Java\jdk-1.8\include\win32\bridge\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Java\jdk-1.8\jre\backup.exe"C:\Program Files\Java\jdk-1.8\jre\backup.exe" C:\Program Files\Java\jdk-1.8\jre\7⤵
-
C:\Program Files\Java\jdk-1.8\jre\bin\backup.exe"C:\Program Files\Java\jdk-1.8\jre\bin\backup.exe" C:\Program Files\Java\jdk-1.8\jre\bin\8⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\backup.exe"C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\backup.exe" C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\9⤵
-
C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\backup.exe"C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\backup.exe" C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\9⤵
-
C:\Program Files\Java\jdk-1.8\jre\bin\server\backup.exe"C:\Program Files\Java\jdk-1.8\jre\bin\server\backup.exe" C:\Program Files\Java\jdk-1.8\jre\bin\server\9⤵
- System policy modification
-
C:\Program Files\Java\jdk-1.8\jre\legal\backup.exe"C:\Program Files\Java\jdk-1.8\jre\legal\backup.exe" C:\Program Files\Java\jdk-1.8\jre\legal\8⤵
-
C:\Program Files\Java\jdk-1.8\jre\legal\javafx\backup.exe"C:\Program Files\Java\jdk-1.8\jre\legal\javafx\backup.exe" C:\Program Files\Java\jdk-1.8\jre\legal\javafx\9⤵
-
C:\Program Files\Java\jdk-1.8\jre\legal\jdk\backup.exe"C:\Program Files\Java\jdk-1.8\jre\legal\jdk\backup.exe" C:\Program Files\Java\jdk-1.8\jre\legal\jdk\9⤵
-
C:\Program Files\Java\jdk-1.8\jre\lib\backup.exe"C:\Program Files\Java\jdk-1.8\jre\lib\backup.exe" C:\Program Files\Java\jdk-1.8\jre\lib\8⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk-1.8\jre\lib\amd64\backup.exe"C:\Program Files\Java\jdk-1.8\jre\lib\amd64\backup.exe" C:\Program Files\Java\jdk-1.8\jre\lib\amd64\9⤵
-
C:\Program Files\Java\jdk-1.8\jre\lib\applet\backup.exe"C:\Program Files\Java\jdk-1.8\jre\lib\applet\backup.exe" C:\Program Files\Java\jdk-1.8\jre\lib\applet\9⤵
-
C:\Program Files\Java\jdk-1.8\jre\lib\cmm\backup.exe"C:\Program Files\Java\jdk-1.8\jre\lib\cmm\backup.exe" C:\Program Files\Java\jdk-1.8\jre\lib\cmm\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Java\jdk-1.8\jre\lib\deploy\backup.exe"C:\Program Files\Java\jdk-1.8\jre\lib\deploy\backup.exe" C:\Program Files\Java\jdk-1.8\jre\lib\deploy\9⤵
-
C:\Program Files\Java\jdk-1.8\jre\lib\ext\backup.exe"C:\Program Files\Java\jdk-1.8\jre\lib\ext\backup.exe" C:\Program Files\Java\jdk-1.8\jre\lib\ext\9⤵
-
C:\Program Files\Java\jdk-1.8\jre\lib\fonts\data.exe"C:\Program Files\Java\jdk-1.8\jre\lib\fonts\data.exe" C:\Program Files\Java\jdk-1.8\jre\lib\fonts\9⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Java\jdk-1.8\jre\lib\images\backup.exe"C:\Program Files\Java\jdk-1.8\jre\lib\images\backup.exe" C:\Program Files\Java\jdk-1.8\jre\lib\images\9⤵
-
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\backup.exe"C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\backup.exe" C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\10⤵
-
C:\Program Files\Java\jdk-1.8\jre\lib\jfr\backup.exe"C:\Program Files\Java\jdk-1.8\jre\lib\jfr\backup.exe" C:\Program Files\Java\jdk-1.8\jre\lib\jfr\9⤵
-
C:\Program Files\Java\jdk-1.8\jre\lib\management\backup.exe"C:\Program Files\Java\jdk-1.8\jre\lib\management\backup.exe" C:\Program Files\Java\jdk-1.8\jre\lib\management\9⤵
-
C:\Program Files\Java\jdk-1.8\jre\lib\security\backup.exe"C:\Program Files\Java\jdk-1.8\jre\lib\security\backup.exe" C:\Program Files\Java\jdk-1.8\jre\lib\security\9⤵
-
C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\backup.exe"C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\backup.exe" C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\10⤵
-
C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\backup.exe"C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\backup.exe" C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\11⤵
-
C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\backup.exe"C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\backup.exe" C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\11⤵
-
C:\Program Files\Java\jdk-1.8\legal\backup.exe"C:\Program Files\Java\jdk-1.8\legal\backup.exe" C:\Program Files\Java\jdk-1.8\legal\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk-1.8\legal\javafx\backup.exe"C:\Program Files\Java\jdk-1.8\legal\javafx\backup.exe" C:\Program Files\Java\jdk-1.8\legal\javafx\8⤵
-
C:\Program Files\Java\jdk-1.8\legal\jdk\backup.exe"C:\Program Files\Java\jdk-1.8\legal\jdk\backup.exe" C:\Program Files\Java\jdk-1.8\legal\jdk\8⤵
-
C:\Program Files\Java\jdk-1.8\lib\backup.exe"C:\Program Files\Java\jdk-1.8\lib\backup.exe" C:\Program Files\Java\jdk-1.8\lib\7⤵
-
C:\Program Files\Java\jre-1.8\backup.exe"C:\Program Files\Java\jre-1.8\backup.exe" C:\Program Files\Java\jre-1.8\6⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Java\jre-1.8\bin\backup.exe"C:\Program Files\Java\jre-1.8\bin\backup.exe" C:\Program Files\Java\jre-1.8\bin\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jre-1.8\bin\dtplugin\data.exe"C:\Program Files\Java\jre-1.8\bin\dtplugin\data.exe" C:\Program Files\Java\jre-1.8\bin\dtplugin\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Java\jre-1.8\bin\plugin2\backup.exe"C:\Program Files\Java\jre-1.8\bin\plugin2\backup.exe" C:\Program Files\Java\jre-1.8\bin\plugin2\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Java\jre-1.8\bin\server\backup.exe"C:\Program Files\Java\jre-1.8\bin\server\backup.exe" C:\Program Files\Java\jre-1.8\bin\server\8⤵
-
C:\Program Files\Java\jre-1.8\legal\backup.exe"C:\Program Files\Java\jre-1.8\legal\backup.exe" C:\Program Files\Java\jre-1.8\legal\7⤵
-
C:\Program Files\Java\jre-1.8\legal\javafx\backup.exe"C:\Program Files\Java\jre-1.8\legal\javafx\backup.exe" C:\Program Files\Java\jre-1.8\legal\javafx\8⤵
-
C:\Program Files\Java\jre-1.8\legal\jdk\backup.exe"C:\Program Files\Java\jre-1.8\legal\jdk\backup.exe" C:\Program Files\Java\jre-1.8\legal\jdk\8⤵
-
C:\Program Files\Java\jre-1.8\lib\System Restore.exe"C:\Program Files\Java\jre-1.8\lib\System Restore.exe" C:\Program Files\Java\jre-1.8\lib\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jre-1.8\lib\amd64\backup.exe"C:\Program Files\Java\jre-1.8\lib\amd64\backup.exe" C:\Program Files\Java\jre-1.8\lib\amd64\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Java\jre-1.8\lib\applet\backup.exe"C:\Program Files\Java\jre-1.8\lib\applet\backup.exe" C:\Program Files\Java\jre-1.8\lib\applet\8⤵
-
C:\Program Files\Java\jre-1.8\lib\cmm\backup.exe"C:\Program Files\Java\jre-1.8\lib\cmm\backup.exe" C:\Program Files\Java\jre-1.8\lib\cmm\8⤵
-
C:\Program Files\Java\jre-1.8\lib\deploy\backup.exe"C:\Program Files\Java\jre-1.8\lib\deploy\backup.exe" C:\Program Files\Java\jre-1.8\lib\deploy\8⤵
-
C:\Program Files\Java\jre-1.8\lib\ext\System Restore.exe"C:\Program Files\Java\jre-1.8\lib\ext\System Restore.exe" C:\Program Files\Java\jre-1.8\lib\ext\8⤵
-
C:\Program Files\Java\jre-1.8\lib\fonts\backup.exe"C:\Program Files\Java\jre-1.8\lib\fonts\backup.exe" C:\Program Files\Java\jre-1.8\lib\fonts\8⤵
-
C:\Program Files\Java\jre-1.8\lib\images\backup.exe"C:\Program Files\Java\jre-1.8\lib\images\backup.exe" C:\Program Files\Java\jre-1.8\lib\images\8⤵
-
C:\Program Files\Java\jre-1.8\lib\images\cursors\backup.exe"C:\Program Files\Java\jre-1.8\lib\images\cursors\backup.exe" C:\Program Files\Java\jre-1.8\lib\images\cursors\9⤵
-
C:\Program Files\Java\jre-1.8\lib\jfr\backup.exe"C:\Program Files\Java\jre-1.8\lib\jfr\backup.exe" C:\Program Files\Java\jre-1.8\lib\jfr\8⤵
-
C:\Program Files\Java\jre-1.8\lib\management\backup.exe"C:\Program Files\Java\jre-1.8\lib\management\backup.exe" C:\Program Files\Java\jre-1.8\lib\management\8⤵
-
C:\Program Files\Java\jre-1.8\lib\security\backup.exe"C:\Program Files\Java\jre-1.8\lib\security\backup.exe" C:\Program Files\Java\jre-1.8\lib\security\8⤵
-
C:\Program Files\Java\jre-1.8\lib\security\policy\update.exe"C:\Program Files\Java\jre-1.8\lib\security\policy\update.exe" C:\Program Files\Java\jre-1.8\lib\security\policy\9⤵
-
C:\Program Files\Java\jre-1.8\lib\security\policy\limited\backup.exe"C:\Program Files\Java\jre-1.8\lib\security\policy\limited\backup.exe" C:\Program Files\Java\jre-1.8\lib\security\policy\limited\10⤵
-
C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\backup.exe"C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\backup.exe" C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\10⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Java\jre8\backup.exe"C:\Program Files\Java\jre8\backup.exe" C:\Program Files\Java\jre8\6⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Java\jre8\lib\System Restore.exe"C:\Program Files\Java\jre8\lib\System Restore.exe" C:\Program Files\Java\jre8\lib\7⤵
-
C:\Program Files\Microsoft Office\backup.exe"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\5⤵
-
C:\Program Files\Microsoft Office\Office16\backup.exe"C:\Program Files\Microsoft Office\Office16\backup.exe" C:\Program Files\Microsoft Office\Office16\6⤵
-
C:\Program Files\Microsoft Office\PackageManifests\backup.exe"C:\Program Files\Microsoft Office\PackageManifests\backup.exe" C:\Program Files\Microsoft Office\PackageManifests\6⤵
-
C:\Program Files\Microsoft Office\root\backup.exe"C:\Program Files\Microsoft Office\root\backup.exe" C:\Program Files\Microsoft Office\root\6⤵
- Drops file in Program Files directory
-
C:\Program Files\Microsoft Office\root\Client\backup.exe"C:\Program Files\Microsoft Office\root\Client\backup.exe" C:\Program Files\Microsoft Office\root\Client\7⤵
-
C:\Program Files\Microsoft Office\root\Document Themes 16\backup.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\7⤵
- System policy modification
-
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\backup.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\8⤵
-
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\backup.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\8⤵
-
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\backup.exe"C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Microsoft Office\root\fre\backup.exe"C:\Program Files\Microsoft Office\root\fre\backup.exe" C:\Program Files\Microsoft Office\root\fre\7⤵
-
C:\Program Files\Microsoft Office\root\Integration\backup.exe"C:\Program Files\Microsoft Office\root\Integration\backup.exe" C:\Program Files\Microsoft Office\root\Integration\7⤵
-
C:\Program Files\Microsoft Office\root\Integration\Addons\backup.exe"C:\Program Files\Microsoft Office\root\Integration\Addons\backup.exe" C:\Program Files\Microsoft Office\root\Integration\Addons\8⤵
- System policy modification
-
C:\Program Files\Microsoft Office\root\Licenses\data.exe"C:\Program Files\Microsoft Office\root\Licenses\data.exe" C:\Program Files\Microsoft Office\root\Licenses\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Microsoft Office\root\Licenses16\backup.exe"C:\Program Files\Microsoft Office\root\Licenses16\backup.exe" C:\Program Files\Microsoft Office\root\Licenses16\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Microsoft Office\root\loc\backup.exe"C:\Program Files\Microsoft Office\root\loc\backup.exe" C:\Program Files\Microsoft Office\root\loc\7⤵
- System policy modification
-
C:\Program Files\Microsoft Office\root\Office15\backup.exe"C:\Program Files\Microsoft Office\root\Office15\backup.exe" C:\Program Files\Microsoft Office\root\Office15\7⤵
-
C:\Program Files\Microsoft Office\root\Office16\backup.exe"C:\Program Files\Microsoft Office\root\Office16\backup.exe" C:\Program Files\Microsoft Office\root\Office16\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Microsoft Office\root\Office16\1033\backup.exe"C:\Program Files\Microsoft Office\root\Office16\1033\backup.exe" C:\Program Files\Microsoft Office\root\Office16\1033\8⤵
-
C:\Program Files\Microsoft Office\root\Office16\1033\Bibliography\backup.exe"C:\Program Files\Microsoft Office\root\Office16\1033\Bibliography\backup.exe" C:\Program Files\Microsoft Office\root\Office16\1033\Bibliography\9⤵
- System policy modification
-
C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\backup.exe"C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\backup.exe" C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\backup.exe"C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\backup.exe" C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\1036\backup.exe"C:\Program Files\Microsoft Office\root\Office16\1036\backup.exe" C:\Program Files\Microsoft Office\root\Office16\1036\8⤵
-
C:\Program Files\Microsoft Office\root\Office16\3082\backup.exe"C:\Program Files\Microsoft Office\root\Office16\3082\backup.exe" C:\Program Files\Microsoft Office\root\Office16\3082\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files\Microsoft Office\root\Office16\ADDINS\update.exe"C:\Program Files\Microsoft Office\root\Office16\ADDINS\update.exe" C:\Program Files\Microsoft Office\root\Office16\ADDINS\8⤵
-
C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\backup.exe"C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\backup.exe" C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\backup.exe"C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\backup.exe" C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\backup.exe"C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\backup.exe" C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\10⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\backup.exe"C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\backup.exe" C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\backup.exe"C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\backup.exe" C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\backup.exe"C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\backup.exe" C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\backup.exe"C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\backup.exe" C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\10⤵
-
C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\en\backup.exe"C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\en\backup.exe" C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\en\10⤵
-
C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Resources\backup.exe"C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Resources\backup.exe" C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Resources\10⤵
-
C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Resources\1033\backup.exe"C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Resources\1033\backup.exe" C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Resources\1033\11⤵
-
C:\Program Files\Microsoft Office\root\Office16\AugLoop\update.exe"C:\Program Files\Microsoft Office\root\Office16\AugLoop\update.exe" C:\Program Files\Microsoft Office\root\Office16\AugLoop\8⤵
-
C:\Program Files\Microsoft Office\root\Office16\Bibliography\backup.exe"C:\Program Files\Microsoft Office\root\Office16\Bibliography\backup.exe" C:\Program Files\Microsoft Office\root\Office16\Bibliography\8⤵
-
C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\backup.exe"C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\backup.exe" C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\backup.exe"C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\backup.exe" C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\BORDERS\update.exe"C:\Program Files\Microsoft Office\root\Office16\BORDERS\update.exe" C:\Program Files\Microsoft Office\root\Office16\BORDERS\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Microsoft Office\root\Office16\Configuration\backup.exe"C:\Program Files\Microsoft Office\root\Office16\Configuration\backup.exe" C:\Program Files\Microsoft Office\root\Office16\Configuration\8⤵
-
C:\Program Files\Microsoft Office\root\Office16\Document Parts\System Restore.exe"C:\Program Files\Microsoft Office\root\Office16\Document Parts\System Restore.exe" C:\Program Files\Microsoft Office\root\Office16\Document Parts\8⤵
-
C:\Program Files\Microsoft Office\root\Office16\Document Parts\1033\backup.exe"C:\Program Files\Microsoft Office\root\Office16\Document Parts\1033\backup.exe" C:\Program Files\Microsoft Office\root\Office16\Document Parts\1033\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\Document Parts\1033\16\backup.exe"C:\Program Files\Microsoft Office\root\Office16\Document Parts\1033\16\backup.exe" C:\Program Files\Microsoft Office\root\Office16\Document Parts\1033\16\10⤵
-
C:\Program Files\Microsoft Office\root\Office16\FPA_f14\backup.exe"C:\Program Files\Microsoft Office\root\Office16\FPA_f14\backup.exe" C:\Program Files\Microsoft Office\root\Office16\FPA_f14\8⤵
-
C:\Program Files\Microsoft Office\root\Office16\FPA_f2\backup.exe"C:\Program Files\Microsoft Office\root\Office16\FPA_f2\backup.exe" C:\Program Files\Microsoft Office\root\Office16\FPA_f2\8⤵
-
C:\Program Files\Microsoft Office\root\Office16\FPA_f3\backup.exe"C:\Program Files\Microsoft Office\root\Office16\FPA_f3\backup.exe" C:\Program Files\Microsoft Office\root\Office16\FPA_f3\8⤵
-
C:\Program Files\Microsoft Office\root\Office16\FPA_f33\backup.exe"C:\Program Files\Microsoft Office\root\Office16\FPA_f33\backup.exe" C:\Program Files\Microsoft Office\root\Office16\FPA_f33\8⤵
-
C:\Program Files\Microsoft Office\root\Office16\FPA_f4\backup.exe"C:\Program Files\Microsoft Office\root\Office16\FPA_f4\backup.exe" C:\Program Files\Microsoft Office\root\Office16\FPA_f4\8⤵
-
C:\Program Files\Microsoft Office\root\Office16\FPA_f7\backup.exe"C:\Program Files\Microsoft Office\root\Office16\FPA_f7\backup.exe" C:\Program Files\Microsoft Office\root\Office16\FPA_f7\8⤵
-
C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000006\backup.exe"C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000006\backup.exe" C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000006\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000008\System Restore.exe"C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000008\System Restore.exe" C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000008\8⤵
-
C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000009\backup.exe"C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000009\backup.exe" C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000009\8⤵
-
C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000011\backup.exe"C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000011\backup.exe" C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000011\8⤵
-
C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000050\backup.exe"C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000050\backup.exe" C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000050\8⤵
-
C:\Program Files\Microsoft Office\root\Office16\FPA_w1\backup.exe"C:\Program Files\Microsoft Office\root\Office16\FPA_w1\backup.exe" C:\Program Files\Microsoft Office\root\Office16\FPA_w1\8⤵
-
C:\Program Files\Microsoft Office\root\Office16\Library\backup.exe"C:\Program Files\Microsoft Office\root\Office16\Library\backup.exe" C:\Program Files\Microsoft Office\root\Office16\Library\8⤵
-
C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\backup.exe"C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\backup.exe" C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\backup.exe"C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\backup.exe" C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\backup.exe"C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\backup.exe" C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\backup.exe"C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\backup.exe" C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\backup.exe"C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\backup.exe" C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\10⤵
-
C:\Program Files\Microsoft Office\root\Office16\LogoImages\backup.exe"C:\Program Files\Microsoft Office\root\Office16\LogoImages\backup.exe" C:\Program Files\Microsoft Office\root\Office16\LogoImages\8⤵
-
C:\Program Files\Microsoft Office\root\Office16\MEDIA\backup.exe"C:\Program Files\Microsoft Office\root\Office16\MEDIA\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MEDIA\8⤵
-
C:\Program Files\Microsoft Office\root\Office16\MSIPC\backup.exe"C:\Program Files\Microsoft Office\root\Office16\MSIPC\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\8⤵
- System policy modification
-
C:\Program Files\Microsoft Office\root\Office16\MSIPC\ar\data.exe"C:\Program Files\Microsoft Office\root\Office16\MSIPC\ar\data.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\ar\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Microsoft Office\root\Office16\MSIPC\bg\backup.exe"C:\Program Files\Microsoft Office\root\Office16\MSIPC\bg\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\bg\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\MSIPC\ca\System Restore.exe"C:\Program Files\Microsoft Office\root\Office16\MSIPC\ca\System Restore.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\ca\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\MSIPC\cs\backup.exe"C:\Program Files\Microsoft Office\root\Office16\MSIPC\cs\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\cs\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\MSIPC\da\backup.exe"C:\Program Files\Microsoft Office\root\Office16\MSIPC\da\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\da\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\MSIPC\de\backup.exe"C:\Program Files\Microsoft Office\root\Office16\MSIPC\de\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\de\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\MSIPC\el\backup.exe"C:\Program Files\Microsoft Office\root\Office16\MSIPC\el\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\el\9⤵
- System policy modification
-
C:\Program Files\Microsoft Office\root\Office16\MSIPC\en-us\backup.exe"C:\Program Files\Microsoft Office\root\Office16\MSIPC\en-us\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\en-us\9⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Microsoft Office\root\Office16\MSIPC\es\backup.exe"C:\Program Files\Microsoft Office\root\Office16\MSIPC\es\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\es\9⤵
- System policy modification
-
C:\Program Files\Microsoft Office\root\Office16\MSIPC\et\backup.exe"C:\Program Files\Microsoft Office\root\Office16\MSIPC\et\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\et\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\MSIPC\eu\backup.exe"C:\Program Files\Microsoft Office\root\Office16\MSIPC\eu\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\eu\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\MSIPC\fi\update.exe"C:\Program Files\Microsoft Office\root\Office16\MSIPC\fi\update.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\fi\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\MSIPC\fr\backup.exe"C:\Program Files\Microsoft Office\root\Office16\MSIPC\fr\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\fr\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\MSIPC\gl\backup.exe"C:\Program Files\Microsoft Office\root\Office16\MSIPC\gl\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\gl\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\MSIPC\he\update.exe"C:\Program Files\Microsoft Office\root\Office16\MSIPC\he\update.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\he\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\MSIPC\hi\backup.exe"C:\Program Files\Microsoft Office\root\Office16\MSIPC\hi\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\hi\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\MSIPC\hr\backup.exe"C:\Program Files\Microsoft Office\root\Office16\MSIPC\hr\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\hr\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\MSIPC\hu\backup.exe"C:\Program Files\Microsoft Office\root\Office16\MSIPC\hu\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\hu\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\MSIPC\id\backup.exe"C:\Program Files\Microsoft Office\root\Office16\MSIPC\id\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\id\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\MSIPC\it\backup.exe"C:\Program Files\Microsoft Office\root\Office16\MSIPC\it\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\it\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\MSIPC\ja\backup.exe"C:\Program Files\Microsoft Office\root\Office16\MSIPC\ja\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\ja\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\MSIPC\kk\backup.exe"C:\Program Files\Microsoft Office\root\Office16\MSIPC\kk\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\kk\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\MSIPC\ko\backup.exe"C:\Program Files\Microsoft Office\root\Office16\MSIPC\ko\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\ko\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\MSIPC\lt\System Restore.exe"C:\Program Files\Microsoft Office\root\Office16\MSIPC\lt\System Restore.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\lt\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\MSIPC\lv\update.exe"C:\Program Files\Microsoft Office\root\Office16\MSIPC\lv\update.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\lv\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\MSIPC\ms\backup.exe"C:\Program Files\Microsoft Office\root\Office16\MSIPC\ms\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\ms\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\MSIPC\nl\backup.exe"C:\Program Files\Microsoft Office\root\Office16\MSIPC\nl\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\nl\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\MSIPC\no\backup.exe"C:\Program Files\Microsoft Office\root\Office16\MSIPC\no\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\no\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\MSIPC\pl\System Restore.exe"C:\Program Files\Microsoft Office\root\Office16\MSIPC\pl\System Restore.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\pl\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt\backup.exe"C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt-BR\backup.exe"C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt-BR\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt-BR\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\MSIPC\ro\backup.exe"C:\Program Files\Microsoft Office\root\Office16\MSIPC\ro\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\ro\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\MSIPC\ru\backup.exe"C:\Program Files\Microsoft Office\root\Office16\MSIPC\ru\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\ru\9⤵
-
C:\Program Files\Microsoft Office\root\Office16\MSIPC\sk\backup.exe"C:\Program Files\Microsoft Office\root\Office16\MSIPC\sk\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\sk\9⤵
-
C:\Program Files\Microsoft Office\root\rsod\backup.exe"C:\Program Files\Microsoft Office\root\rsod\backup.exe" C:\Program Files\Microsoft Office\root\rsod\7⤵
-
C:\Program Files\Microsoft Office\root\Templates\backup.exe"C:\Program Files\Microsoft Office\root\Templates\backup.exe" C:\Program Files\Microsoft Office\root\Templates\7⤵
-
C:\Program Files\Microsoft Office\root\Templates\1033\backup.exe"C:\Program Files\Microsoft Office\root\Templates\1033\backup.exe" C:\Program Files\Microsoft Office\root\Templates\1033\8⤵
-
C:\Program Files\Microsoft Office\root\Templates\1033\GettingStarted16\backup.exe"C:\Program Files\Microsoft Office\root\Templates\1033\GettingStarted16\backup.exe" C:\Program Files\Microsoft Office\root\Templates\1033\GettingStarted16\9⤵
-
C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\backup.exe"C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\backup.exe" C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\9⤵
-
C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\backup.exe"C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\backup.exe" C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\10⤵
-
C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\backup.exe"C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\backup.exe" C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\11⤵
-
C:\Program Files\Microsoft Office\root\Templates\Presentation Designs\backup.exe"C:\Program Files\Microsoft Office\root\Templates\Presentation Designs\backup.exe" C:\Program Files\Microsoft Office\root\Templates\Presentation Designs\8⤵
-
C:\Program Files\Microsoft Office\root\vfs\backup.exe"C:\Program Files\Microsoft Office\root\vfs\backup.exe" C:\Program Files\Microsoft Office\root\vfs\7⤵
-
C:\Program Files\Microsoft Office\root\vfs\Common AppData\data.exe"C:\Program Files\Microsoft Office\root\vfs\Common AppData\data.exe" C:\Program Files\Microsoft Office\root\vfs\Common AppData\8⤵
-
C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\backup.exe"C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\backup.exe" C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\9⤵
-
C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\backup.exe"C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\backup.exe" C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\10⤵
-
C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\backup.exe"C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\backup.exe" C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\11⤵
-
C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\backup.exe"C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\backup.exe" C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\9⤵
-
C:\Program Files\Microsoft Office\root\vfs\Fonts\backup.exe"C:\Program Files\Microsoft Office\root\vfs\Fonts\backup.exe" C:\Program Files\Microsoft Office\root\vfs\Fonts\8⤵
-
C:\Program Files\Microsoft Office\root\vfs\Fonts\private\backup.exe"C:\Program Files\Microsoft Office\root\vfs\Fonts\private\backup.exe" C:\Program Files\Microsoft Office\root\vfs\Fonts\private\9⤵
-
C:\Program Files\Microsoft Office\Updates\backup.exe"C:\Program Files\Microsoft Office\Updates\backup.exe" C:\Program Files\Microsoft Office\Updates\6⤵
-
C:\Program Files\Microsoft Office\Updates\Apply\backup.exe"C:\Program Files\Microsoft Office\Updates\Apply\backup.exe" C:\Program Files\Microsoft Office\Updates\Apply\7⤵
-
C:\Program Files\Microsoft Office\Updates\Apply\FilesInUse\backup.exe"C:\Program Files\Microsoft Office\Updates\Apply\FilesInUse\backup.exe" C:\Program Files\Microsoft Office\Updates\Apply\FilesInUse\8⤵
-
C:\Program Files\Microsoft Office\Updates\Apply\FilesInUse\6839F048-046C-448E-A7D4-484986338EB4\backup.exe"C:\Program Files\Microsoft Office\Updates\Apply\FilesInUse\6839F048-046C-448E-A7D4-484986338EB4\backup.exe" C:\Program Files\Microsoft Office\Updates\Apply\FilesInUse\6839F048-046C-448E-A7D4-484986338EB4\9⤵
-
C:\Program Files\Microsoft Office\Updates\Download\backup.exe"C:\Program Files\Microsoft Office\Updates\Download\backup.exe" C:\Program Files\Microsoft Office\Updates\Download\7⤵
-
C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\backup.exe"C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\backup.exe" C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\8⤵
-
C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\6839F048-046C-448E-A7D4-484986338EB4\backup.exe"C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\6839F048-046C-448E-A7D4-484986338EB4\backup.exe" C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\6839F048-046C-448E-A7D4-484986338EB4\9⤵
-
C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\6839F048-046C-448E-A7D4-484986338EB4\root\backup.exe"C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\6839F048-046C-448E-A7D4-484986338EB4\root\backup.exe" C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\6839F048-046C-448E-A7D4-484986338EB4\root\10⤵
-
C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\6839F048-046C-448E-A7D4-484986338EB4\root\vfs\backup.exe"C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\6839F048-046C-448E-A7D4-484986338EB4\root\vfs\backup.exe" C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\6839F048-046C-448E-A7D4-484986338EB4\root\vfs\11⤵
-
C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\6839F048-046C-448E-A7D4-484986338EB4\root\vfs\Windows\backup.exe"C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\6839F048-046C-448E-A7D4-484986338EB4\root\vfs\Windows\backup.exe" C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\6839F048-046C-448E-A7D4-484986338EB4\root\vfs\Windows\12⤵
-
C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\6839F048-046C-448E-A7D4-484986338EB4\root\vfs\Windows\assembly\backup.exe"C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\6839F048-046C-448E-A7D4-484986338EB4\root\vfs\Windows\assembly\backup.exe" C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\6839F048-046C-448E-A7D4-484986338EB4\root\vfs\Windows\assembly\13⤵
-
C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\6839F048-046C-448E-A7D4-484986338EB4\root\vfs\Windows\assembly\GAC_MSIL\backup.exe"C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\6839F048-046C-448E-A7D4-484986338EB4\root\vfs\Windows\assembly\GAC_MSIL\backup.exe" C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\6839F048-046C-448E-A7D4-484986338EB4\root\vfs\Windows\assembly\GAC_MSIL\14⤵
-
C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\6839F048-046C-448E-A7D4-484986338EB4\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.SPClient.Interfaces\backup.exe"C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\6839F048-046C-448E-A7D4-484986338EB4\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.SPClient.Interfaces\backup.exe" C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\6839F048-046C-448E-A7D4-484986338EB4\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.SPClient.Interfaces\15⤵
-
C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\6839F048-046C-448E-A7D4-484986338EB4\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.SPClient.Interfaces\13.0.0.0__89845DCD8080CC91\backup.exe"C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\6839F048-046C-448E-A7D4-484986338EB4\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.SPClient.Interfaces\13.0.0.0__89845DCD8080CC91\backup.exe" C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\6839F048-046C-448E-A7D4-484986338EB4\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.SPClient.Interfaces\13.0.0.0__89845DCD8080CC91\16⤵
-
C:\Program Files\Microsoft Office 15\backup.exe"C:\Program Files\Microsoft Office 15\backup.exe" C:\Program Files\Microsoft Office 15\5⤵
-
C:\Program Files\Microsoft Office 15\ClientX64\backup.exe"C:\Program Files\Microsoft Office 15\ClientX64\backup.exe" C:\Program Files\Microsoft Office 15\ClientX64\6⤵
-
C:\Program Files\Mozilla Firefox\backup.exe"C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\5⤵
- Drops file in Program Files directory
-
C:\Program Files\Mozilla Firefox\browser\backup.exe"C:\Program Files\Mozilla Firefox\browser\backup.exe" C:\Program Files\Mozilla Firefox\browser\6⤵
-
C:\Program Files\Mozilla Firefox\browser\features\backup.exe"C:\Program Files\Mozilla Firefox\browser\features\backup.exe" C:\Program Files\Mozilla Firefox\browser\features\7⤵
-
C:\Program Files\Mozilla Firefox\browser\VisualElements\update.exe"C:\Program Files\Mozilla Firefox\browser\VisualElements\update.exe" C:\Program Files\Mozilla Firefox\browser\VisualElements\7⤵
-
C:\Program Files\Mozilla Firefox\defaults\backup.exe"C:\Program Files\Mozilla Firefox\defaults\backup.exe" C:\Program Files\Mozilla Firefox\defaults\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Mozilla Firefox\defaults\pref\backup.exe"C:\Program Files\Mozilla Firefox\defaults\pref\backup.exe" C:\Program Files\Mozilla Firefox\defaults\pref\7⤵
-
C:\Program Files\Mozilla Firefox\fonts\backup.exe"C:\Program Files\Mozilla Firefox\fonts\backup.exe" C:\Program Files\Mozilla Firefox\fonts\6⤵
-
C:\Program Files\Mozilla Firefox\gmp-clearkey\backup.exe"C:\Program Files\Mozilla Firefox\gmp-clearkey\backup.exe" C:\Program Files\Mozilla Firefox\gmp-clearkey\6⤵
-
C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\backup.exe"C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\backup.exe" C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\7⤵
-
C:\Program Files\Mozilla Firefox\uninstall\backup.exe"C:\Program Files\Mozilla Firefox\uninstall\backup.exe" C:\Program Files\Mozilla Firefox\uninstall\6⤵
-
C:\Program Files\MSBuild\backup.exe"C:\Program Files\MSBuild\backup.exe" C:\Program Files\MSBuild\5⤵
-
C:\Program Files\MSBuild\Microsoft\update.exe"C:\Program Files\MSBuild\Microsoft\update.exe" C:\Program Files\MSBuild\Microsoft\6⤵
-
C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\System Restore.exe"C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\System Restore.exe" C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\7⤵
-
C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\backup.exe"C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\backup.exe" C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\8⤵
-
C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\backup.exe"C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\backup.exe" C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\8⤵
-
C:\Program Files\MsEdgeCrashpad\backup.exe"C:\Program Files\MsEdgeCrashpad\backup.exe" C:\Program Files\MsEdgeCrashpad\5⤵
-
C:\Program Files\MsEdgeCrashpad\attachments\backup.exe"C:\Program Files\MsEdgeCrashpad\attachments\backup.exe" C:\Program Files\MsEdgeCrashpad\attachments\6⤵
-
C:\Program Files\MsEdgeCrashpad\reports\backup.exe"C:\Program Files\MsEdgeCrashpad\reports\backup.exe" C:\Program Files\MsEdgeCrashpad\reports\6⤵
-
C:\Program Files\Reference Assemblies\backup.exe"C:\Program Files\Reference Assemblies\backup.exe" C:\Program Files\Reference Assemblies\5⤵
-
C:\Program Files\Reference Assemblies\Microsoft\data.exe"C:\Program Files\Reference Assemblies\Microsoft\data.exe" C:\Program Files\Reference Assemblies\Microsoft\6⤵
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\7⤵
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\8⤵
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\9⤵
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\9⤵
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\9⤵
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\9⤵
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\9⤵
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\9⤵
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\8⤵
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\9⤵
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\9⤵
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\9⤵
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\System Restore.exe"C:\Program Files (x86)\Adobe\System Restore.exe" C:\Program Files (x86)\Adobe\5⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\6⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\7⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\7⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\8⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\9⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\8⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\10⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\10⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\11⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\10⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prc\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prc\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prc\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\UIThemes\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\UIThemes\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\UIThemes\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\8⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\10⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\11⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\12⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\dev\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\dev\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\dev\13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\dev\cef\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\dev\cef\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\dev\cef\14⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\dev\libs\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\dev\libs\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\dev\libs\14⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\12⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\dev\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\dev\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\dev\13⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\dev\cef\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\dev\cef\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\dev\cef\14⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\dev\libs\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\dev\libs\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\dev\libs\14⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\12⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\dev\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\dev\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\dev\13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\dev\cef\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\dev\cef\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\dev\cef\14⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\dev\libs\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\dev\libs\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\dev\libs\14⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\11⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\12⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\13⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\14⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\hi_contrast\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\hi_contrast\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\hi_contrast\12⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\12⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\data.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\12⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\14⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\12⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\themes\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\themes\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\themes\13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\themes\dark\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\themes\dark\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\themes\dark\14⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\11⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\12⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\13⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\14⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ar-ae\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ar-ae\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ar-ae\15⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ca-es\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ca-es\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ca-es\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\cs-cz\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\cs-cz\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\cs-cz\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\da-dk\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\da-dk\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\da-dk\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\de-de\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\de-de\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\de-de\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-ae\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-ae\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-ae\15⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-gb\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-gb\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-gb\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-il\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-il\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-il\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\es-es\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\es-es\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\es-es\15⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\eu-es\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\eu-es\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\eu-es\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fi-fi\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fi-fi\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fi-fi\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fr-fr\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fr-fr\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fr-fr\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fr-ma\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fr-ma\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fr-ma\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\he-il\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\he-il\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\he-il\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\hr-hr\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\hr-hr\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\hr-hr\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\hu-hu\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\hu-hu\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\hu-hu\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\it-it\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\it-it\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\it-it\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ja-jp\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ja-jp\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ja-jp\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ko-kr\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ko-kr\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ko-kr\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\nb-no\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\nb-no\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\nb-no\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\nl-nl\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\nl-nl\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\nl-nl\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\pl-pl\update.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\pl-pl\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\pl-pl\15⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\pt-br\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\pt-br\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\pt-br\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\root\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\root\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\root\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ro-ro\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ro-ro\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ro-ro\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ru-ru\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ru-ru\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ru-ru\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sk-sk\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sk-sk\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sk-sk\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sl-si\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sl-si\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sl-si\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sl-sl\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sl-sl\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sl-sl\15⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sv-se\update.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sv-se\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sv-se\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\tr-tr\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\tr-tr\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\tr-tr\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\uk-ua\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\uk-ua\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\uk-ua\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\zh-cn\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\zh-cn\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\zh-cn\15⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\zh-tw\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\zh-tw\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\zh-tw\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app-api\data.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app-api\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app-api\12⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app-api\dev\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app-api\dev\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app-api\dev\13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\12⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\13⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\14⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ar-ae\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ar-ae\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ar-ae\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ca-es\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ca-es\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ca-es\15⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\cs-cz\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\cs-cz\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\cs-cz\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\da-dk\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\da-dk\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\da-dk\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\de-de\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\de-de\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\de-de\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\en-ae\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\en-ae\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\en-ae\15⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\en-gb\System Restore.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\en-gb\System Restore.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\en-gb\15⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\en-il\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\en-il\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\en-il\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\es-es\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\es-es\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\es-es\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\eu-es\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\eu-es\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\eu-es\15⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fi-fi\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fi-fi\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fi-fi\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fr-fr\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fr-fr\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fr-fr\15⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fr-ma\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fr-ma\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fr-ma\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\he-il\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\he-il\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\he-il\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\hr-hr\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\hr-hr\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\hr-hr\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\hu-hu\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\hu-hu\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\hu-hu\15⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\it-it\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\it-it\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\it-it\15⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ja-jp\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ja-jp\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ja-jp\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ko-kr\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ko-kr\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ko-kr\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\nb-no\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\nb-no\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\nb-no\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\nl-nl\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\nl-nl\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\nl-nl\15⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\pl-pl\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\pl-pl\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\pl-pl\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\pt-br\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\pt-br\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\pt-br\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\root\data.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\root\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\root\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ro-ro\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ro-ro\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ro-ro\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ru-ru\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ru-ru\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ru-ru\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sk-sk\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sk-sk\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sk-sk\15⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sl-si\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sl-si\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sl-si\15⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sl-sl\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sl-sl\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sl-sl\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sv-se\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sv-se\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sv-se\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\tr-tr\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\tr-tr\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\tr-tr\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\uk-ua\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\uk-ua\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\uk-ua\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\zh-cn\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\zh-cn\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\zh-cn\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\zh-tw\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\zh-tw\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\zh-tw\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\12⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\System Restore.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\System Restore.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\14⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ar-ae\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ar-ae\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ar-ae\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ca-es\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ca-es\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ca-es\15⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\cs-cz\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\cs-cz\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\cs-cz\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\da-dk\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\da-dk\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\da-dk\15⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\de-de\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\de-de\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\de-de\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-ae\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-ae\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-ae\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-gb\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-gb\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-gb\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-il\data.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-il\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-il\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\es-es\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\es-es\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\es-es\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\eu-es\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\eu-es\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\eu-es\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\fi-fi\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\fi-fi\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\fi-fi\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\fr-fr\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\fr-fr\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\fr-fr\15⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\fr-ma\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\fr-ma\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\fr-ma\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\he-il\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\he-il\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\he-il\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\hr-hr\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\hr-hr\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\hr-hr\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\hu-hu\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\hu-hu\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\hu-hu\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\it-it\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\it-it\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\it-it\15⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ja-jp\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ja-jp\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ja-jp\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ko-kr\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ko-kr\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ko-kr\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\nb-no\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\nb-no\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\nb-no\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\nl-nl\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\nl-nl\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\nl-nl\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\pl-pl\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\pl-pl\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\pl-pl\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\pt-br\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\pt-br\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\pt-br\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\root\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\root\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\root\15⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ro-ro\System Restore.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ro-ro\System Restore.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ro-ro\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ru-ru\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ru-ru\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ru-ru\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sk-sk\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sk-sk\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sk-sk\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sl-si\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sl-si\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sl-si\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sl-sl\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sl-sl\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sl-sl\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sv-se\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sv-se\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sv-se\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\tr-tr\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\tr-tr\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\tr-tr\15⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\uk-ua\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\uk-ua\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\uk-ua\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\zh-cn\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\zh-cn\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\zh-cn\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\zh-tw\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\zh-tw\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\zh-tw\15⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\12⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\jquery.ui.touch-punch\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\jquery.ui.touch-punch\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\jquery.ui.touch-punch\13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\jquery.ui.touch-punch\0.2.2\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\jquery.ui.touch-punch\0.2.2\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\jquery.ui.touch-punch\0.2.2\14⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\require\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\require\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\require\13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\require\2.1.15\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\require\2.1.15\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\require\2.1.15\14⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\misc\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\misc\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\misc\12⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\12⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\css\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\css\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\css\14⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\images\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\images\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\images\14⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\14⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\15⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ar-ae\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ar-ae\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ar-ae\16⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ca-es\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ca-es\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ca-es\16⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\cs-cz\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\cs-cz\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\cs-cz\16⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\da-dk\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\da-dk\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\da-dk\16⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\de-de\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\de-de\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\de-de\16⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-ae\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-ae\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-ae\16⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-gb\data.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-gb\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-gb\16⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-il\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-il\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-il\16⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\es-es\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\es-es\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\es-es\16⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\eu-es\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\eu-es\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\eu-es\16⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fi-fi\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fi-fi\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fi-fi\16⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fr-fr\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fr-fr\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fr-fr\16⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fr-ma\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fr-ma\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fr-ma\16⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\he-il\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\he-il\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\he-il\16⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\hr-hr\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\hr-hr\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\hr-hr\16⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\hu-hu\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\hu-hu\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\hu-hu\16⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\it-it\update.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\it-it\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\it-it\16⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ja-jp\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ja-jp\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ja-jp\16⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ko-kr\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ko-kr\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ko-kr\16⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\nb-no\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\nb-no\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\nb-no\16⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\nl-nl\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\nl-nl\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\nl-nl\16⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\pl-pl\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\pl-pl\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\pl-pl\16⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\pt-br\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\pt-br\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\pt-br\16⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\root\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\root\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\root\16⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ro-ro\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ro-ro\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ro-ro\16⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ru-ru\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ru-ru\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ru-ru\16⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sk-sk\update.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sk-sk\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sk-sk\16⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-si\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-si\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-si\16⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-sl\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-sl\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-sl\16⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sv-se\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sv-se\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sv-se\16⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\tr-tr\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\tr-tr\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\tr-tr\16⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\uk-ua\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\uk-ua\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\uk-ua\16⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\zh-cn\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\zh-cn\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\zh-cn\16⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\zh-tw\System Restore.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\zh-tw\System Restore.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\zh-tw\16⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\css\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\css\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\css\14⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\14⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\15⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\update.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\data.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\8⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\9⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\10⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\10⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\11⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\data.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\11⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\11⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\data.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\backup.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\8⤵
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
-
C:\Program Files (x86)\Common Files\Adobe\ARM\backup.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\backup.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\7⤵
-
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\backup.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\8⤵
-
C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe"C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\7⤵
-
C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\8⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Common Files\Adobe\Reader\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\7⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\update.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\update.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\8⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\9⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\10⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\10⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\11⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\data.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\data.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\11⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\12⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\13⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\14⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_GB\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_GB\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_GB\14⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_US\14⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\13⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_CA\System Restore.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_CA\System Restore.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_CA\14⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\14⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_US\14⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\update.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\update.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\13⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_CA\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_CA\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_CA\14⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_GB\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_GB\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_GB\14⤵
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_US\14⤵
-
C:\Program Files (x86)\Common Files\Java\backup.exe"C:\Program Files (x86)\Common Files\Java\backup.exe" C:\Program Files (x86)\Common Files\Java\6⤵
-
C:\Program Files (x86)\Common Files\Java\Java Update\backup.exe"C:\Program Files (x86)\Common Files\Java\Java Update\backup.exe" C:\Program Files (x86)\Common Files\Java\Java Update\7⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\6⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\7⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\7⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\7⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\8⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\8⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\8⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\8⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\8⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\uk-UA\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\uk-UA\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\uk-UA\8⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\7⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\8⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\en-US\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\en-US\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\en-US\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\en-US\8⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\Triedit\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\Triedit\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\Triedit\7⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\Triedit\en-US\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\Triedit\en-US\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\Triedit\en-US\8⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\VC\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\VC\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\VC\7⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\7⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\7⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\8⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\9⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\8⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\9⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\9⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\9⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\9⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\7⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\data.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\data.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\8⤵
-
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\1033\backup.exe"C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\1033\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\1033\9⤵
-
C:\Program Files (x86)\Common Files\Oracle\update.exe"C:\Program Files (x86)\Common Files\Oracle\update.exe" C:\Program Files (x86)\Common Files\Oracle\6⤵
-
C:\Program Files (x86)\Common Files\Oracle\Java\backup.exe"C:\Program Files (x86)\Common Files\Oracle\Java\backup.exe" C:\Program Files (x86)\Common Files\Oracle\Java\7⤵
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\backup.exe"C:\Program Files (x86)\Common Files\Oracle\Java\javapath\backup.exe" C:\Program Files (x86)\Common Files\Oracle\Java\javapath\8⤵
-
C:\Program Files (x86)\Common Files\Services\backup.exe"C:\Program Files (x86)\Common Files\Services\backup.exe" C:\Program Files (x86)\Common Files\Services\6⤵
-
C:\Program Files (x86)\Common Files\System\backup.exe"C:\Program Files (x86)\Common Files\System\backup.exe" C:\Program Files (x86)\Common Files\System\6⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\System\ado\backup.exe"C:\Program Files (x86)\Common Files\System\ado\backup.exe" C:\Program Files (x86)\Common Files\System\ado\7⤵
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\System\ado\de-DE\backup.exe"C:\Program Files (x86)\Common Files\System\ado\de-DE\backup.exe" C:\Program Files (x86)\Common Files\System\ado\de-DE\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\System\ado\en-US\backup.exe"C:\Program Files (x86)\Common Files\System\ado\en-US\backup.exe" C:\Program Files (x86)\Common Files\System\ado\en-US\8⤵
-
C:\Program Files (x86)\Common Files\System\ado\es-ES\backup.exe"C:\Program Files (x86)\Common Files\System\ado\es-ES\backup.exe" C:\Program Files (x86)\Common Files\System\ado\es-ES\8⤵
-
C:\Program Files (x86)\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files (x86)\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\System\ado\fr-FR\8⤵
-
C:\Program Files (x86)\Common Files\System\ado\it-IT\backup.exe"C:\Program Files (x86)\Common Files\System\ado\it-IT\backup.exe" C:\Program Files (x86)\Common Files\System\ado\it-IT\8⤵
-
C:\Program Files (x86)\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files (x86)\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\System\ado\ja-JP\8⤵
-
C:\Program Files (x86)\Common Files\System\de-DE\update.exe"C:\Program Files (x86)\Common Files\System\de-DE\update.exe" C:\Program Files (x86)\Common Files\System\de-DE\7⤵
-
C:\Program Files (x86)\Common Files\System\en-US\backup.exe"C:\Program Files (x86)\Common Files\System\en-US\backup.exe" C:\Program Files (x86)\Common Files\System\en-US\7⤵
-
C:\Program Files (x86)\Common Files\System\es-ES\backup.exe"C:\Program Files (x86)\Common Files\System\es-ES\backup.exe" C:\Program Files (x86)\Common Files\System\es-ES\7⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Program Files (x86)\Common Files\System\fr-FR\backup.exe"C:\Program Files (x86)\Common Files\System\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\System\fr-FR\7⤵
-
C:\Program Files (x86)\Common Files\System\it-IT\update.exe"C:\Program Files (x86)\Common Files\System\it-IT\update.exe" C:\Program Files (x86)\Common Files\System\it-IT\7⤵
-
C:\Program Files (x86)\Common Files\System\ja-JP\backup.exe"C:\Program Files (x86)\Common Files\System\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\System\ja-JP\7⤵
-
C:\Program Files (x86)\Common Files\System\msadc\backup.exe"C:\Program Files (x86)\Common Files\System\msadc\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\7⤵
-
C:\Program Files (x86)\Common Files\System\msadc\de-DE\backup.exe"C:\Program Files (x86)\Common Files\System\msadc\de-DE\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\de-DE\8⤵
-
C:\Program Files (x86)\Common Files\System\msadc\en-US\backup.exe"C:\Program Files (x86)\Common Files\System\msadc\en-US\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\en-US\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Common Files\System\msadc\es-ES\backup.exe"C:\Program Files (x86)\Common Files\System\msadc\es-ES\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\es-ES\8⤵
-
C:\Program Files (x86)\Common Files\System\msadc\fr-FR\backup.exe"C:\Program Files (x86)\Common Files\System\msadc\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\fr-FR\8⤵
-
C:\Program Files (x86)\Common Files\System\msadc\it-IT\backup.exe"C:\Program Files (x86)\Common Files\System\msadc\it-IT\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files (x86)\Common Files\System\msadc\ja-JP\backup.exe"C:\Program Files (x86)\Common Files\System\msadc\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Common Files\System\Ole DB\backup.exe"C:\Program Files (x86)\Common Files\System\Ole DB\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\7⤵
-
C:\Program Files (x86)\Common Files\System\Ole DB\de-DE\backup.exe"C:\Program Files (x86)\Common Files\System\Ole DB\de-DE\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\de-DE\8⤵
-
C:\Program Files (x86)\Common Files\System\Ole DB\en-US\data.exe"C:\Program Files (x86)\Common Files\System\Ole DB\en-US\data.exe" C:\Program Files (x86)\Common Files\System\Ole DB\en-US\8⤵
-
C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\backup.exe"C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\8⤵
-
C:\Program Files (x86)\Common Files\System\Ole DB\fr-FR\data.exe"C:\Program Files (x86)\Common Files\System\Ole DB\fr-FR\data.exe" C:\Program Files (x86)\Common Files\System\Ole DB\fr-FR\8⤵
-
C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\backup.exe"C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\8⤵
-
C:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\backup.exe"C:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Common Files\System\uk-UA\backup.exe"C:\Program Files (x86)\Common Files\System\uk-UA\backup.exe" C:\Program Files (x86)\Common Files\System\uk-UA\7⤵
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
-
C:\Program Files (x86)\Google\CrashReports\backup.exe"C:\Program Files (x86)\Google\CrashReports\backup.exe" C:\Program Files (x86)\Google\CrashReports\6⤵
-
C:\Program Files (x86)\Google\Temp\backup.exe"C:\Program Files (x86)\Google\Temp\backup.exe" C:\Program Files (x86)\Google\Temp\6⤵
-
C:\Program Files (x86)\Google\Update\backup.exe"C:\Program Files (x86)\Google\Update\backup.exe" C:\Program Files (x86)\Google\Update\6⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Google\Update\1.3.36.151\backup.exe"C:\Program Files (x86)\Google\Update\1.3.36.151\backup.exe" C:\Program Files (x86)\Google\Update\1.3.36.151\7⤵
-
C:\Program Files (x86)\Google\Update\Download\backup.exe"C:\Program Files (x86)\Google\Update\Download\backup.exe" C:\Program Files (x86)\Google\Update\Download\7⤵
-
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\data.exe"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\data.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\8⤵
-
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\110.0.5481.104\backup.exe"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\110.0.5481.104\backup.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\110.0.5481.104\9⤵
-
C:\Program Files (x86)\Google\Update\Install\backup.exe"C:\Program Files (x86)\Google\Update\Install\backup.exe" C:\Program Files (x86)\Google\Update\Install\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
C:\Program Files (x86)\Google\Update\Install\{125326D0-F6C3-409C-BC6D-35A6D8D3AF5D}\data.exe"C:\Program Files (x86)\Google\Update\Install\{125326D0-F6C3-409C-BC6D-35A6D8D3AF5D}\data.exe" C:\Program Files (x86)\Google\Update\Install\{125326D0-F6C3-409C-BC6D-35A6D8D3AF5D}\8⤵
-
C:\Program Files (x86)\Google\Update\Offline\backup.exe"C:\Program Files (x86)\Google\Update\Offline\backup.exe" C:\Program Files (x86)\Google\Update\Offline\7⤵
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe"C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe" C:\Program Files (x86)\Internet Explorer\de-DE\6⤵
-
C:\Program Files (x86)\Internet Explorer\en-US\backup.exe"C:\Program Files (x86)\Internet Explorer\en-US\backup.exe" C:\Program Files (x86)\Internet Explorer\en-US\6⤵
-
C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe"C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe" C:\Program Files (x86)\Internet Explorer\es-ES\6⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Internet Explorer\fr-FR\backup.exe"C:\Program Files (x86)\Internet Explorer\fr-FR\backup.exe" C:\Program Files (x86)\Internet Explorer\fr-FR\6⤵
-
C:\Program Files (x86)\Internet Explorer\images\backup.exe"C:\Program Files (x86)\Internet Explorer\images\backup.exe" C:\Program Files (x86)\Internet Explorer\images\6⤵
-
C:\Program Files (x86)\Internet Explorer\it-IT\backup.exe"C:\Program Files (x86)\Internet Explorer\it-IT\backup.exe" C:\Program Files (x86)\Internet Explorer\it-IT\6⤵
-
C:\Program Files (x86)\Internet Explorer\ja-JP\data.exe"C:\Program Files (x86)\Internet Explorer\ja-JP\data.exe" C:\Program Files (x86)\Internet Explorer\ja-JP\6⤵
-
C:\Program Files (x86)\Internet Explorer\SIGNUP\backup.exe"C:\Program Files (x86)\Internet Explorer\SIGNUP\backup.exe" C:\Program Files (x86)\Internet Explorer\SIGNUP\6⤵
- System policy modification
-
C:\Program Files (x86)\Internet Explorer\uk-UA\backup.exe"C:\Program Files (x86)\Internet Explorer\uk-UA\backup.exe" C:\Program Files (x86)\Internet Explorer\uk-UA\6⤵
-
C:\Program Files (x86)\Microsoft\data.exe"C:\Program Files (x86)\Microsoft\data.exe" C:\Program Files (x86)\Microsoft\5⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\backup.exe"C:\Program Files (x86)\Microsoft\Edge\backup.exe" C:\Program Files (x86)\Microsoft\Edge\6⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\7⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\8⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\BHO\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\BHO\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\BHO\9⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\copilot_provider_msix\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\copilot_provider_msix\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\copilot_provider_msix\9⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\EBWebView\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\EBWebView\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\EBWebView\9⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\EBWebView\x64\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\EBWebView\x64\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\EBWebView\x64\10⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\EBWebView\x86\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\EBWebView\x86\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\EBWebView\x86\10⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\edge_feedback\update.exe"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\edge_feedback\update.exe" C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\edge_feedback\9⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\Extensions\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\Extensions\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\Extensions\9⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_proxy\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_proxy\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_proxy\9⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_proxy\win10\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_proxy\win10\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_proxy\win10\10⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_proxy\win11\System Restore.exe"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_proxy\win11\System Restore.exe" C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_proxy\win11\10⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\Installer\data.exe"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\Installer\data.exe" C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\Installer\9⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\Locales\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\Locales\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\Locales\9⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\MEIPreload\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\MEIPreload\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\MEIPreload\9⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\Notifications\data.exe"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\Notifications\data.exe" C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\Notifications\9⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\PdfPreview\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\PdfPreview\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\PdfPreview\9⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\ResiliencyLinks\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\ResiliencyLinks\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\ResiliencyLinks\9⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\ResiliencyLinks\copilot_provider_msix\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\ResiliencyLinks\copilot_provider_msix\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\ResiliencyLinks\copilot_provider_msix\10⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\ResiliencyLinks\edge_feedback\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\ResiliencyLinks\edge_feedback\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\ResiliencyLinks\edge_feedback\10⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\ResiliencyLinks\Extensions\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\ResiliencyLinks\Extensions\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\ResiliencyLinks\Extensions\10⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\ResiliencyLinks\identity_proxy\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\ResiliencyLinks\identity_proxy\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\ResiliencyLinks\identity_proxy\10⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\ResiliencyLinks\identity_proxy\win10\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\ResiliencyLinks\identity_proxy\win10\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\ResiliencyLinks\identity_proxy\win10\11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\ResiliencyLinks\identity_proxy\win11\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\ResiliencyLinks\identity_proxy\win11\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\ResiliencyLinks\identity_proxy\win11\11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\ResiliencyLinks\Locales\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\ResiliencyLinks\Locales\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\ResiliencyLinks\Locales\10⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\ResiliencyLinks\MEIPreload\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\ResiliencyLinks\MEIPreload\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\ResiliencyLinks\MEIPreload\10⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\ResiliencyLinks\Notifications\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\ResiliencyLinks\Notifications\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\ResiliencyLinks\Notifications\10⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\ResiliencyLinks\Trust Protection Lists\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\ResiliencyLinks\Trust Protection Lists\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\ResiliencyLinks\Trust Protection Lists\10⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\ResiliencyLinks\Trust Protection Lists\Mu\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\ResiliencyLinks\Trust Protection Lists\Mu\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\ResiliencyLinks\Trust Protection Lists\Mu\11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\ResiliencyLinks\Trust Protection Lists\Sigma\backup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\ResiliencyLinks\Trust Protection Lists\Sigma\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\ResiliencyLinks\Trust Protection Lists\Sigma\11⤵
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
-
C:\Users\Admin\3D Objects\backup.exe"C:\Users\Admin\3D Objects\backup.exe" C:\Users\Admin\3D Objects\6⤵
- Disables RegEdit via registry modification
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\6⤵
- System policy modification
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
- System policy modification
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\6⤵
-
C:\Users\Admin\Documents\OneNote Notebooks\backup.exe"C:\Users\Admin\Documents\OneNote Notebooks\backup.exe" C:\Users\Admin\Documents\OneNote Notebooks\7⤵
- Disables RegEdit via registry modification
-
C:\Users\Admin\Documents\OneNote Notebooks\My Notebook\backup.exe"C:\Users\Admin\Documents\OneNote Notebooks\My Notebook\backup.exe" C:\Users\Admin\Documents\OneNote Notebooks\My Notebook\8⤵
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
-
C:\Users\Admin\Favorites\backup.exeC:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\6⤵
-
C:\Users\Admin\Links\backup.exeC:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\6⤵
-
C:\Users\Admin\Music\backup.exeC:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\6⤵
- Disables RegEdit via registry modification
-
C:\Users\Admin\OneDrive\backup.exeC:\Users\Admin\OneDrive\backup.exe C:\Users\Admin\OneDrive\6⤵
-
C:\Users\Admin\Pictures\backup.exeC:\Users\Admin\Pictures\backup.exe C:\Users\Admin\Pictures\6⤵
-
C:\Users\Admin\Pictures\Camera Roll\backup.exe"C:\Users\Admin\Pictures\Camera Roll\backup.exe" C:\Users\Admin\Pictures\Camera Roll\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Admin\Pictures\Saved Pictures\backup.exe"C:\Users\Admin\Pictures\Saved Pictures\backup.exe" C:\Users\Admin\Pictures\Saved Pictures\7⤵
-
C:\Users\Admin\Saved Games\update.exe"C:\Users\Admin\Saved Games\update.exe" C:\Users\Admin\Saved Games\6⤵
-
C:\Users\Admin\Searches\backup.exeC:\Users\Admin\Searches\backup.exe C:\Users\Admin\Searches\6⤵
-
C:\Users\Admin\Videos\backup.exeC:\Users\Admin\Videos\backup.exe C:\Users\Admin\Videos\6⤵
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Public\Documents\backup.exeC:\Users\Public\Documents\backup.exe C:\Users\Public\Documents\6⤵
-
C:\Users\Public\Downloads\backup.exeC:\Users\Public\Downloads\backup.exe C:\Users\Public\Downloads\6⤵
-
C:\Users\Public\Music\backup.exeC:\Users\Public\Music\backup.exe C:\Users\Public\Music\6⤵
-
C:\Users\Public\Pictures\backup.exeC:\Users\Public\Pictures\backup.exe C:\Users\Public\Pictures\6⤵
-
C:\Users\Public\Videos\backup.exeC:\Users\Public\Videos\backup.exe C:\Users\Public\Videos\6⤵
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
- Drops file in Windows directory
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
-
C:\Windows\appcompat\backup.exeC:\Windows\appcompat\backup.exe C:\Windows\appcompat\5⤵
- Drops file in Windows directory
-
C:\Windows\appcompat\appraiser\data.exeC:\Windows\appcompat\appraiser\data.exe C:\Windows\appcompat\appraiser\6⤵
- Drops file in Windows directory
- System policy modification
-
C:\Windows\appcompat\appraiser\Telemetry\backup.exeC:\Windows\appcompat\appraiser\Telemetry\backup.exe C:\Windows\appcompat\appraiser\Telemetry\7⤵
-
C:\Windows\appcompat\encapsulation\backup.exeC:\Windows\appcompat\encapsulation\backup.exe C:\Windows\appcompat\encapsulation\6⤵
-
C:\Windows\appcompat\Programs\backup.exeC:\Windows\appcompat\Programs\backup.exe C:\Windows\appcompat\Programs\6⤵
-
C:\Windows\apppatch\backup.exeC:\Windows\apppatch\backup.exe C:\Windows\apppatch\5⤵
- Drops file in Windows directory
- System policy modification
-
C:\Windows\apppatch\AppPatch64\backup.exeC:\Windows\apppatch\AppPatch64\backup.exe C:\Windows\apppatch\AppPatch64\6⤵
- System policy modification
-
C:\Windows\apppatch\Custom\update.exeC:\Windows\apppatch\Custom\update.exe C:\Windows\apppatch\Custom\6⤵
-
C:\Windows\apppatch\Custom\Custom64\System Restore.exe"C:\Windows\apppatch\Custom\Custom64\System Restore.exe" C:\Windows\apppatch\Custom\Custom64\7⤵
-
C:\Windows\apppatch\CustomSDB\backup.exeC:\Windows\apppatch\CustomSDB\backup.exe C:\Windows\apppatch\CustomSDB\6⤵
-
C:\Windows\apppatch\de-DE\backup.exeC:\Windows\apppatch\de-DE\backup.exe C:\Windows\apppatch\de-DE\6⤵
-
C:\Windows\apppatch\en-US\System Restore.exe"C:\Windows\apppatch\en-US\System Restore.exe" C:\Windows\apppatch\en-US\6⤵
-
C:\Windows\apppatch\es-ES\backup.exeC:\Windows\apppatch\es-ES\backup.exe C:\Windows\apppatch\es-ES\6⤵
-
C:\Windows\apppatch\fr-FR\backup.exeC:\Windows\apppatch\fr-FR\backup.exe C:\Windows\apppatch\fr-FR\6⤵
-
C:\Windows\apppatch\it-IT\backup.exeC:\Windows\apppatch\it-IT\backup.exe C:\Windows\apppatch\it-IT\6⤵
-
C:\Windows\apppatch\ja-JP\backup.exeC:\Windows\apppatch\ja-JP\backup.exe C:\Windows\apppatch\ja-JP\6⤵
-
C:\Windows\AppReadiness\backup.exeC:\Windows\AppReadiness\backup.exe C:\Windows\AppReadiness\5⤵
-
C:\Windows\assembly\backup.exeC:\Windows\assembly\backup.exe C:\Windows\assembly\5⤵
- Disables RegEdit via registry modification
- Drops file in Windows directory
-
C:\Windows\assembly\GAC\backup.exeC:\Windows\assembly\GAC\backup.exe C:\Windows\assembly\GAC\6⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC\ADODB\backup.exeC:\Windows\assembly\GAC\ADODB\backup.exe C:\Windows\assembly\GAC\ADODB\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\assembly\GAC\Extensibility\backup.exeC:\Windows\assembly\GAC\Extensibility\backup.exe C:\Windows\assembly\GAC\Extensibility\7⤵
- Drops file in Windows directory
- System policy modification
-
C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\8⤵
-
C:\Windows\assembly\GAC\Microsoft.mshtml\data.exeC:\Windows\assembly\GAC\Microsoft.mshtml\data.exe C:\Windows\assembly\GAC\Microsoft.mshtml\7⤵
- Drops file in Windows directory
- System policy modification
-
C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\System Restore.exe"C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\System Restore.exe" C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\8⤵
-
C:\Windows\assembly\GAC\Microsoft.StdFormat\backup.exeC:\Windows\assembly\GAC\Microsoft.StdFormat\backup.exe C:\Windows\assembly\GAC\Microsoft.StdFormat\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\8⤵
-
C:\Windows\assembly\GAC\mscomctl\backup.exeC:\Windows\assembly\GAC\mscomctl\backup.exe C:\Windows\assembly\GAC\mscomctl\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\8⤵
-
C:\Windows\assembly\GAC\MSDATASRC\backup.exeC:\Windows\assembly\GAC\MSDATASRC\backup.exe C:\Windows\assembly\GAC\MSDATASRC\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\8⤵
-
C:\Windows\assembly\GAC\stdole\backup.exeC:\Windows\assembly\GAC\stdole\backup.exe C:\Windows\assembly\GAC\stdole\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\8⤵
-
C:\Windows\assembly\GAC_32\backup.exeC:\Windows\assembly\GAC_32\backup.exe C:\Windows\assembly\GAC_32\6⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_32\CustomMarshalers\backup.exeC:\Windows\assembly\GAC_32\CustomMarshalers\backup.exe C:\Windows\assembly\GAC_32\CustomMarshalers\7⤵
-
C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\assembly\GAC_32\ISymWrapper\backup.exeC:\Windows\assembly\GAC_32\ISymWrapper\backup.exe C:\Windows\assembly\GAC_32\ISymWrapper\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\8⤵
-
C:\Windows\assembly\GAC_32\Microsoft.Ink\backup.exeC:\Windows\assembly\GAC_32\Microsoft.Ink\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Ink\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\8⤵
- System policy modification
-
C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\backup.exeC:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\7⤵
-
C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\System Restore.exe"C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\System Restore.exe" C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\8⤵
-
C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\backup.exeC:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\assembly\GAC_32\MSBuild\backup.exeC:\Windows\assembly\GAC_32\MSBuild\backup.exe C:\Windows\assembly\GAC_32\MSBuild\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\8⤵
-
C:\Windows\assembly\GAC_32\mscorlib\backup.exeC:\Windows\assembly\GAC_32\mscorlib\backup.exe C:\Windows\assembly\GAC_32\mscorlib\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\backup.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\backup.exe C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\8⤵
-
C:\Windows\assembly\GAC_32\PresentationCore\backup.exeC:\Windows\assembly\GAC_32\PresentationCore\backup.exe C:\Windows\assembly\GAC_32\PresentationCore\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\8⤵
- Disables RegEdit via registry modification
-
C:\Windows\assembly\GAC_32\srmlib\backup.exeC:\Windows\assembly\GAC_32\srmlib\backup.exe C:\Windows\assembly\GAC_32\srmlib\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_32\srmlib\1.0.0.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_32\srmlib\1.0.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\srmlib\1.0.0.0__31bf3856ad364e35\8⤵
-
C:\Windows\assembly\GAC_32\System.Data\backup.exeC:\Windows\assembly\GAC_32\System.Data\backup.exe C:\Windows\assembly\GAC_32\System.Data\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\backup.exeC:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\backup.exe C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\8⤵
-
C:\Windows\assembly\GAC_32\System.Data.OracleClient\backup.exeC:\Windows\assembly\GAC_32\System.Data.OracleClient\backup.exe C:\Windows\assembly\GAC_32\System.Data.OracleClient\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\backup.exeC:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\backup.exe C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\8⤵
-
C:\Windows\assembly\GAC_32\System.EnterpriseServices\backup.exeC:\Windows\assembly\GAC_32\System.EnterpriseServices\backup.exe C:\Windows\assembly\GAC_32\System.EnterpriseServices\7⤵
-
C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System Restore.exe"C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System Restore.exe" C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\8⤵
-
C:\Windows\assembly\GAC_32\System.Printing\backup.exeC:\Windows\assembly\GAC_32\System.Printing\backup.exe C:\Windows\assembly\GAC_32\System.Printing\7⤵
-
C:\Windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\8⤵
-
C:\Windows\assembly\GAC_32\System.Transactions\backup.exeC:\Windows\assembly\GAC_32\System.Transactions\backup.exe C:\Windows\assembly\GAC_32\System.Transactions\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\backup.exeC:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\backup.exe C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\8⤵
-
C:\Windows\assembly\GAC_32\System.Web\backup.exeC:\Windows\assembly\GAC_32\System.Web\backup.exe C:\Windows\assembly\GAC_32\System.Web\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\8⤵
-
C:\Windows\assembly\GAC_64\backup.exeC:\Windows\assembly\GAC_64\backup.exe C:\Windows\assembly\GAC_64\6⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_64\CustomMarshalers\backup.exeC:\Windows\assembly\GAC_64\CustomMarshalers\backup.exe C:\Windows\assembly\GAC_64\CustomMarshalers\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_64\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC_64\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_64\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\8⤵
-
C:\Windows\assembly\GAC_64\ISymWrapper\backup.exeC:\Windows\assembly\GAC_64\ISymWrapper\backup.exe C:\Windows\assembly\GAC_64\ISymWrapper\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_64\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\update.exeC:\Windows\assembly\GAC_64\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\update.exe C:\Windows\assembly\GAC_64\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\8⤵
- System policy modification
-
C:\Windows\assembly\GAC_64\Microsoft.Ink\System Restore.exe"C:\Windows\assembly\GAC_64\Microsoft.Ink\System Restore.exe" C:\Windows\assembly\GAC_64\Microsoft.Ink\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_64\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_64\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_64\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\8⤵
-
C:\Windows\assembly\GAC_64\Microsoft.Interop.Security.AzRoles\backup.exeC:\Windows\assembly\GAC_64\Microsoft.Interop.Security.AzRoles\backup.exe C:\Windows\assembly\GAC_64\Microsoft.Interop.Security.AzRoles\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_64\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_64\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_64\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\8⤵
-
C:\Windows\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\backup.exeC:\Windows\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\backup.exe C:\Windows\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\7⤵
-
C:\Windows\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\8⤵
-
C:\Windows\assembly\GAC_64\MSBuild\backup.exeC:\Windows\assembly\GAC_64\MSBuild\backup.exe C:\Windows\assembly\GAC_64\MSBuild\7⤵
-
C:\Windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\8⤵
- Disables RegEdit via registry modification
-
C:\Windows\assembly\GAC_64\mscorlib\backup.exeC:\Windows\assembly\GAC_64\mscorlib\backup.exe C:\Windows\assembly\GAC_64\mscorlib\7⤵
-
C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\backup.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\backup.exe C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\8⤵
-
C:\Windows\assembly\GAC_64\PresentationCore\backup.exeC:\Windows\assembly\GAC_64\PresentationCore\backup.exe C:\Windows\assembly\GAC_64\PresentationCore\7⤵
-
C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\8⤵
-
C:\Windows\assembly\GAC_64\srmlib\backup.exeC:\Windows\assembly\GAC_64\srmlib\backup.exe C:\Windows\assembly\GAC_64\srmlib\7⤵
-
C:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\update.exeC:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\update.exe C:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\8⤵
-
C:\Windows\assembly\GAC_64\System.Data\backup.exeC:\Windows\assembly\GAC_64\System.Data\backup.exe C:\Windows\assembly\GAC_64\System.Data\7⤵
-
C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\backup.exeC:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\backup.exe C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\8⤵
-
C:\Windows\assembly\GAC_64\System.Data.OracleClient\backup.exeC:\Windows\assembly\GAC_64\System.Data.OracleClient\backup.exe C:\Windows\assembly\GAC_64\System.Data.OracleClient\7⤵
-
C:\Windows\assembly\GAC_64\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\backup.exeC:\Windows\assembly\GAC_64\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\backup.exe C:\Windows\assembly\GAC_64\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\8⤵
-
C:\Windows\assembly\GAC_64\System.EnterpriseServices\backup.exeC:\Windows\assembly\GAC_64\System.EnterpriseServices\backup.exe C:\Windows\assembly\GAC_64\System.EnterpriseServices\7⤵
-
C:\Windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\8⤵
-
C:\Windows\assembly\GAC_64\System.Printing\System Restore.exe"C:\Windows\assembly\GAC_64\System.Printing\System Restore.exe" C:\Windows\assembly\GAC_64\System.Printing\7⤵
-
C:\Windows\assembly\GAC_64\System.Printing\3.0.0.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_64\System.Printing\3.0.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_64\System.Printing\3.0.0.0__31bf3856ad364e35\8⤵
-
C:\Windows\assembly\GAC_64\System.Transactions\backup.exeC:\Windows\assembly\GAC_64\System.Transactions\backup.exe C:\Windows\assembly\GAC_64\System.Transactions\7⤵
-
C:\Windows\bcastdvr\backup.exeC:\Windows\bcastdvr\backup.exe C:\Windows\bcastdvr\5⤵
-
C:\Windows\Branding\backup.exeC:\Windows\Branding\backup.exe C:\Windows\Branding\5⤵
-
C:\Windows\Branding\Basebrd\backup.exeC:\Windows\Branding\Basebrd\backup.exe C:\Windows\Branding\Basebrd\6⤵
-
C:\Windows\Branding\Basebrd\de-DE\backup.exeC:\Windows\Branding\Basebrd\de-DE\backup.exe C:\Windows\Branding\Basebrd\de-DE\7⤵
-
C:\Windows\Branding\Basebrd\en-US\backup.exeC:\Windows\Branding\Basebrd\en-US\backup.exe C:\Windows\Branding\Basebrd\en-US\7⤵
-
C:\Windows\Branding\Basebrd\es-ES\backup.exeC:\Windows\Branding\Basebrd\es-ES\backup.exe C:\Windows\Branding\Basebrd\es-ES\7⤵
-
C:\Windows\Branding\Basebrd\fr-FR\backup.exeC:\Windows\Branding\Basebrd\fr-FR\backup.exe C:\Windows\Branding\Basebrd\fr-FR\7⤵
-
C:\Windows\Branding\Basebrd\it-IT\backup.exeC:\Windows\Branding\Basebrd\it-IT\backup.exe C:\Windows\Branding\Basebrd\it-IT\7⤵
-
C:\Windows\Branding\Basebrd\ja-JP\backup.exeC:\Windows\Branding\Basebrd\ja-JP\backup.exe C:\Windows\Branding\Basebrd\ja-JP\7⤵
-
C:\Windows\Branding\Basebrd\uk-UA\backup.exeC:\Windows\Branding\Basebrd\uk-UA\backup.exe C:\Windows\Branding\Basebrd\uk-UA\7⤵
-
C:\Windows\Branding\shellbrd\backup.exeC:\Windows\Branding\shellbrd\backup.exe C:\Windows\Branding\shellbrd\6⤵
-
C:\Windows\CbsTemp\backup.exeC:\Windows\CbsTemp\backup.exe C:\Windows\CbsTemp\5⤵
-
C:\Users\Admin\AppData\Local\Temp\2588116090\backup.exeC:\Users\Admin\AppData\Local\Temp\2588116090\backup.exe C:\Users\Admin\AppData\Local\Temp\2588116090\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exeC:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe C:\Users\Admin\AppData\Local\Temp\acrocef_low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\OneNote\update.exeC:\Users\Admin\AppData\Local\Temp\OneNote\update.exe C:\Users\Admin\AppData\Local\Temp\OneNote\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\OneNote\16.0\backup.exeC:\Users\Admin\AppData\Local\Temp\OneNote\16.0\backup.exe C:\Users\Admin\AppData\Local\Temp\OneNote\16.0\3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\OneNote\16.0\Exported\backup.exeC:\Users\Admin\AppData\Local\Temp\OneNote\16.0\Exported\backup.exe C:\Users\Admin\AppData\Local\Temp\OneNote\16.0\Exported\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\af\data.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\af\data.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\af\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\am\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\am\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\am\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\ar\System Restore.exe"C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\ar\System Restore.exe" C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\ar\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\az\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\az\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\az\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\be\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\be\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\be\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\bg\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\bg\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\bg\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\bn\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\bn\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\bn\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\ca\update.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\ca\update.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\ca\5⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\cs\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\cs\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\cs\5⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\cy\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\cy\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\cy\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\da\System Restore.exe"C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\da\System Restore.exe" C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\da\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\de\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\de\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\de\5⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\el\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\el\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\el\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\en\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\en\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\en\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\en_CA\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\en_CA\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\en_CA\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\en_GB\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\en_GB\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\en_GB\5⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\en_US\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\en_US\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\en_US\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\es\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\es\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\es\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\es_419\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\es_419\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\es_419\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\et\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\et\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\et\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\eu\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\eu\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\eu\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\fa\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\fa\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\fa\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\fi\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\fi\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\fi\5⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\fil\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\fil\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\fil\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\fr\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\fr\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\fr\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\fr_CA\update.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\fr_CA\update.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\fr_CA\5⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\gl\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\gl\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\gl\5⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\gu\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\gu\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\gu\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\hi\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\hi\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\hi\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\hr\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\hr\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\hr\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\hu\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\hu\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\hu\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\hy\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\hy\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\hy\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\id\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\id\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\id\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\is\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\is\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\is\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\it\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\it\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\it\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\iw\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\iw\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\iw\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\ja\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\ja\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\ja\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\ka\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\ka\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\ka\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\kk\update.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\kk\update.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\kk\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\km\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\km\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\km\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\kn\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\kn\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\kn\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\ko\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\ko\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\ko\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\lo\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\lo\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\lo\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\lt\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\lt\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\lt\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\lv\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\lv\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\lv\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\ml\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\ml\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\ml\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\mn\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\mn\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\mn\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\mr\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\mr\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\mr\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\ms\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\ms\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\ms\5⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\my\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\my\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\my\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\ne\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\ne\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\ne\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\nl\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\nl\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\nl\5⤵
- Disables RegEdit via registry modification
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\no\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\no\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\no\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\pa\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\pa\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\pa\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\pl\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\pl\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\pl\5⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\pt_BR\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\pt_BR\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\pt_BR\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\pt_PT\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\pt_PT\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\pt_PT\5⤵
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\ro\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\ro\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\ro\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\ru\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\ru\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\ru\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\si\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\si\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\si\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\sk\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\sk\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\sk\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\sl\data.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\sl\data.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\sl\5⤵
- Disables RegEdit via registry modification
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\sr\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\sr\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\sr\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\sv\System Restore.exe"C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\sv\System Restore.exe" C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\sv\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\sw\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\sw\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\sw\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\ta\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\ta\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\ta\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\te\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\te\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\te\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\th\System Restore.exe"C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\th\System Restore.exe" C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\th\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\tr\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\tr\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\tr\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\uk\update.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\uk\update.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\uk\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\ur\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\ur\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\ur\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\vi\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\vi\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\vi\5⤵
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\zh_CN\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\zh_CN\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\zh_CN\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\zh_HK\update.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\zh_HK\update.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\zh_HK\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\zh_TW\backup.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\zh_TW\backup.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\zh_TW\5⤵
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\zu\data.exeC:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\zu\data.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\zu\5⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4240,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=3988 /prefetch:81⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files\7-Zip\Lang\backup.exeFilesize
72KB
MD501d40f39632cad1a2cc979112a6b173e
SHA18db7380e04ca1eecf67e467c3e59783d02fd43ac
SHA2560a3ed00c6c5121746ed8af579363f9dc5d2e7811a5d328cb61f7344b23e42cba
SHA5125972003bb287103ee53350b80fe60c404c5bf862bdfe5ccba85c1e11990822e5f7042dab2338832e71040976b419e94083c687c6171c31fa79593a765de7f790
-
C:\Program Files\7-Zip\backup.exeFilesize
72KB
MD5f7711a95d2c94eb0c59e88800ba824d5
SHA18556ab306c0effe9ca1b65df99fefccc452c70c0
SHA256ae7c0c213d816f177c440de79018fe00c2e5b6443aba76d89529d1c420b20aa9
SHA51228908d6d0789cb534072a5c4fa74cd6c911bd1e4800668171088a4a9f16a534b4a0f1830cddb0168734d98e58c17f121115465a6a575557d2aa46ac7523db42f
-
C:\Program Files\Common Files\DESIGNER\backup.exeFilesize
72KB
MD53909a20ded04b9b302ac76f979019c26
SHA193e2802edaa1a2376c17697188e83eb6022f7f10
SHA2565e99c5672603f0dad987d40488bf177818f6f97d454b8472606f7bf4d08e936f
SHA512b032b1878cf3e7a83c4cc21ffbebf693abfcabbd97478ee71ccd8d74e7934b4581572eba5ee4cee1f81f8a9afe658282877f058d8fc2b631189d617334930ec3
-
C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exeFilesize
72KB
MD5663252415b2f54b5077fa2a3517eeb4d
SHA12b07ee012409b172423af9c1e6fb96ed1b9a638f
SHA2566e1e60a3797f58a3b17c797af8105e106d2101dc1e4785dbb06f071b2ba25967
SHA51275178562bc5db544ba3b499fe0746bdc10c49d466e9364a9433681e2f329ffc2d88e45f61c2c87fca6f570a00dbb96558d9659a4eaae03f84afe10504741266e
-
C:\Users\Admin\AppData\Local\Temp\OneNote\16.0\Exported\backup.exeFilesize
72KB
MD581879ff24179f55a0217361827fc2d35
SHA1f745ec62f84c711e292cba78f3a503cd093f7670
SHA256c3ccf430bc625c90fcc0911e67c7d45db61898a8eadb8561d823e3c811d3e531
SHA512193b0f03be5fc582253e3e069b06763b5fae382ecc6a8903b26fc157d6ba183d1805ef8a22ea9fae68497a8d43183f8a5a913439e3974ea27ba000646ef2503a
-
C:\Users\Admin\AppData\Local\Temp\OneNote\16.0\backup.exeFilesize
72KB
MD53afced433f30ef764a1d90aef49462bc
SHA173a71cc19091112f078531208e4e9cfdbe657738
SHA256fa74f0feb12385ddfdb1f3fa4c7683a4548e91b330ec046629750e8037ffe0c5
SHA51224fd000af44a5657445177e6e72a2bf23c573769310941e240639586303f6b573ec3cd2bce0fa68ef809537efa009346e9cd534c0c787043336a9bb1a1725eb3
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\af\data.exeFilesize
72KB
MD50382766c536632273575e50c96d103dd
SHA1c44dfc2f4d2b062efd3b93bba71639db4dd31de1
SHA2568fe7be799f4982d29cf0ae0117747d384765b093779ea376abf511b50659cb8d
SHA512694e4999fcc1ba725aa279fe7e643dc1ad457b90280556e997f1d04a806cf4b43f916caacc30ac74a11e0328bccc100916d3368e81985b3e618ef62b039b3a43
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\backup.exeFilesize
72KB
MD5b6831ac14d0ed2cb2df3b342f5c05da6
SHA19f8528725f8a3c79bf2deb19065362271cd59f43
SHA25633497c59020c2b4fd6a72a27a9f0caf6acecc57b3f253a5f80968d937b1eb10c
SHA5125933e8dedaf2a4392bdd60bcb7ca4cd230960001edc70adbbcdc481a609dc45dfaa618db2f2eb0e71313911dd7e2befd62bc1003263a356d6a90e1f546a4c693
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\_locales\ca\update.exeFilesize
72KB
MD53dc4ba5417780b49261e089dcf4caf5a
SHA133401a35ddf5adb885493d2aca76ddddad3ab13b
SHA25677289d7c8a9cd919ee5cc02cb60104c953392df747377f40decc2052ba0796ea
SHA512cc509f0e744afc93f2fb697776a2082143ef721dfa5df49d1177e2ac6360bf86203ab370ff8c7f9597423aec813939735da443eb57cf2482f911c7a95992f6c3
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\CRX_INSTALL\backup.exeFilesize
72KB
MD5a62d8f40b2692e37726194894fb87a82
SHA11ed9e705468b86246d491f79b45c4e51f49f163c
SHA25691e45cccd32308f26e489e70915c89796825b43a66ae9f08599a103bacc3cebf
SHA512281032e019937f7cd416b128642f65909275088089b577941ffff885952d5f0a586541fd1cdc42cbaf1e12bdf66b5fdac6345899526b588fd5fb0427b4622c54
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir3736_1391798296\backup.exeFilesize
72KB
MD512b7b576396333cca8ace832dded1521
SHA1498ff5ab4471e56df93a9dd179452b656f16a6ec
SHA25609490291a1ad9a57e0a3967ac8e756680ad20b8651d2f6acdbbb0d0d2df09a8a
SHA512a956a41d67386bf84db584f8a6a970415c6c6e1f45dedec9d4339a74dde51250002b6cd16d90e8f4e393feb9080cd3e9f6cdf65cd2c8a95ba37c2879efd1728b
-
C:\Users\Admin\AppData\Local\Temp\temp.zipFilesize
20KB
MD5066d6df1b3202783d6d359efb3ade3a1
SHA1eff6caadf97c1d827ef19953647af11ca319f7b0
SHA25609bc332d5d8d591ee98f8e3a14519edae2f86d451ec1a6299c01098189366037
SHA5128bdd2bb5804157ca4fd970383d34ff4d049f63b355f08642d30dfdae4cb1fc947f3716f115a4db76639e2dc21212e570444db891123811bdb1b95366a2af42b1
-
C:\Users\Admin\AppData\Local\Temp\temp.zipFilesize
22B
MD576cdb2bad9582d23c1f6f4d868218d6c
SHA1b04f3ee8f5e43fa3b162981b50bb72fe1acabb33
SHA2568739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85
SHA5125e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f
-
C:\Users\Admin\AppData\Local\Temp\{6455400B-3467-4E51-808B-8821A1FE6438}\backup.exeFilesize
72KB
MD523f2cfd558d502ede310e45ecd96534b
SHA17733b04971b071a8aba9fd4c2bccdba3c4dce6ac
SHA2563bdacaad9528c226988d7f3cca1c067fb081086f4cda72a869b4b2f985bf4fc0
SHA512e3bd9f1770eb536f88c878e29872c37d5343019a59b97bf2e34d9afe0dcc3b5bd6891ff3427ed7c4810d3ba01672197a43b1fc9578c5c87cfe39610e393582fe