Analysis
-
max time kernel
106s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 02:46
Static task
static1
Behavioral task
behavioral1
Sample
5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe
Resource
win10v2004-20240226-en
General
-
Target
5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe
-
Size
72KB
-
MD5
5842ffeece1082111cf04efcd2053a70
-
SHA1
29f0177c4741bac3320335b1632f068249878d0a
-
SHA256
b81da6df26147f80b7691e099d06b7165f4805e682defbc69f1c284bc939cd66
-
SHA512
99f5821c74861ab27c52283f72885cdad53d5a572d59e5b8094fb17271f44577edc958d1e0f3ae83e9da141af9c40e385be02e205c564181c28bb834df248ffa
-
SSDEEP
384:y6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2J:ypQNwC3BEddsEqOt/hyJF+x3BEJwRrl
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" update.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" Process not Found -
Disables RegEdit via registry modification 64 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" data.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" System Restore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found -
Executes dropped EXE 64 IoCs
pid Process 108 backup.exe 1872 backup.exe 2212 backup.exe 2628 backup.exe 2588 backup.exe 2664 System Restore.exe 2756 backup.exe 2912 backup.exe 112 backup.exe 1588 backup.exe 1548 backup.exe 1604 backup.exe 856 backup.exe 2764 backup.exe 2768 backup.exe 2772 backup.exe 1916 backup.exe 320 backup.exe 1724 backup.exe 3048 backup.exe 1096 backup.exe 2252 update.exe 1688 backup.exe 340 backup.exe 272 backup.exe 888 backup.exe 968 update.exe 2156 backup.exe 1772 backup.exe 2052 backup.exe 1640 backup.exe 756 backup.exe 2972 backup.exe 1520 backup.exe 2728 backup.exe 1936 backup.exe 3012 backup.exe 2644 backup.exe 2628 backup.exe 2448 backup.exe 2604 backup.exe 2464 backup.exe 2756 update.exe 2472 backup.exe 2440 backup.exe 2920 backup.exe 1396 backup.exe 1848 data.exe 2368 backup.exe 2404 backup.exe 2624 backup.exe 1584 backup.exe 2752 backup.exe 2864 backup.exe 2788 data.exe 2480 backup.exe 1988 backup.exe 996 backup.exe 320 update.exe 1136 backup.exe 2124 backup.exe 2088 backup.exe 1852 backup.exe 1880 backup.exe -
Loads dropped DLL 64 IoCs
pid Process 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 2912 backup.exe 2912 backup.exe 112 backup.exe 112 backup.exe 2912 backup.exe 2912 backup.exe 1548 backup.exe 1548 backup.exe 1604 backup.exe 1604 backup.exe 1548 backup.exe 1548 backup.exe 2764 backup.exe 2764 backup.exe 2768 backup.exe 2768 backup.exe 2768 backup.exe 2768 backup.exe 1916 backup.exe 1916 backup.exe 1916 backup.exe 1916 backup.exe 1916 backup.exe 1916 backup.exe 1916 backup.exe 1916 backup.exe 1916 backup.exe 2252 update.exe 2252 update.exe 2252 update.exe 1916 backup.exe 1916 backup.exe 1916 backup.exe 1916 backup.exe 1916 backup.exe 1916 backup.exe 1916 backup.exe 1916 backup.exe 1916 backup.exe 968 update.exe 968 update.exe 968 update.exe 1916 backup.exe 1916 backup.exe 1916 backup.exe 1916 backup.exe 1772 backup.exe 1772 backup.exe 1772 backup.exe 1772 backup.exe -
Drops file in System32 directory 21 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\040C\backup.exe Process not Found File opened for modification C:\Windows\SysWOW64\bg-BG\backup.exe Process not Found File opened for modification C:\Windows\SysWOW64\com\System Restore.exe Process not Found File opened for modification C:\Windows\SysWOW64\com\en-US\backup.exe Process not Found File opened for modification C:\Windows\SysWOW64\com\es-ES\backup.exe Process not Found File opened for modification C:\Windows\SysWOW64\com\it-IT\data.exe Process not Found File opened for modification C:\Windows\SysWOW64\backup.exe backup.exe File opened for modification C:\Windows\SysWOW64\0C0A\backup.exe Process not Found File opened for modification C:\Windows\SysWOW64\config\backup.exe Process not Found File opened for modification C:\Windows\SysWOW64\0411\backup.exe Process not Found File opened for modification C:\Windows\SysWOW64\AdvancedInstallers\backup.exe Process not Found File opened for modification C:\Windows\SysWOW64\catroot\backup.exe Process not Found File opened for modification C:\Windows\SysWOW64\catroot2\backup.exe Process not Found File opened for modification C:\Windows\SysWOW64\com\de-DE\backup.exe Process not Found File opened for modification C:\Windows\SysWOW64\com\ja-JP\backup.exe Process not Found File opened for modification C:\Windows\SysWOW64\0407\backup.exe Process not Found File opened for modification C:\Windows\SysWOW64\0409\backup.exe Process not Found File opened for modification C:\Windows\SysWOW64\0410\backup.exe Process not Found File opened for modification C:\Windows\SysWOW64\ar-SA\backup.exe Process not Found File opened for modification C:\Windows\SysWOW64\com\dmp\backup.exe Process not Found File opened for modification C:\Windows\SysWOW64\com\fr-FR\backup.exe Process not Found -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\backup.exe Process not Found File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\data.exe Process not Found File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\backup.exe backup.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\groove.net\Components\backup.exe Process not Found File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe backup.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\backup.exe backup.exe File opened for modification C:\Program Files\Microsoft Games\Chess\fr-FR\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Microsoft Sync Framework\backup.exe backup.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Windows Media Player\fr-FR\backup.exe Process not Found File opened for modification C:\Program Files (x86)\Windows Photo Viewer\backup.exe backup.exe File opened for modification C:\Program Files\Mozilla Firefox\defaults\pref\backup.exe backup.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\mn\backup.exe update.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\backup.exe Process not Found File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\backup.exe update.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PROOF\1033\data.exe Process not Found File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\backup.exe Process not Found File opened for modification C:\Program Files\Common Files\backup.exe backup.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\System Restore.exe backup.exe File opened for modification C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\backup.exe backup.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\co\backup.exe update.exe File opened for modification C:\Program Files (x86)\Common Files\System\msadc\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\backup.exe backup.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\backup.exe backup.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\backup.exe update.exe File opened for modification C:\Program Files\Java\jre7\lib\amd64\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\DAO\backup.exe backup.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Common Files\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\backup.exe Process not Found File opened for modification C:\Program Files\Windows Photo Viewer\backup.exe backup.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\System Restore.exe Process not Found File opened for modification C:\Program Files\VideoLAN\VLC\locale\ga\update.exe update.exe File opened for modification C:\Program Files (x86)\Windows Mail\es-ES\backup.exe Process not Found File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\backup.exe Process not Found File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe backup.exe File opened for modification C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\backup.exe update.exe File opened for modification C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\backup.exe Process not Found File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\backup.exe Process not Found File opened for modification C:\Program Files\VideoLAN\VLC\plugins\stream_out\backup.exe Process not Found File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\TextConv\it-IT\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SoftBlue\backup.exe Process not Found File opened for modification C:\Program Files (x86)\Windows NT\TableTextService\de-DE\data.exe Process not Found File opened for modification C:\Program Files\Windows Media Player\Network Sharing\backup.exe Process not Found File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe backup.exe File opened for modification C:\Program Files\Common Files\System\fr-FR\backup.exe backup.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Internet Explorer\en-US\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\backup.exe Process not Found File opened for modification C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe backup.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECLIPSE\backup.exe backup.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\br\backup.exe update.exe File opened for modification C:\Program Files (x86)\Microsoft Synchronization Services\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\backup.exe Process not Found File opened for modification C:\Program Files\Common Files\System\en-US\backup.exe backup.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe backup.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\extensions\backup.exe Process not Found File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\groove.net\Servers\backup.exe Process not Found File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\backup.exe Process not Found -
Drops file in Windows directory 64 IoCs
description ioc Process File opened for modification C:\Windows\inf\ServiceModelService 3.0.0.0\0411\backup.exe Process not Found File opened for modification C:\Windows\inf\TermService\0410\backup.exe Process not Found File opened for modification C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\backup.exe Process not Found File opened for modification C:\Windows\Branding\Basebrd\en-US\backup.exe Process not Found File opened for modification C:\Windows\Logs\backup.exe backup.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v3.5\SQL\de\backup.exe Process not Found File opened for modification C:\Windows\assembly\GAC\Microsoft.mshtml\backup.exe backup.exe File opened for modification C:\Windows\inf\aspnet_state\0013\backup.exe Process not Found File opened for modification C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\backup.exe Process not Found File opened for modification C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Permissions\backup.exe Process not Found File opened for modification C:\Windows\Resources\Themes\Aero\Shell\NormalColor\it-IT\backup.exe Process not Found File opened for modification C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Security\Roles\backup.exe Process not Found File opened for modification C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\de-DE\backup.exe Process not Found File opened for modification C:\Windows\assembly\GAC_32\mscorlib\System Restore.exe backup.exe File opened for modification C:\Windows\inf\PNRPSvc\0000\backup.exe Process not Found File opened for modification C:\Windows\inf\SMSvcHost 4.0.0.0\0006\backup.exe Process not Found File opened for modification C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\data.exe Process not Found File opened for modification C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\dfb5532e4cf07b7324280988a3e1cca4\backup.exe Process not Found File opened for modification C:\Windows\assembly\NativeImages_v2.0.50727_64\LoadMxf\d09b54cd68bc772b3be3832926e940d4\backup.exe Process not Found File opened for modification C:\Windows\inf\Windows Workflow Foundation 3.0.0.0\0409\backup.exe Process not Found File opened for modification C:\Windows\ehome\de-DE\backup.exe Process not Found File opened for modification C:\Windows\inf\ASP.NET\000C\backup.exe Process not Found File opened for modification C:\Windows\inf\PERFLIB\0000\backup.exe Process not Found File opened for modification C:\Windows\Resources\Themes\Aero\Shell\NormalColor\fr-FR\System Restore.exe Process not Found File opened for modification C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Acti2661942e#\84846480d6281bf831a97d07f712d09e\backup.exe Process not Found File opened for modification C:\Windows\Microsoft.NET\Framework64\v3.5\SQL\it\backup.exe Process not Found File opened for modification C:\Windows\Downloaded Program Files\backup.exe backup.exe File opened for modification C:\Windows\Microsoft.NET\assembly\GAC_64\System.Printing\System Restore.exe Process not Found File opened for modification C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Roles\backup.exe Process not Found File opened for modification C:\Windows\Microsoft.NET\assembly\GAC_32\backup.exe Process not Found File opened for modification C:\Windows\inf\SMSvcHost 3.0.0.0\0000\backup.exe Process not Found File opened for modification C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Security.#\backup.exe Process not Found File opened for modification C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\backup.exe Process not Found File opened for modification C:\Windows\assembly\GAC_32\mcstoredb\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC_MSIL\MCESidebarCtrl\backup.exe Process not Found File opened for modification C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Outlook.v9.0\9.0.0.0__b03f5f7f11d50a3a\backup.exe Process not Found File opened for modification C:\Windows\Microsoft.NET\assembly\GAC_MSIL\backup.exe Process not Found File opened for modification C:\Windows\assembly\GAC_MSIL\microsoft.transactions.bridge.dtc.resources\3.0.0.0_de_b03f5f7f11d50a3a\backup.exe Process not Found File opened for modification C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\b204998e0b878089f7fd625612a35dfa\backup.exe Process not Found File opened for modification C:\Windows\DigitalLocker\backup.exe backup.exe File opened for modification C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\backup.exe Process not Found File opened for modification C:\Windows\Microsoft.NET\Framework\v2.0.50727\3082\backup.exe Process not Found File opened for modification C:\Windows\assembly\GAC_32\BDATunePIA\backup.exe backup.exe File opened for modification C:\Windows\assembly\GAC_64\System.Transactions\backup.exe Process not Found File opened for modification C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\a04be0cabc675da23c6cdd970b50e3c5\backup.exe Process not Found File opened for modification C:\Windows\Microsoft.NET\Framework64\backup.exe Process not Found File opened for modification C:\Windows\schemas\EAPMethods\backup.exe Process not Found File opened for modification C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\de\backup.exe Process not Found File opened for modification C:\Windows\assembly\NativeImages_v2.0.50727_64\System\adff7dd9fe8e541775c46b6363401b22\backup.exe Process not Found File opened for modification C:\Windows\DigitalLocker\es-ES\backup.exe Process not Found File opened for modification C:\Windows\inf\TAPISRV\040C\backup.exe Process not Found File opened for modification C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\backup.exe Process not Found File opened for modification C:\Windows\inf\TermService\0000\data.exe Process not Found File opened for modification C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\backup.exe Process not Found File opened for modification C:\Windows\inf\Windows Workflow Foundation 3.0.0.0\040C\update.exe Process not Found File opened for modification C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\backup.exe Process not Found File opened for modification C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\56780b4bd164787631d4317d0556c3c0\System Restore.exe Process not Found File opened for modification C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\backup.exe Process not Found File opened for modification C:\Windows\inf\ESENT\040C\backup.exe Process not Found File opened for modification C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Word\backup.exe Process not Found File opened for modification C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\09ca6fe45ec9d8c535413b0dfa7d2075\backup.exe Process not Found File opened for modification C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0\update.exe Process not Found File opened for modification C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Applicati#\74c8f5e75ec10458436bb476c2cfd9fc\backup.exe Process not Found File opened for modification C:\Windows\assembly\NativeImages_v4.0.30319_64\CustomMarshalers\e251e07a65ea3f2a157796a054971e60\backup.exe Process not Found -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 108 backup.exe 1872 backup.exe 2212 backup.exe 2628 backup.exe 2588 backup.exe 2664 System Restore.exe 2756 backup.exe 2912 backup.exe 112 backup.exe 1588 backup.exe 1548 backup.exe 1604 backup.exe 856 backup.exe 2764 backup.exe 2768 backup.exe 2772 backup.exe 1916 backup.exe 320 backup.exe 1724 backup.exe 3048 backup.exe 1096 backup.exe 2252 update.exe 1688 backup.exe 340 backup.exe 272 backup.exe 888 backup.exe 968 update.exe 2156 backup.exe 1772 backup.exe 2052 backup.exe 1640 backup.exe 756 backup.exe 2972 backup.exe 1520 backup.exe 2728 backup.exe 1936 backup.exe 3012 backup.exe 2644 backup.exe 2628 backup.exe 2448 backup.exe 2604 backup.exe 2464 backup.exe 2756 update.exe 2472 backup.exe 2440 backup.exe 2920 backup.exe 1396 backup.exe 1848 data.exe 2368 backup.exe 2404 backup.exe 2624 backup.exe 1584 backup.exe 2752 backup.exe 2864 backup.exe 2788 data.exe 2480 backup.exe 1988 backup.exe 996 backup.exe 320 update.exe 1136 backup.exe 2124 backup.exe 2088 backup.exe 1852 backup.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2868 wrote to memory of 108 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 28 PID 2868 wrote to memory of 108 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 28 PID 2868 wrote to memory of 108 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 28 PID 2868 wrote to memory of 108 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 28 PID 2868 wrote to memory of 1872 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 29 PID 2868 wrote to memory of 1872 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 29 PID 2868 wrote to memory of 1872 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 29 PID 2868 wrote to memory of 1872 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 29 PID 2868 wrote to memory of 2212 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 30 PID 2868 wrote to memory of 2212 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 30 PID 2868 wrote to memory of 2212 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 30 PID 2868 wrote to memory of 2212 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 30 PID 2868 wrote to memory of 2628 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 31 PID 2868 wrote to memory of 2628 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 31 PID 2868 wrote to memory of 2628 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 31 PID 2868 wrote to memory of 2628 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 31 PID 2868 wrote to memory of 2588 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 32 PID 2868 wrote to memory of 2588 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 32 PID 2868 wrote to memory of 2588 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 32 PID 2868 wrote to memory of 2588 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 32 PID 2868 wrote to memory of 2664 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 33 PID 2868 wrote to memory of 2664 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 33 PID 2868 wrote to memory of 2664 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 33 PID 2868 wrote to memory of 2664 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 33 PID 2868 wrote to memory of 2756 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 34 PID 2868 wrote to memory of 2756 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 34 PID 2868 wrote to memory of 2756 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 34 PID 2868 wrote to memory of 2756 2868 5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe 34 PID 108 wrote to memory of 2912 108 backup.exe 35 PID 108 wrote to memory of 2912 108 backup.exe 35 PID 108 wrote to memory of 2912 108 backup.exe 35 PID 108 wrote to memory of 2912 108 backup.exe 35 PID 2912 wrote to memory of 112 2912 backup.exe 36 PID 2912 wrote to memory of 112 2912 backup.exe 36 PID 2912 wrote to memory of 112 2912 backup.exe 36 PID 2912 wrote to memory of 112 2912 backup.exe 36 PID 112 wrote to memory of 1588 112 backup.exe 37 PID 112 wrote to memory of 1588 112 backup.exe 37 PID 112 wrote to memory of 1588 112 backup.exe 37 PID 112 wrote to memory of 1588 112 backup.exe 37 PID 2912 wrote to memory of 1548 2912 backup.exe 38 PID 2912 wrote to memory of 1548 2912 backup.exe 38 PID 2912 wrote to memory of 1548 2912 backup.exe 38 PID 2912 wrote to memory of 1548 2912 backup.exe 38 PID 1548 wrote to memory of 1604 1548 backup.exe 39 PID 1548 wrote to memory of 1604 1548 backup.exe 39 PID 1548 wrote to memory of 1604 1548 backup.exe 39 PID 1548 wrote to memory of 1604 1548 backup.exe 39 PID 1604 wrote to memory of 856 1604 backup.exe 40 PID 1604 wrote to memory of 856 1604 backup.exe 40 PID 1604 wrote to memory of 856 1604 backup.exe 40 PID 1604 wrote to memory of 856 1604 backup.exe 40 PID 1548 wrote to memory of 2764 1548 backup.exe 41 PID 1548 wrote to memory of 2764 1548 backup.exe 41 PID 1548 wrote to memory of 2764 1548 backup.exe 41 PID 1548 wrote to memory of 2764 1548 backup.exe 41 PID 2764 wrote to memory of 2768 2764 backup.exe 42 PID 2764 wrote to memory of 2768 2764 backup.exe 42 PID 2764 wrote to memory of 2768 2764 backup.exe 42 PID 2764 wrote to memory of 2768 2764 backup.exe 42 PID 2768 wrote to memory of 2772 2768 backup.exe 43 PID 2768 wrote to memory of 2772 2768 backup.exe 43 PID 2768 wrote to memory of 2772 2768 backup.exe 43 PID 2768 wrote to memory of 2772 2768 backup.exe 43 -
System policy modification 1 TTPs 64 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" Process not Found Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Process not Found Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Process not Found Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Process not Found Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Process not Found Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" Process not Found Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System Process not Found Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Process not Found Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System Process not Found Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" Process not Found Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Process not Found Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System Process not Found Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System System Restore.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System Process not Found Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" Process not Found Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" Process not Found Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" Process not Found Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" Process not Found Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" Process not Found Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System Process not Found Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer backup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" Process not Found Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" Process not Found Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer update.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" Process not Found Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Process not Found Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" Process not Found Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" Process not Found Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System Process not Found Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System Process not Found
Processes
-
C:\Users\Admin\AppData\Local\Temp\5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\5842ffeece1082111cf04efcd2053a70_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2868 -
C:\Users\Admin\AppData\Local\Temp\2259513146\backup.exeC:\Users\Admin\AppData\Local\Temp\2259513146\backup.exe C:\Users\Admin\AppData\Local\Temp\2259513146\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:108 -
C:\backup.exe\backup.exe \3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2912 -
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:112 -
C:\PerfLogs\Admin\backup.exeC:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1588
-
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1548 -
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1604 -
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:856
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2764 -
C:\Program Files\Common Files\Microsoft Shared\backup.exe"C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2768 -
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2772
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
PID:1916 -
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:320
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1724
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3048
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1096
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2252
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1688
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:340
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:272
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:888
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:968
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2156
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1772 -
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2052
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1640
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:756
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2972
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1520
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\9⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2728
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1936
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3012
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2644
-
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2628
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2448
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2604
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2464
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2756
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2472
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2440
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2920
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1396
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1848
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2368
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2404
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2624
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1584
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2752
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2864
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2788
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2480
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1988
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:996
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:320
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1136
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2124
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2088
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1852
-
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
- Executes dropped EXE
PID:1880 -
C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\8⤵PID:1776
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\update.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\update.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\8⤵PID:2540
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\8⤵PID:840
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\8⤵PID:2224
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\8⤵PID:2396
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\8⤵PID:1984
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵PID:552
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\8⤵PID:1992
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵PID:1464
-
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\7⤵PID:2980
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\7⤵PID:1516
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\8⤵PID:2192
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\8⤵
- Disables RegEdit via registry modification
PID:3068
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\8⤵PID:2672
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\8⤵PID:2656
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\8⤵PID:2808
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\8⤵PID:2560
-
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\7⤵
- Drops file in Program Files directory
PID:2664 -
C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\8⤵
- System policy modification
PID:2612
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\8⤵PID:2168
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\8⤵PID:2908
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\8⤵PID:1236
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\8⤵PID:2240
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\8⤵PID:1256
-
-
-
C:\Program Files\Common Files\Microsoft Shared\VC\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\VC\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\VC\7⤵PID:2184
-
-
C:\Program Files\Common Files\Microsoft Shared\VGX\update.exe"C:\Program Files\Common Files\Microsoft Shared\VGX\update.exe" C:\Program Files\Common Files\Microsoft Shared\VGX\7⤵
- System policy modification
PID:2164
-
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\update.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\update.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\7⤵PID:1016
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\8⤵PID:1496
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\9⤵PID:2180
-
-
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵PID:2044
-
-
C:\Program Files\Common Files\SpeechEngines\backup.exe"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\6⤵PID:2016
-
C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe"C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\7⤵PID:2888
-
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Drops file in Program Files directory
PID:2312 -
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Disables RegEdit via registry modification
PID:2204 -
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
PID:960
-
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵PID:332
-
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵PID:320
-
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵PID:1136
-
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵PID:2124
-
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵PID:2088
-
-
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵PID:1852
-
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵PID:1540
-
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵PID:1776
-
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵PID:1032
-
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\7⤵PID:2068
-
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵PID:2160
-
-
C:\Program Files\Common Files\System\msadc\backup.exe"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\7⤵PID:2668
-
C:\Program Files\Common Files\System\msadc\de-DE\update.exe"C:\Program Files\Common Files\System\msadc\de-DE\update.exe" C:\Program Files\Common Files\System\msadc\de-DE\8⤵PID:316
-
-
C:\Program Files\Common Files\System\msadc\en-US\backup.exe"C:\Program Files\Common Files\System\msadc\en-US\backup.exe" C:\Program Files\Common Files\System\msadc\en-US\8⤵PID:2348
-
-
C:\Program Files\Common Files\System\msadc\es-ES\backup.exe"C:\Program Files\Common Files\System\msadc\es-ES\backup.exe" C:\Program Files\Common Files\System\msadc\es-ES\8⤵PID:1992
-
-
C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe"C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe" C:\Program Files\Common Files\System\msadc\fr-FR\8⤵PID:1528
-
-
C:\Program Files\Common Files\System\msadc\it-IT\backup.exe"C:\Program Files\Common Files\System\msadc\it-IT\backup.exe" C:\Program Files\Common Files\System\msadc\it-IT\8⤵
- System policy modification
PID:2792
-
-
C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe"C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe" C:\Program Files\Common Files\System\msadc\ja-JP\8⤵PID:1664
-
-
-
C:\Program Files\Common Files\System\Ole DB\backup.exe"C:\Program Files\Common Files\System\Ole DB\backup.exe" C:\Program Files\Common Files\System\Ole DB\7⤵PID:1936
-
C:\Program Files\Common Files\System\Ole DB\de-DE\backup.exe"C:\Program Files\Common Files\System\Ole DB\de-DE\backup.exe" C:\Program Files\Common Files\System\Ole DB\de-DE\8⤵PID:3068
-
-
C:\Program Files\Common Files\System\Ole DB\en-US\backup.exe"C:\Program Files\Common Files\System\Ole DB\en-US\backup.exe" C:\Program Files\Common Files\System\Ole DB\en-US\8⤵PID:2672
-
-
C:\Program Files\Common Files\System\Ole DB\es-ES\backup.exe"C:\Program Files\Common Files\System\Ole DB\es-ES\backup.exe" C:\Program Files\Common Files\System\Ole DB\es-ES\8⤵PID:2656
-
-
C:\Program Files\Common Files\System\Ole DB\fr-FR\backup.exe"C:\Program Files\Common Files\System\Ole DB\fr-FR\backup.exe" C:\Program Files\Common Files\System\Ole DB\fr-FR\8⤵PID:2808
-
-
C:\Program Files\Common Files\System\Ole DB\it-IT\backup.exe"C:\Program Files\Common Files\System\Ole DB\it-IT\backup.exe" C:\Program Files\Common Files\System\Ole DB\it-IT\8⤵PID:2708
-
-
C:\Program Files\Common Files\System\Ole DB\ja-JP\backup.exe"C:\Program Files\Common Files\System\Ole DB\ja-JP\backup.exe" C:\Program Files\Common Files\System\Ole DB\ja-JP\8⤵PID:2688
-
-
-
-
-
C:\Program Files\DVD Maker\backup.exe"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\5⤵PID:2612
-
C:\Program Files\DVD Maker\de-DE\backup.exe"C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\6⤵PID:2500
-
-
C:\Program Files\DVD Maker\en-US\backup.exe"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\6⤵PID:2112
-
-
C:\Program Files\DVD Maker\es-ES\backup.exe"C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\6⤵PID:2692
-
-
C:\Program Files\DVD Maker\fr-FR\backup.exe"C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\6⤵PID:1564
-
-
C:\Program Files\DVD Maker\it-IT\backup.exe"C:\Program Files\DVD Maker\it-IT\backup.exe" C:\Program Files\DVD Maker\it-IT\6⤵
- Disables RegEdit via registry modification
PID:1396
-
-
C:\Program Files\DVD Maker\ja-JP\backup.exe"C:\Program Files\DVD Maker\ja-JP\backup.exe" C:\Program Files\DVD Maker\ja-JP\6⤵PID:1848
-
-
C:\Program Files\DVD Maker\Shared\backup.exe"C:\Program Files\DVD Maker\Shared\backup.exe" C:\Program Files\DVD Maker\Shared\6⤵PID:112
-
C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\7⤵
- Drops file in Program Files directory
PID:2504 -
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\8⤵PID:1604
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\8⤵PID:1016
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\8⤵PID:2012
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Full\8⤵PID:2784
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\8⤵PID:1928
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\8⤵PID:1864
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\8⤵PID:592
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\8⤵PID:1428
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\8⤵PID:864
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\8⤵PID:832
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Push\data.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Push\data.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Push\8⤵PID:2248
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\8⤵PID:2252
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\8⤵PID:1596
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\8⤵PID:964
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\8⤵PID:272
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\8⤵PID:904
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\8⤵PID:2724
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\8⤵PID:1960
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\8⤵PID:3000
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\System Restore.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\System Restore.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\8⤵PID:1416
-
-
-
-
-
C:\Program Files\Google\data.exe"C:\Program Files\Google\data.exe" C:\Program Files\Google\5⤵PID:1996
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵PID:2964
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\7⤵PID:756
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\backup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\8⤵
- Drops file in Program Files directory
PID:2972 -
C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\backup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\9⤵PID:1968
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\backup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\9⤵PID:2548
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\backup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\9⤵PID:3012
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\backup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\9⤵PID:2596
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\backup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\9⤵PID:2568
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\backup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\9⤵PID:1624
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\backup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\9⤵PID:1616
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\backup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\10⤵PID:2560
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\backup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\11⤵PID:2572
-
-
-
-
-
C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe"C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\8⤵PID:2024
-
-
-
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵PID:2340
-
C:\Program Files\Internet Explorer\de-DE\backup.exe"C:\Program Files\Internet Explorer\de-DE\backup.exe" C:\Program Files\Internet Explorer\de-DE\6⤵PID:2440
-
-
C:\Program Files\Internet Explorer\en-US\backup.exe"C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\6⤵PID:2736
-
-
C:\Program Files\Internet Explorer\es-ES\backup.exe"C:\Program Files\Internet Explorer\es-ES\backup.exe" C:\Program Files\Internet Explorer\es-ES\6⤵PID:1888
-
-
C:\Program Files\Internet Explorer\fr-FR\backup.exe"C:\Program Files\Internet Explorer\fr-FR\backup.exe" C:\Program Files\Internet Explorer\fr-FR\6⤵PID:1740
-
-
C:\Program Files\Internet Explorer\images\backup.exe"C:\Program Files\Internet Explorer\images\backup.exe" C:\Program Files\Internet Explorer\images\6⤵PID:276
-
-
C:\Program Files\Internet Explorer\it-IT\backup.exe"C:\Program Files\Internet Explorer\it-IT\backup.exe" C:\Program Files\Internet Explorer\it-IT\6⤵PID:1560
-
-
C:\Program Files\Internet Explorer\ja-JP\backup.exe"C:\Program Files\Internet Explorer\ja-JP\backup.exe" C:\Program Files\Internet Explorer\ja-JP\6⤵PID:1252
-
-
C:\Program Files\Internet Explorer\SIGNUP\backup.exe"C:\Program Files\Internet Explorer\SIGNUP\backup.exe" C:\Program Files\Internet Explorer\SIGNUP\6⤵PID:1580
-
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵PID:1584
-
C:\Program Files\Java\jdk1.7.0_80\backup.exe"C:\Program Files\Java\jdk1.7.0_80\backup.exe" C:\Program Files\Java\jdk1.7.0_80\6⤵PID:2880
-
C:\Program Files\Java\jdk1.7.0_80\bin\backup.exe"C:\Program Files\Java\jdk1.7.0_80\bin\backup.exe" C:\Program Files\Java\jdk1.7.0_80\bin\7⤵PID:2264
-
-
C:\Program Files\Java\jdk1.7.0_80\db\backup.exe"C:\Program Files\Java\jdk1.7.0_80\db\backup.exe" C:\Program Files\Java\jdk1.7.0_80\db\7⤵PID:2480
-
C:\Program Files\Java\jdk1.7.0_80\db\bin\backup.exe"C:\Program Files\Java\jdk1.7.0_80\db\bin\backup.exe" C:\Program Files\Java\jdk1.7.0_80\db\bin\8⤵PID:808
-
-
C:\Program Files\Java\jdk1.7.0_80\db\lib\backup.exe"C:\Program Files\Java\jdk1.7.0_80\db\lib\backup.exe" C:\Program Files\Java\jdk1.7.0_80\db\lib\8⤵PID:668
-
-
-
C:\Program Files\Java\jdk1.7.0_80\include\backup.exe"C:\Program Files\Java\jdk1.7.0_80\include\backup.exe" C:\Program Files\Java\jdk1.7.0_80\include\7⤵PID:1656
-
C:\Program Files\Java\jdk1.7.0_80\include\win32\backup.exe"C:\Program Files\Java\jdk1.7.0_80\include\win32\backup.exe" C:\Program Files\Java\jdk1.7.0_80\include\win32\8⤵
- Modifies visibility of file extensions in Explorer
PID:2132 -
C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\backup.exe"C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\backup.exe" C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\9⤵PID:3048
-
-
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\7⤵PID:1824
-
C:\Program Files\Java\jdk1.7.0_80\jre\bin\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\bin\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\bin\8⤵PID:1208
-
C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\9⤵PID:1300
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\9⤵PID:340
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\9⤵
- Modifies visibility of file extensions in Explorer
PID:804
-
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\8⤵PID:888
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\9⤵PID:2116
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\applet\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\applet\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\applet\9⤵PID:2824
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\9⤵PID:2052
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\9⤵PID:1924
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\System Restore.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\System Restore.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\9⤵PID:2612
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\9⤵PID:1992
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\9⤵PID:2060
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\10⤵PID:1188
-
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\9⤵PID:2192
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\9⤵PID:2636
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\data.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\data.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\9⤵PID:2712
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\9⤵PID:1164
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\10⤵PID:1444
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\10⤵PID:1620
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\11⤵
- Modifies visibility of file extensions in Explorer
PID:2984
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\11⤵PID:2520
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\11⤵PID:1616
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\11⤵
- System policy modification
PID:756
-
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\10⤵PID:2508
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\10⤵PID:2112
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\10⤵PID:2692
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\10⤵
- Modifies visibility of file extensions in Explorer
PID:1532
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\10⤵
- Disables RegEdit via registry modification
PID:1256
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\10⤵PID:1740
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\10⤵PID:2732
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\data.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\data.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\10⤵PID:2768
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\10⤵PID:1228
-
-
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\update.exe"C:\Program Files\Java\jdk1.7.0_80\lib\update.exe" C:\Program Files\Java\jdk1.7.0_80\lib\7⤵PID:2936
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\8⤵PID:2304
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\9⤵PID:2928
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\10⤵PID:2960
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\10⤵PID:996
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\9⤵PID:1716
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\update.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\update.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\9⤵PID:320
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\10⤵PID:1136
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\System Restore.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\System Restore.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\10⤵
- System policy modification
PID:872
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\10⤵PID:788
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\data.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\data.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\10⤵PID:2244
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\10⤵PID:1844
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\10⤵PID:1776
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\10⤵PID:2092
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\10⤵PID:2224
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\System Restore.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\System Restore.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\10⤵PID:2396
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\10⤵PID:3000
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\11⤵PID:2004
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\data.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\data.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\10⤵PID:552
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\11⤵PID:2528
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\10⤵
- Drops file in Program Files directory
PID:1636 -
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\11⤵PID:2872
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\System Restore.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\System Restore.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\10⤵PID:2728
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\data.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\data.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\11⤵PID:2640
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\10⤵PID:2288
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\11⤵PID:2216
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\System Restore.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\System Restore.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\10⤵PID:2448
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\11⤵PID:2804
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\update.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\update.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\10⤵
- Drops file in Program Files directory
PID:2604 -
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\11⤵PID:2464
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\10⤵PID:2560
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\11⤵PID:2756
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\10⤵PID:2764
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\11⤵PID:2908
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\10⤵PID:2276
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\data.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\data.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\11⤵PID:2120
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\10⤵PID:1588
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\11⤵PID:1304
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\10⤵PID:1536
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\11⤵PID:1260
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\10⤵
- Drops file in Program Files directory
PID:856 -
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\11⤵PID:2512
-
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\9⤵PID:888
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\10⤵PID:2864
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\11⤵PID:2784
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\12⤵PID:960
-
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\10⤵
- Disables RegEdit via registry modification
PID:656 -
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\11⤵PID:592
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\12⤵PID:448
-
-
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\9⤵PID:1700
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\10⤵PID:2132
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\11⤵PID:1308
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\12⤵PID:1288
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\13⤵PID:932
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\System Restore.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\System Restore.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\13⤵PID:340
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\13⤵PID:2144
-
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\11⤵PID:2996
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\11⤵PID:988
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\update.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\update.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\10⤵
- Drops file in Program Files directory
PID:880 -
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\11⤵PID:2348
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\update.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\update.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\11⤵PID:3008
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\11⤵PID:3016
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\11⤵PID:1668
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\10⤵PID:1892
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\11⤵PID:1188
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\10⤵PID:1944
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\11⤵PID:1500
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\12⤵PID:2712
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\11⤵PID:2568
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\11⤵PID:3056
-
-
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\8⤵PID:2748
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\9⤵PID:2464
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\9⤵PID:2916
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\10⤵PID:2756
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\11⤵PID:2924
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\11⤵PID:2908
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\10⤵PID:1728
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\11⤵PID:2736
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\10⤵PID:1544
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\11⤵PID:1588
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\10⤵
- Drops file in Program Files directory
PID:2428 -
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\11⤵PID:1260
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\12⤵PID:1192
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\11⤵PID:856
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\10⤵PID:2776
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\9⤵PID:2772
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\10⤵PID:1980
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\11⤵PID:2784
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\10⤵
- Drops file in Program Files directory
PID:1724 -
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\11⤵PID:2324
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\12⤵PID:668
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\13⤵PID:1656
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\12⤵PID:2252
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\13⤵PID:2244
-
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\11⤵PID:900
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\10⤵PID:1472
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\11⤵PID:2092
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\10⤵PID:1308
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\9⤵PID:2996
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\10⤵PID:308
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\11⤵PID:2528
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\10⤵PID:1668
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\11⤵PID:1188
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\10⤵PID:2644
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\11⤵
- Modifies visibility of file extensions in Explorer
PID:1608
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\10⤵PID:2104
-
-
-
-
-
-
C:\Program Files\Java\jre7\data.exe"C:\Program Files\Java\jre7\data.exe" C:\Program Files\Java\jre7\6⤵PID:2452
-
C:\Program Files\Java\jre7\bin\backup.exe"C:\Program Files\Java\jre7\bin\backup.exe" C:\Program Files\Java\jre7\bin\7⤵PID:2456
-
C:\Program Files\Java\jre7\bin\dtplugin\backup.exe"C:\Program Files\Java\jre7\bin\dtplugin\backup.exe" C:\Program Files\Java\jre7\bin\dtplugin\8⤵PID:1564
-
-
C:\Program Files\Java\jre7\bin\plugin2\backup.exe"C:\Program Files\Java\jre7\bin\plugin2\backup.exe" C:\Program Files\Java\jre7\bin\plugin2\8⤵PID:1576
-
-
C:\Program Files\Java\jre7\bin\server\System Restore.exe"C:\Program Files\Java\jre7\bin\server\System Restore.exe" C:\Program Files\Java\jre7\bin\server\8⤵PID:2684
-
-
-
C:\Program Files\Java\jre7\lib\backup.exe"C:\Program Files\Java\jre7\lib\backup.exe" C:\Program Files\Java\jre7\lib\7⤵
- Drops file in Program Files directory
PID:2768 -
C:\Program Files\Java\jre7\lib\amd64\backup.exe"C:\Program Files\Java\jre7\lib\amd64\backup.exe" C:\Program Files\Java\jre7\lib\amd64\8⤵PID:856
-
-
C:\Program Files\Java\jre7\lib\applet\backup.exe"C:\Program Files\Java\jre7\lib\applet\backup.exe" C:\Program Files\Java\jre7\lib\applet\8⤵PID:1988
-
-
C:\Program Files\Java\jre7\lib\cmm\backup.exe"C:\Program Files\Java\jre7\lib\cmm\backup.exe" C:\Program Files\Java\jre7\lib\cmm\8⤵PID:2784
-
-
C:\Program Files\Java\jre7\lib\deploy\backup.exe"C:\Program Files\Java\jre7\lib\deploy\backup.exe" C:\Program Files\Java\jre7\lib\deploy\8⤵PID:592
-
-
C:\Program Files\Java\jre7\lib\ext\backup.exe"C:\Program Files\Java\jre7\lib\ext\backup.exe" C:\Program Files\Java\jre7\lib\ext\8⤵PID:2836
-
-
C:\Program Files\Java\jre7\lib\fonts\backup.exe"C:\Program Files\Java\jre7\lib\fonts\backup.exe" C:\Program Files\Java\jre7\lib\fonts\8⤵PID:2324
-
-
C:\Program Files\Java\jre7\lib\images\backup.exe"C:\Program Files\Java\jre7\lib\images\backup.exe" C:\Program Files\Java\jre7\lib\images\8⤵PID:764
-
C:\Program Files\Java\jre7\lib\images\cursors\backup.exe"C:\Program Files\Java\jre7\lib\images\cursors\backup.exe" C:\Program Files\Java\jre7\lib\images\cursors\9⤵PID:2160
-
-
-
C:\Program Files\Java\jre7\lib\jfr\backup.exe"C:\Program Files\Java\jre7\lib\jfr\backup.exe" C:\Program Files\Java\jre7\lib\jfr\8⤵PID:2564
-
-
C:\Program Files\Java\jre7\lib\management\backup.exe"C:\Program Files\Java\jre7\lib\management\backup.exe" C:\Program Files\Java\jre7\lib\management\8⤵PID:2680
-
-
C:\Program Files\Java\jre7\lib\security\backup.exe"C:\Program Files\Java\jre7\lib\security\backup.exe" C:\Program Files\Java\jre7\lib\security\8⤵PID:2872
-
-
C:\Program Files\Java\jre7\lib\zi\backup.exe"C:\Program Files\Java\jre7\lib\zi\backup.exe" C:\Program Files\Java\jre7\lib\zi\8⤵PID:2076
-
C:\Program Files\Java\jre7\lib\zi\Africa\backup.exe"C:\Program Files\Java\jre7\lib\zi\Africa\backup.exe" C:\Program Files\Java\jre7\lib\zi\Africa\9⤵PID:2288
-
-
C:\Program Files\Java\jre7\lib\zi\America\backup.exe"C:\Program Files\Java\jre7\lib\zi\America\backup.exe" C:\Program Files\Java\jre7\lib\zi\America\9⤵PID:1516
-
C:\Program Files\Java\jre7\lib\zi\America\Argentina\backup.exe"C:\Program Files\Java\jre7\lib\zi\America\Argentina\backup.exe" C:\Program Files\Java\jre7\lib\zi\America\Argentina\10⤵PID:3040
-
-
C:\Program Files\Java\jre7\lib\zi\America\Indiana\backup.exe"C:\Program Files\Java\jre7\lib\zi\America\Indiana\backup.exe" C:\Program Files\Java\jre7\lib\zi\America\Indiana\10⤵PID:2748
-
-
C:\Program Files\Java\jre7\lib\zi\America\Kentucky\backup.exe"C:\Program Files\Java\jre7\lib\zi\America\Kentucky\backup.exe" C:\Program Files\Java\jre7\lib\zi\America\Kentucky\10⤵PID:752
-
-
C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\System Restore.exe"C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\System Restore.exe" C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\10⤵
- Disables RegEdit via registry modification
PID:2276
-
-
-
C:\Program Files\Java\jre7\lib\zi\Antarctica\backup.exe"C:\Program Files\Java\jre7\lib\zi\Antarctica\backup.exe" C:\Program Files\Java\jre7\lib\zi\Antarctica\9⤵PID:2908
-
-
C:\Program Files\Java\jre7\lib\zi\Asia\backup.exe"C:\Program Files\Java\jre7\lib\zi\Asia\backup.exe" C:\Program Files\Java\jre7\lib\zi\Asia\9⤵PID:2180
-
-
C:\Program Files\Java\jre7\lib\zi\Atlantic\backup.exe"C:\Program Files\Java\jre7\lib\zi\Atlantic\backup.exe" C:\Program Files\Java\jre7\lib\zi\Atlantic\9⤵PID:1692
-
-
C:\Program Files\Java\jre7\lib\zi\Australia\backup.exe"C:\Program Files\Java\jre7\lib\zi\Australia\backup.exe" C:\Program Files\Java\jre7\lib\zi\Australia\9⤵PID:2896
-
-
C:\Program Files\Java\jre7\lib\zi\Etc\backup.exe"C:\Program Files\Java\jre7\lib\zi\Etc\backup.exe" C:\Program Files\Java\jre7\lib\zi\Etc\9⤵PID:2928
-
-
C:\Program Files\Java\jre7\lib\zi\Europe\backup.exe"C:\Program Files\Java\jre7\lib\zi\Europe\backup.exe" C:\Program Files\Java\jre7\lib\zi\Europe\9⤵PID:448
-
-
C:\Program Files\Java\jre7\lib\zi\Indian\System Restore.exe"C:\Program Files\Java\jre7\lib\zi\Indian\System Restore.exe" C:\Program Files\Java\jre7\lib\zi\Indian\9⤵PID:788
-
-
C:\Program Files\Java\jre7\lib\zi\Pacific\backup.exe"C:\Program Files\Java\jre7\lib\zi\Pacific\backup.exe" C:\Program Files\Java\jre7\lib\zi\Pacific\9⤵PID:736
-
-
C:\Program Files\Java\jre7\lib\zi\SystemV\backup.exe"C:\Program Files\Java\jre7\lib\zi\SystemV\backup.exe" C:\Program Files\Java\jre7\lib\zi\SystemV\9⤵PID:1724
-
-
-
-
-
-
C:\Program Files\Microsoft Games\backup.exe"C:\Program Files\Microsoft Games\backup.exe" C:\Program Files\Microsoft Games\5⤵PID:1844
-
C:\Program Files\Microsoft Games\Chess\backup.exe"C:\Program Files\Microsoft Games\Chess\backup.exe" C:\Program Files\Microsoft Games\Chess\6⤵
- Drops file in Program Files directory
PID:1832 -
C:\Program Files\Microsoft Games\Chess\de-DE\backup.exe"C:\Program Files\Microsoft Games\Chess\de-DE\backup.exe" C:\Program Files\Microsoft Games\Chess\de-DE\7⤵PID:2976
-
-
C:\Program Files\Microsoft Games\Chess\en-US\backup.exe"C:\Program Files\Microsoft Games\Chess\en-US\backup.exe" C:\Program Files\Microsoft Games\Chess\en-US\7⤵PID:2528
-
-
C:\Program Files\Microsoft Games\Chess\es-ES\backup.exe"C:\Program Files\Microsoft Games\Chess\es-ES\backup.exe" C:\Program Files\Microsoft Games\Chess\es-ES\7⤵PID:2556
-
-
C:\Program Files\Microsoft Games\Chess\fr-FR\backup.exe"C:\Program Files\Microsoft Games\Chess\fr-FR\backup.exe" C:\Program Files\Microsoft Games\Chess\fr-FR\7⤵
- Disables RegEdit via registry modification
PID:2716
-
-
C:\Program Files\Microsoft Games\Chess\it-IT\backup.exe"C:\Program Files\Microsoft Games\Chess\it-IT\backup.exe" C:\Program Files\Microsoft Games\Chess\it-IT\7⤵PID:2804
-
-
C:\Program Files\Microsoft Games\Chess\ja-JP\backup.exe"C:\Program Files\Microsoft Games\Chess\ja-JP\backup.exe" C:\Program Files\Microsoft Games\Chess\ja-JP\7⤵PID:2984
-
-
-
C:\Program Files\Microsoft Games\FreeCell\backup.exe"C:\Program Files\Microsoft Games\FreeCell\backup.exe" C:\Program Files\Microsoft Games\FreeCell\6⤵PID:1616
-
C:\Program Files\Microsoft Games\FreeCell\de-DE\backup.exe"C:\Program Files\Microsoft Games\FreeCell\de-DE\backup.exe" C:\Program Files\Microsoft Games\FreeCell\de-DE\7⤵PID:2968
-
-
C:\Program Files\Microsoft Games\FreeCell\en-US\backup.exe"C:\Program Files\Microsoft Games\FreeCell\en-US\backup.exe" C:\Program Files\Microsoft Games\FreeCell\en-US\7⤵PID:2692
-
-
C:\Program Files\Microsoft Games\FreeCell\es-ES\backup.exe"C:\Program Files\Microsoft Games\FreeCell\es-ES\backup.exe" C:\Program Files\Microsoft Games\FreeCell\es-ES\7⤵PID:1532
-
-
C:\Program Files\Microsoft Games\FreeCell\fr-FR\backup.exe"C:\Program Files\Microsoft Games\FreeCell\fr-FR\backup.exe" C:\Program Files\Microsoft Games\FreeCell\fr-FR\7⤵PID:1396
-
-
C:\Program Files\Microsoft Games\FreeCell\it-IT\backup.exe"C:\Program Files\Microsoft Games\FreeCell\it-IT\backup.exe" C:\Program Files\Microsoft Games\FreeCell\it-IT\7⤵PID:904
-
-
C:\Program Files\Microsoft Games\FreeCell\ja-JP\backup.exe"C:\Program Files\Microsoft Games\FreeCell\ja-JP\backup.exe" C:\Program Files\Microsoft Games\FreeCell\ja-JP\7⤵PID:1740
-
-
-
C:\Program Files\Microsoft Games\Hearts\backup.exe"C:\Program Files\Microsoft Games\Hearts\backup.exe" C:\Program Files\Microsoft Games\Hearts\6⤵PID:2944
-
C:\Program Files\Microsoft Games\Hearts\de-DE\backup.exe"C:\Program Files\Microsoft Games\Hearts\de-DE\backup.exe" C:\Program Files\Microsoft Games\Hearts\de-DE\7⤵PID:2480
-
-
C:\Program Files\Microsoft Games\Hearts\en-US\backup.exe"C:\Program Files\Microsoft Games\Hearts\en-US\backup.exe" C:\Program Files\Microsoft Games\Hearts\en-US\7⤵PID:960
-
-
C:\Program Files\Microsoft Games\Hearts\es-ES\backup.exe"C:\Program Files\Microsoft Games\Hearts\es-ES\backup.exe" C:\Program Files\Microsoft Games\Hearts\es-ES\7⤵PID:348
-
-
C:\Program Files\Microsoft Games\Hearts\fr-FR\backup.exe"C:\Program Files\Microsoft Games\Hearts\fr-FR\backup.exe" C:\Program Files\Microsoft Games\Hearts\fr-FR\7⤵PID:340
-
-
C:\Program Files\Microsoft Games\Hearts\it-IT\backup.exe"C:\Program Files\Microsoft Games\Hearts\it-IT\backup.exe" C:\Program Files\Microsoft Games\Hearts\it-IT\7⤵PID:2572
-
-
C:\Program Files\Microsoft Games\Hearts\ja-JP\backup.exe"C:\Program Files\Microsoft Games\Hearts\ja-JP\backup.exe" C:\Program Files\Microsoft Games\Hearts\ja-JP\7⤵PID:2200
-
-
-
C:\Program Files\Microsoft Games\Mahjong\System Restore.exe"C:\Program Files\Microsoft Games\Mahjong\System Restore.exe" C:\Program Files\Microsoft Games\Mahjong\6⤵PID:2652
-
C:\Program Files\Microsoft Games\Mahjong\de-DE\backup.exe"C:\Program Files\Microsoft Games\Mahjong\de-DE\backup.exe" C:\Program Files\Microsoft Games\Mahjong\de-DE\7⤵PID:2496
-
-
C:\Program Files\Microsoft Games\Mahjong\en-US\backup.exe"C:\Program Files\Microsoft Games\Mahjong\en-US\backup.exe" C:\Program Files\Microsoft Games\Mahjong\en-US\7⤵PID:2592
-
-
C:\Program Files\Microsoft Games\Mahjong\es-ES\System Restore.exe"C:\Program Files\Microsoft Games\Mahjong\es-ES\System Restore.exe" C:\Program Files\Microsoft Games\Mahjong\es-ES\7⤵PID:2668
-
-
C:\Program Files\Microsoft Games\Mahjong\fr-FR\backup.exe"C:\Program Files\Microsoft Games\Mahjong\fr-FR\backup.exe" C:\Program Files\Microsoft Games\Mahjong\fr-FR\7⤵PID:2192
-
-
C:\Program Files\Microsoft Games\Mahjong\it-IT\backup.exe"C:\Program Files\Microsoft Games\Mahjong\it-IT\backup.exe" C:\Program Files\Microsoft Games\Mahjong\it-IT\7⤵PID:2288
-
-
C:\Program Files\Microsoft Games\Mahjong\ja-JP\backup.exe"C:\Program Files\Microsoft Games\Mahjong\ja-JP\backup.exe" C:\Program Files\Microsoft Games\Mahjong\ja-JP\7⤵PID:2808
-
-
-
C:\Program Files\Microsoft Games\Minesweeper\backup.exe"C:\Program Files\Microsoft Games\Minesweeper\backup.exe" C:\Program Files\Microsoft Games\Minesweeper\6⤵PID:2972
-
C:\Program Files\Microsoft Games\Minesweeper\de-DE\backup.exe"C:\Program Files\Microsoft Games\Minesweeper\de-DE\backup.exe" C:\Program Files\Microsoft Games\Minesweeper\de-DE\7⤵PID:2924
-
-
C:\Program Files\Microsoft Games\Minesweeper\en-US\data.exe"C:\Program Files\Microsoft Games\Minesweeper\en-US\data.exe" C:\Program Files\Microsoft Games\Minesweeper\en-US\7⤵PID:1272
-
-
C:\Program Files\Microsoft Games\Minesweeper\es-ES\System Restore.exe"C:\Program Files\Microsoft Games\Minesweeper\es-ES\System Restore.exe" C:\Program Files\Microsoft Games\Minesweeper\es-ES\7⤵PID:1356
-
-
C:\Program Files\Microsoft Games\Minesweeper\fr-FR\backup.exe"C:\Program Files\Microsoft Games\Minesweeper\fr-FR\backup.exe" C:\Program Files\Microsoft Games\Minesweeper\fr-FR\7⤵PID:1496
-
-
C:\Program Files\Microsoft Games\Minesweeper\it-IT\data.exe"C:\Program Files\Microsoft Games\Minesweeper\it-IT\data.exe" C:\Program Files\Microsoft Games\Minesweeper\it-IT\7⤵
- Disables RegEdit via registry modification
PID:2028
-
-
C:\Program Files\Microsoft Games\Minesweeper\ja-JP\backup.exe"C:\Program Files\Microsoft Games\Minesweeper\ja-JP\backup.exe" C:\Program Files\Microsoft Games\Minesweeper\ja-JP\7⤵PID:860
-
-
-
C:\Program Files\Microsoft Games\More Games\backup.exe"C:\Program Files\Microsoft Games\More Games\backup.exe" C:\Program Files\Microsoft Games\More Games\6⤵PID:2776
-
C:\Program Files\Microsoft Games\More Games\de-DE\backup.exe"C:\Program Files\Microsoft Games\More Games\de-DE\backup.exe" C:\Program Files\Microsoft Games\More Games\de-DE\7⤵PID:1896
-
-
C:\Program Files\Microsoft Games\More Games\en-US\backup.exe"C:\Program Files\Microsoft Games\More Games\en-US\backup.exe" C:\Program Files\Microsoft Games\More Games\en-US\7⤵PID:332
-
-
C:\Program Files\Microsoft Games\More Games\es-ES\backup.exe"C:\Program Files\Microsoft Games\More Games\es-ES\backup.exe" C:\Program Files\Microsoft Games\More Games\es-ES\7⤵PID:532
-
-
C:\Program Files\Microsoft Games\More Games\fr-FR\backup.exe"C:\Program Files\Microsoft Games\More Games\fr-FR\backup.exe" C:\Program Files\Microsoft Games\More Games\fr-FR\7⤵PID:236
-
-
C:\Program Files\Microsoft Games\More Games\it-IT\backup.exe"C:\Program Files\Microsoft Games\More Games\it-IT\backup.exe" C:\Program Files\Microsoft Games\More Games\it-IT\7⤵PID:2224
-
-
C:\Program Files\Microsoft Games\More Games\ja-JP\backup.exe"C:\Program Files\Microsoft Games\More Games\ja-JP\backup.exe" C:\Program Files\Microsoft Games\More Games\ja-JP\7⤵PID:2064
-
-
-
C:\Program Files\Microsoft Games\Multiplayer\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\6⤵PID:1488
-
C:\Program Files\Microsoft Games\Multiplayer\Backgammon\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Backgammon\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Backgammon\7⤵PID:2584
-
C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\8⤵PID:2576
-
-
C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\8⤵PID:2752
-
-
C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\8⤵PID:2716
-
-
C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\8⤵PID:1188
-
-
C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\8⤵PID:492
-
-
C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\8⤵PID:1528
-
-
-
C:\Program Files\Microsoft Games\Multiplayer\Checkers\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Checkers\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Checkers\7⤵PID:2964
-
C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\8⤵PID:1996
-
-
C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\8⤵PID:1264
-
-
C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\8⤵PID:1356
-
-
C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\8⤵PID:1588
-
-
C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\8⤵PID:2700
-
-
C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\8⤵PID:1988
-
-
-
C:\Program Files\Microsoft Games\Multiplayer\Spades\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Spades\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Spades\7⤵
- Drops file in Program Files directory
PID:3052 -
C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\8⤵PID:2260
-
-
C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\8⤵
- Disables RegEdit via registry modification
PID:2292
-
-
C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\8⤵PID:340
-
-
C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\8⤵PID:1724
-
-
C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\8⤵PID:2200
-
-
C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\8⤵PID:2152
-
-
-
-
C:\Program Files\Microsoft Games\Purble Place\backup.exe"C:\Program Files\Microsoft Games\Purble Place\backup.exe" C:\Program Files\Microsoft Games\Purble Place\6⤵PID:2676
-
C:\Program Files\Microsoft Games\Purble Place\de-DE\backup.exe"C:\Program Files\Microsoft Games\Purble Place\de-DE\backup.exe" C:\Program Files\Microsoft Games\Purble Place\de-DE\7⤵PID:1772
-
-
C:\Program Files\Microsoft Games\Purble Place\en-US\backup.exe"C:\Program Files\Microsoft Games\Purble Place\en-US\backup.exe" C:\Program Files\Microsoft Games\Purble Place\en-US\7⤵PID:2576
-
-
C:\Program Files\Microsoft Games\Purble Place\es-ES\backup.exe"C:\Program Files\Microsoft Games\Purble Place\es-ES\backup.exe" C:\Program Files\Microsoft Games\Purble Place\es-ES\7⤵PID:2636
-
-
C:\Program Files\Microsoft Games\Purble Place\fr-FR\backup.exe"C:\Program Files\Microsoft Games\Purble Place\fr-FR\backup.exe" C:\Program Files\Microsoft Games\Purble Place\fr-FR\7⤵PID:2804
-
-
C:\Program Files\Microsoft Games\Purble Place\it-IT\backup.exe"C:\Program Files\Microsoft Games\Purble Place\it-IT\backup.exe" C:\Program Files\Microsoft Games\Purble Place\it-IT\7⤵PID:2288
-
-
C:\Program Files\Microsoft Games\Purble Place\ja-JP\backup.exe"C:\Program Files\Microsoft Games\Purble Place\ja-JP\backup.exe" C:\Program Files\Microsoft Games\Purble Place\ja-JP\7⤵PID:2388
-
-
-
C:\Program Files\Microsoft Games\Solitaire\backup.exe"C:\Program Files\Microsoft Games\Solitaire\backup.exe" C:\Program Files\Microsoft Games\Solitaire\6⤵PID:2332
-
C:\Program Files\Microsoft Games\Solitaire\de-DE\backup.exe"C:\Program Files\Microsoft Games\Solitaire\de-DE\backup.exe" C:\Program Files\Microsoft Games\Solitaire\de-DE\7⤵PID:1516
-
-
C:\Program Files\Microsoft Games\Solitaire\en-US\backup.exe"C:\Program Files\Microsoft Games\Solitaire\en-US\backup.exe" C:\Program Files\Microsoft Games\Solitaire\en-US\7⤵PID:948
-
-
C:\Program Files\Microsoft Games\Solitaire\es-ES\backup.exe"C:\Program Files\Microsoft Games\Solitaire\es-ES\backup.exe" C:\Program Files\Microsoft Games\Solitaire\es-ES\7⤵PID:1228
-
-
C:\Program Files\Microsoft Games\Solitaire\fr-FR\data.exe"C:\Program Files\Microsoft Games\Solitaire\fr-FR\data.exe" C:\Program Files\Microsoft Games\Solitaire\fr-FR\7⤵PID:1692
-
-
C:\Program Files\Microsoft Games\Solitaire\it-IT\backup.exe"C:\Program Files\Microsoft Games\Solitaire\it-IT\backup.exe" C:\Program Files\Microsoft Games\Solitaire\it-IT\7⤵PID:2604
-
-
C:\Program Files\Microsoft Games\Solitaire\ja-JP\backup.exe"C:\Program Files\Microsoft Games\Solitaire\ja-JP\backup.exe" C:\Program Files\Microsoft Games\Solitaire\ja-JP\7⤵PID:776
-
-
-
C:\Program Files\Microsoft Games\SpiderSolitaire\update.exe"C:\Program Files\Microsoft Games\SpiderSolitaire\update.exe" C:\Program Files\Microsoft Games\SpiderSolitaire\6⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
PID:2264 -
C:\Program Files\Microsoft Games\SpiderSolitaire\de-DE\backup.exe"C:\Program Files\Microsoft Games\SpiderSolitaire\de-DE\backup.exe" C:\Program Files\Microsoft Games\SpiderSolitaire\de-DE\7⤵PID:1716
-
-
C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\backup.exe"C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\backup.exe" C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\7⤵PID:348
-
-
C:\Program Files\Microsoft Games\SpiderSolitaire\es-ES\backup.exe"C:\Program Files\Microsoft Games\SpiderSolitaire\es-ES\backup.exe" C:\Program Files\Microsoft Games\SpiderSolitaire\es-ES\7⤵PID:2144
-
-
C:\Program Files\Microsoft Games\SpiderSolitaire\fr-FR\backup.exe"C:\Program Files\Microsoft Games\SpiderSolitaire\fr-FR\backup.exe" C:\Program Files\Microsoft Games\SpiderSolitaire\fr-FR\7⤵PID:2148
-
-
C:\Program Files\Microsoft Games\SpiderSolitaire\it-IT\backup.exe"C:\Program Files\Microsoft Games\SpiderSolitaire\it-IT\backup.exe" C:\Program Files\Microsoft Games\SpiderSolitaire\it-IT\7⤵PID:2612
-
-
C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\backup.exe"C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\backup.exe" C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\7⤵PID:3008
-
-
-
-
C:\Program Files\Microsoft Office\backup.exe"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\5⤵PID:2064
-
C:\Program Files\Microsoft Office\Office14\backup.exe"C:\Program Files\Microsoft Office\Office14\backup.exe" C:\Program Files\Microsoft Office\Office14\6⤵PID:2824
-
C:\Program Files\Microsoft Office\Office14\1033\backup.exe"C:\Program Files\Microsoft Office\Office14\1033\backup.exe" C:\Program Files\Microsoft Office\Office14\1033\7⤵PID:2528
-
-
-
-
C:\Program Files\Mozilla Firefox\backup.exe"C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\5⤵PID:2696
-
C:\Program Files\Mozilla Firefox\browser\backup.exe"C:\Program Files\Mozilla Firefox\browser\backup.exe" C:\Program Files\Mozilla Firefox\browser\6⤵PID:3048
-
C:\Program Files\Mozilla Firefox\browser\features\backup.exe"C:\Program Files\Mozilla Firefox\browser\features\backup.exe" C:\Program Files\Mozilla Firefox\browser\features\7⤵PID:2996
-
-
C:\Program Files\Mozilla Firefox\browser\VisualElements\backup.exe"C:\Program Files\Mozilla Firefox\browser\VisualElements\backup.exe" C:\Program Files\Mozilla Firefox\browser\VisualElements\7⤵PID:2584
-
-
-
C:\Program Files\Mozilla Firefox\defaults\backup.exe"C:\Program Files\Mozilla Firefox\defaults\backup.exe" C:\Program Files\Mozilla Firefox\defaults\6⤵
- Drops file in Program Files directory
PID:2500 -
C:\Program Files\Mozilla Firefox\defaults\pref\backup.exe"C:\Program Files\Mozilla Firefox\defaults\pref\backup.exe" C:\Program Files\Mozilla Firefox\defaults\pref\7⤵PID:1012
-
-
-
C:\Program Files\Mozilla Firefox\fonts\backup.exe"C:\Program Files\Mozilla Firefox\fonts\backup.exe" C:\Program Files\Mozilla Firefox\fonts\6⤵PID:2732
-
-
C:\Program Files\Mozilla Firefox\gmp-clearkey\backup.exe"C:\Program Files\Mozilla Firefox\gmp-clearkey\backup.exe" C:\Program Files\Mozilla Firefox\gmp-clearkey\6⤵PID:2172
-
C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\backup.exe"C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\backup.exe" C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\7⤵PID:2520
-
-
-
C:\Program Files\Mozilla Firefox\uninstall\update.exe"C:\Program Files\Mozilla Firefox\uninstall\update.exe" C:\Program Files\Mozilla Firefox\uninstall\6⤵PID:2236
-
-
-
C:\Program Files\MSBuild\backup.exe"C:\Program Files\MSBuild\backup.exe" C:\Program Files\MSBuild\5⤵PID:2412
-
C:\Program Files\MSBuild\Microsoft\backup.exe"C:\Program Files\MSBuild\Microsoft\backup.exe" C:\Program Files\MSBuild\Microsoft\6⤵PID:1896
-
C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\backup.exe"C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\backup.exe" C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\7⤵PID:2360
-
C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\backup.exe"C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\backup.exe" C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\8⤵PID:1472
-
-
C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\backup.exe"C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\backup.exe" C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\8⤵PID:2540
-
-
-
-
-
C:\Program Files\Reference Assemblies\backup.exe"C:\Program Files\Reference Assemblies\backup.exe" C:\Program Files\Reference Assemblies\5⤵PID:2068
-
C:\Program Files\Reference Assemblies\Microsoft\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\6⤵PID:1288
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\7⤵PID:2976
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\8⤵PID:3008
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\9⤵PID:1964
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\9⤵PID:3000
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\9⤵PID:2668
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\9⤵PID:2552
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\9⤵PID:2644
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\9⤵PID:2348
-
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\8⤵PID:2376
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\9⤵PID:2584
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\9⤵PID:2676
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\9⤵PID:1304
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\9⤵PID:2032
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\9⤵PID:1452
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\9⤵PID:2040
-
-
-
-
-
-
C:\Program Files\VideoLAN\data.exe"C:\Program Files\VideoLAN\data.exe" C:\Program Files\VideoLAN\5⤵PID:2604
-
C:\Program Files\VideoLAN\VLC\backup.exe"C:\Program Files\VideoLAN\VLC\backup.exe" C:\Program Files\VideoLAN\VLC\6⤵PID:536
-
C:\Program Files\VideoLAN\VLC\hrtfs\backup.exe"C:\Program Files\VideoLAN\VLC\hrtfs\backup.exe" C:\Program Files\VideoLAN\VLC\hrtfs\7⤵PID:2140
-
-
C:\Program Files\VideoLAN\VLC\locale\update.exe"C:\Program Files\VideoLAN\VLC\locale\update.exe" C:\Program Files\VideoLAN\VLC\locale\7⤵
- Drops file in Program Files directory
PID:668 -
C:\Program Files\VideoLAN\VLC\locale\ach\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ach\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ach\8⤵PID:2292
-
C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\9⤵PID:1776
-
-
-
C:\Program Files\VideoLAN\VLC\locale\af\backup.exe"C:\Program Files\VideoLAN\VLC\locale\af\backup.exe" C:\Program Files\VideoLAN\VLC\locale\af\8⤵PID:2100
-
C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\9⤵PID:2948
-
-
-
C:\Program Files\VideoLAN\VLC\locale\am\backup.exe"C:\Program Files\VideoLAN\VLC\locale\am\backup.exe" C:\Program Files\VideoLAN\VLC\locale\am\8⤵PID:2900
-
C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\9⤵PID:1992
-
-
-
C:\Program Files\VideoLAN\VLC\locale\am_ET\backup.exe"C:\Program Files\VideoLAN\VLC\locale\am_ET\backup.exe" C:\Program Files\VideoLAN\VLC\locale\am_ET\8⤵PID:2556
-
C:\Program Files\VideoLAN\VLC\locale\am_ET\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\am_ET\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\am_ET\LC_MESSAGES\9⤵PID:2356
-
-
-
C:\Program Files\VideoLAN\VLC\locale\an\backup.exe"C:\Program Files\VideoLAN\VLC\locale\an\backup.exe" C:\Program Files\VideoLAN\VLC\locale\an\8⤵PID:2636
-
C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\9⤵PID:1600
-
-
-
C:\Program Files\VideoLAN\VLC\locale\ar\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ar\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ar\8⤵PID:2868
-
C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\9⤵PID:1564
-
-
-
C:\Program Files\VideoLAN\VLC\locale\as_IN\backup.exe"C:\Program Files\VideoLAN\VLC\locale\as_IN\backup.exe" C:\Program Files\VideoLAN\VLC\locale\as_IN\8⤵PID:2676
-
C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\9⤵PID:2684
-
-
-
C:\Program Files\VideoLAN\VLC\locale\ast\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ast\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ast\8⤵PID:1544
-
C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\9⤵PID:2960
-
-
-
C:\Program Files\VideoLAN\VLC\locale\be\backup.exe"C:\Program Files\VideoLAN\VLC\locale\be\backup.exe" C:\Program Files\VideoLAN\VLC\locale\be\8⤵PID:2408
-
C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\9⤵PID:2944
-
-
-
C:\Program Files\VideoLAN\VLC\locale\bg\backup.exe"C:\Program Files\VideoLAN\VLC\locale\bg\backup.exe" C:\Program Files\VideoLAN\VLC\locale\bg\8⤵PID:1428
-
C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\9⤵PID:1824
-
-
-
C:\Program Files\VideoLAN\VLC\locale\bn\backup.exe"C:\Program Files\VideoLAN\VLC\locale\bn\backup.exe" C:\Program Files\VideoLAN\VLC\locale\bn\8⤵PID:2076
-
C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\9⤵PID:2360
-
-
-
C:\Program Files\VideoLAN\VLC\locale\bn_IN\backup.exe"C:\Program Files\VideoLAN\VLC\locale\bn_IN\backup.exe" C:\Program Files\VideoLAN\VLC\locale\bn_IN\8⤵PID:2128
-
C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\9⤵PID:2660
-
-
-
C:\Program Files\VideoLAN\VLC\locale\br\backup.exe"C:\Program Files\VideoLAN\VLC\locale\br\backup.exe" C:\Program Files\VideoLAN\VLC\locale\br\8⤵PID:1636
-
C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\9⤵PID:3068
-
-
-
C:\Program Files\VideoLAN\VLC\locale\brx\backup.exe"C:\Program Files\VideoLAN\VLC\locale\brx\backup.exe" C:\Program Files\VideoLAN\VLC\locale\brx\8⤵PID:3000
-
C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\9⤵PID:2592
-
-
-
C:\Program Files\VideoLAN\VLC\locale\bs\backup.exe"C:\Program Files\VideoLAN\VLC\locale\bs\backup.exe" C:\Program Files\VideoLAN\VLC\locale\bs\8⤵PID:2216
-
C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\9⤵PID:1344
-
-
-
C:\Program Files\VideoLAN\VLC\locale\ca\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ca\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ca\8⤵PID:2024
-
C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\9⤵
- System policy modification
PID:1240
-
-
-
C:\Program Files\VideoLAN\VLC\locale\ca@valencia\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ca@valencia\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ca@valencia\8⤵PID:1576
-
C:\Program Files\VideoLAN\VLC\locale\ca@valencia\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ca@valencia\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ca@valencia\LC_MESSAGES\9⤵PID:2908
-
-
-
C:\Program Files\VideoLAN\VLC\locale\cgg\backup.exe"C:\Program Files\VideoLAN\VLC\locale\cgg\backup.exe" C:\Program Files\VideoLAN\VLC\locale\cgg\8⤵PID:2932
-
C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\9⤵PID:2940
-
-
-
C:\Program Files\VideoLAN\VLC\locale\co\backup.exe"C:\Program Files\VideoLAN\VLC\locale\co\backup.exe" C:\Program Files\VideoLAN\VLC\locale\co\8⤵PID:2972
-
C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\9⤵PID:2928
-
-
-
C:\Program Files\VideoLAN\VLC\locale\cs\backup.exe"C:\Program Files\VideoLAN\VLC\locale\cs\backup.exe" C:\Program Files\VideoLAN\VLC\locale\cs\8⤵PID:900
-
C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\9⤵PID:1584
-
-
-
C:\Program Files\VideoLAN\VLC\locale\cy\System Restore.exe"C:\Program Files\VideoLAN\VLC\locale\cy\System Restore.exe" C:\Program Files\VideoLAN\VLC\locale\cy\8⤵PID:1776
-
C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\9⤵PID:2076
-
-
-
C:\Program Files\VideoLAN\VLC\locale\da\System Restore.exe"C:\Program Files\VideoLAN\VLC\locale\da\System Restore.exe" C:\Program Files\VideoLAN\VLC\locale\da\8⤵PID:1968
-
C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\9⤵PID:1016
-
-
-
C:\Program Files\VideoLAN\VLC\locale\de\backup.exe"C:\Program Files\VideoLAN\VLC\locale\de\backup.exe" C:\Program Files\VideoLAN\VLC\locale\de\8⤵PID:880
-
C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\9⤵PID:2640
-
-
-
C:\Program Files\VideoLAN\VLC\locale\el\backup.exe"C:\Program Files\VideoLAN\VLC\locale\el\backup.exe" C:\Program Files\VideoLAN\VLC\locale\el\8⤵PID:1944
-
C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\9⤵PID:1936
-
-
-
C:\Program Files\VideoLAN\VLC\locale\en_GB\backup.exe"C:\Program Files\VideoLAN\VLC\locale\en_GB\backup.exe" C:\Program Files\VideoLAN\VLC\locale\en_GB\8⤵PID:1608
-
C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\9⤵PID:988
-
-
-
C:\Program Files\VideoLAN\VLC\locale\eo\backup.exe"C:\Program Files\VideoLAN\VLC\locale\eo\backup.exe" C:\Program Files\VideoLAN\VLC\locale\eo\8⤵PID:2416
-
C:\Program Files\VideoLAN\VLC\locale\eo\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\eo\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\eo\LC_MESSAGES\9⤵PID:2764
-
-
-
C:\Program Files\VideoLAN\VLC\locale\es\backup.exe"C:\Program Files\VideoLAN\VLC\locale\es\backup.exe" C:\Program Files\VideoLAN\VLC\locale\es\8⤵
- System policy modification
PID:1496 -
C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\9⤵PID:2732
-
-
-
C:\Program Files\VideoLAN\VLC\locale\es_MX\backup.exe"C:\Program Files\VideoLAN\VLC\locale\es_MX\backup.exe" C:\Program Files\VideoLAN\VLC\locale\es_MX\8⤵
- Disables RegEdit via registry modification
PID:2040 -
C:\Program Files\VideoLAN\VLC\locale\es_MX\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\es_MX\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\es_MX\LC_MESSAGES\9⤵PID:2968
-
-
-
C:\Program Files\VideoLAN\VLC\locale\et\backup.exe"C:\Program Files\VideoLAN\VLC\locale\et\backup.exe" C:\Program Files\VideoLAN\VLC\locale\et\8⤵
- Disables RegEdit via registry modification
PID:1204 -
C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\9⤵PID:1288
-
-
-
C:\Program Files\VideoLAN\VLC\locale\eu\backup.exe"C:\Program Files\VideoLAN\VLC\locale\eu\backup.exe" C:\Program Files\VideoLAN\VLC\locale\eu\8⤵PID:1652
-
C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\9⤵PID:1032
-
-
-
C:\Program Files\VideoLAN\VLC\locale\fa\backup.exe"C:\Program Files\VideoLAN\VLC\locale\fa\backup.exe" C:\Program Files\VideoLAN\VLC\locale\fa\8⤵
- Drops file in Program Files directory
PID:2224 -
C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\9⤵PID:932
-
-
-
C:\Program Files\VideoLAN\VLC\locale\ff\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ff\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ff\8⤵PID:1872
-
C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\9⤵PID:1628
-
-
-
C:\Program Files\VideoLAN\VLC\locale\fi\backup.exe"C:\Program Files\VideoLAN\VLC\locale\fi\backup.exe" C:\Program Files\VideoLAN\VLC\locale\fi\8⤵PID:3056
-
C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\9⤵PID:1636
-
-
-
C:\Program Files\VideoLAN\VLC\locale\fr\backup.exe"C:\Program Files\VideoLAN\VLC\locale\fr\backup.exe" C:\Program Files\VideoLAN\VLC\locale\fr\8⤵PID:1624
-
C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\9⤵PID:2348
-
-
-
C:\Program Files\VideoLAN\VLC\locale\fur\backup.exe"C:\Program Files\VideoLAN\VLC\locale\fur\backup.exe" C:\Program Files\VideoLAN\VLC\locale\fur\8⤵PID:988
-
C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\9⤵PID:2516
-
-
-
C:\Program Files\VideoLAN\VLC\locale\fy\backup.exe"C:\Program Files\VideoLAN\VLC\locale\fy\backup.exe" C:\Program Files\VideoLAN\VLC\locale\fy\8⤵PID:948
-
C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\9⤵PID:1192
-
-
-
C:\Program Files\VideoLAN\VLC\locale\ga\update.exe"C:\Program Files\VideoLAN\VLC\locale\ga\update.exe" C:\Program Files\VideoLAN\VLC\locale\ga\8⤵PID:1576
-
C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\9⤵PID:2340
-
-
-
C:\Program Files\VideoLAN\VLC\locale\gd\data.exe"C:\Program Files\VideoLAN\VLC\locale\gd\data.exe" C:\Program Files\VideoLAN\VLC\locale\gd\8⤵PID:2044
-
C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\9⤵PID:2408
-
-
-
C:\Program Files\VideoLAN\VLC\locale\gl\backup.exe"C:\Program Files\VideoLAN\VLC\locale\gl\backup.exe" C:\Program Files\VideoLAN\VLC\locale\gl\8⤵PID:2744
-
C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\9⤵PID:236
-
-
-
C:\Program Files\VideoLAN\VLC\locale\gu\backup.exe"C:\Program Files\VideoLAN\VLC\locale\gu\backup.exe" C:\Program Files\VideoLAN\VLC\locale\gu\8⤵PID:1896
-
C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\9⤵PID:3052
-
-
-
C:\Program Files\VideoLAN\VLC\locale\he\backup.exe"C:\Program Files\VideoLAN\VLC\locale\he\backup.exe" C:\Program Files\VideoLAN\VLC\locale\he\8⤵PID:1096
-
C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\9⤵PID:2536
-
-
-
C:\Program Files\VideoLAN\VLC\locale\hi\backup.exe"C:\Program Files\VideoLAN\VLC\locale\hi\backup.exe" C:\Program Files\VideoLAN\VLC\locale\hi\8⤵PID:2872
-
C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\9⤵PID:2620
-
-
-
C:\Program Files\VideoLAN\VLC\locale\hr\backup.exe"C:\Program Files\VideoLAN\VLC\locale\hr\backup.exe" C:\Program Files\VideoLAN\VLC\locale\hr\8⤵PID:2804
-
C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\9⤵PID:2636
-
-
-
C:\Program Files\VideoLAN\VLC\locale\hu\backup.exe"C:\Program Files\VideoLAN\VLC\locale\hu\backup.exe" C:\Program Files\VideoLAN\VLC\locale\hu\8⤵PID:1860
-
C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\9⤵PID:1364
-
-
-
C:\Program Files\VideoLAN\VLC\locale\hy\backup.exe"C:\Program Files\VideoLAN\VLC\locale\hy\backup.exe" C:\Program Files\VideoLAN\VLC\locale\hy\8⤵PID:320
-
C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\9⤵PID:2440
-
-
-
C:\Program Files\VideoLAN\VLC\locale\id\backup.exe"C:\Program Files\VideoLAN\VLC\locale\id\backup.exe" C:\Program Files\VideoLAN\VLC\locale\id\8⤵PID:2512
-
C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\9⤵PID:2864
-
-
-
C:\Program Files\VideoLAN\VLC\locale\ie\update.exe"C:\Program Files\VideoLAN\VLC\locale\ie\update.exe" C:\Program Files\VideoLAN\VLC\locale\ie\8⤵PID:2940
-
C:\Program Files\VideoLAN\VLC\locale\ie\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ie\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ie\LC_MESSAGES\9⤵PID:2040
-
-
-
C:\Program Files\VideoLAN\VLC\locale\is\backup.exe"C:\Program Files\VideoLAN\VLC\locale\is\backup.exe" C:\Program Files\VideoLAN\VLC\locale\is\8⤵PID:1540
-
C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\9⤵PID:2768
-
-
-
C:\Program Files\VideoLAN\VLC\locale\it\data.exe"C:\Program Files\VideoLAN\VLC\locale\it\data.exe" C:\Program Files\VideoLAN\VLC\locale\it\8⤵PID:236
-
C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\9⤵
- System policy modification
PID:2328
-
-
-
C:\Program Files\VideoLAN\VLC\locale\ja\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ja\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ja\8⤵PID:932
-
C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\9⤵PID:1416
-
-
-
C:\Program Files\VideoLAN\VLC\locale\ka\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ka\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ka\8⤵PID:1464
-
C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\9⤵PID:564
-
-
-
C:\Program Files\VideoLAN\VLC\locale\kab\backup.exe"C:\Program Files\VideoLAN\VLC\locale\kab\backup.exe" C:\Program Files\VideoLAN\VLC\locale\kab\8⤵PID:2216
-
C:\Program Files\VideoLAN\VLC\locale\kab\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\kab\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\kab\LC_MESSAGES\9⤵PID:2240
-
-
-
C:\Program Files\VideoLAN\VLC\locale\kk\backup.exe"C:\Program Files\VideoLAN\VLC\locale\kk\backup.exe" C:\Program Files\VideoLAN\VLC\locale\kk\8⤵PID:2756
-
C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\9⤵PID:1664
-
-
-
C:\Program Files\VideoLAN\VLC\locale\km\backup.exe"C:\Program Files\VideoLAN\VLC\locale\km\backup.exe" C:\Program Files\VideoLAN\VLC\locale\km\8⤵PID:2764
-
C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\9⤵PID:2980
-
-
-
C:\Program Files\VideoLAN\VLC\locale\kn\backup.exe"C:\Program Files\VideoLAN\VLC\locale\kn\backup.exe" C:\Program Files\VideoLAN\VLC\locale\kn\8⤵
- Drops file in Program Files directory
PID:1184 -
C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\9⤵PID:2572
-
-
-
C:\Program Files\VideoLAN\VLC\locale\ko\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ko\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ko\8⤵PID:892
-
C:\Program Files\VideoLAN\VLC\locale\ko\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ko\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ko\LC_MESSAGES\9⤵PID:2092
-
-
-
C:\Program Files\VideoLAN\VLC\locale\ks_IN\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ks_IN\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ks_IN\8⤵PID:2244
-
C:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\9⤵
- Disables RegEdit via registry modification
PID:2060
-
-
-
C:\Program Files\VideoLAN\VLC\locale\ku_IQ\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ku_IQ\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ku_IQ\8⤵PID:2288
-
C:\Program Files\VideoLAN\VLC\locale\ku_IQ\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ku_IQ\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ku_IQ\LC_MESSAGES\9⤵PID:1344
-
-
-
C:\Program Files\VideoLAN\VLC\locale\ky\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ky\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ky\8⤵PID:2024
-
C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\9⤵PID:1888
-
-
-
C:\Program Files\VideoLAN\VLC\locale\lg\backup.exe"C:\Program Files\VideoLAN\VLC\locale\lg\backup.exe" C:\Program Files\VideoLAN\VLC\locale\lg\8⤵PID:2888
-
C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\9⤵PID:2100
-
-
-
C:\Program Files\VideoLAN\VLC\locale\lo\backup.exe"C:\Program Files\VideoLAN\VLC\locale\lo\backup.exe" C:\Program Files\VideoLAN\VLC\locale\lo\8⤵PID:2136
-
C:\Program Files\VideoLAN\VLC\locale\lo\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\lo\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\lo\LC_MESSAGES\9⤵PID:2428
-
-
-
C:\Program Files\VideoLAN\VLC\locale\lt\backup.exe"C:\Program Files\VideoLAN\VLC\locale\lt\backup.exe" C:\Program Files\VideoLAN\VLC\locale\lt\8⤵PID:2332
-
C:\Program Files\VideoLAN\VLC\locale\lt\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\lt\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\lt\LC_MESSAGES\9⤵PID:2152
-
-
-
C:\Program Files\VideoLAN\VLC\locale\lv\backup.exe"C:\Program Files\VideoLAN\VLC\locale\lv\backup.exe" C:\Program Files\VideoLAN\VLC\locale\lv\8⤵PID:1484
-
C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\9⤵PID:2004
-
-
-
C:\Program Files\VideoLAN\VLC\locale\mai\backup.exe"C:\Program Files\VideoLAN\VLC\locale\mai\backup.exe" C:\Program Files\VideoLAN\VLC\locale\mai\8⤵PID:2212
-
C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\9⤵PID:492
-
-
-
C:\Program Files\VideoLAN\VLC\locale\mk\backup.exe"C:\Program Files\VideoLAN\VLC\locale\mk\backup.exe" C:\Program Files\VideoLAN\VLC\locale\mk\8⤵PID:1660
-
C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\9⤵PID:2028
-
-
-
C:\Program Files\VideoLAN\VLC\locale\ml\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ml\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ml\8⤵PID:2532
-
C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\9⤵PID:656
-
-
-
C:\Program Files\VideoLAN\VLC\locale\mn\backup.exe"C:\Program Files\VideoLAN\VLC\locale\mn\backup.exe" C:\Program Files\VideoLAN\VLC\locale\mn\8⤵
- Drops file in Program Files directory
PID:1288 -
C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\9⤵PID:2744
-
-
-
C:\Program Files\VideoLAN\VLC\locale\mr\backup.exe"C:\Program Files\VideoLAN\VLC\locale\mr\backup.exe" C:\Program Files\VideoLAN\VLC\locale\mr\8⤵PID:2484
-
C:\Program Files\VideoLAN\VLC\locale\mr\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\mr\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\mr\LC_MESSAGES\9⤵PID:1968
-
-
-
C:\Program Files\VideoLAN\VLC\locale\ms\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ms\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ms\8⤵PID:2568
-
C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\9⤵PID:2656
-
-
-
C:\Program Files\VideoLAN\VLC\locale\my\data.exe"C:\Program Files\VideoLAN\VLC\locale\my\data.exe" C:\Program Files\VideoLAN\VLC\locale\my\8⤵PID:2840
-
C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\9⤵PID:1344
-
-
-
C:\Program Files\VideoLAN\VLC\locale\nb\backup.exe"C:\Program Files\VideoLAN\VLC\locale\nb\backup.exe" C:\Program Files\VideoLAN\VLC\locale\nb\8⤵PID:332
-
C:\Program Files\VideoLAN\VLC\locale\nb\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\nb\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\nb\LC_MESSAGES\9⤵PID:1664
-
-
-
C:\Program Files\VideoLAN\VLC\locale\ne\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ne\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ne\8⤵PID:2348
-
C:\Program Files\VideoLAN\VLC\locale\ne\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ne\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ne\LC_MESSAGES\9⤵PID:2580
-
-
-
C:\Program Files\VideoLAN\VLC\locale\nl\backup.exe"C:\Program Files\VideoLAN\VLC\locale\nl\backup.exe" C:\Program Files\VideoLAN\VLC\locale\nl\8⤵PID:2972
-
C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\9⤵PID:2312
-
-
-
C:\Program Files\VideoLAN\VLC\locale\nn\backup.exe"C:\Program Files\VideoLAN\VLC\locale\nn\backup.exe" C:\Program Files\VideoLAN\VLC\locale\nn\8⤵PID:2768
-
-
-
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
- Drops file in Program Files directory
PID:316 -
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵PID:2348
-
C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵PID:3016
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵PID:3060
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵PID:2628
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\8⤵PID:2808
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\8⤵PID:2304
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\8⤵PID:1936
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\8⤵PID:2560
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\9⤵PID:1236
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\8⤵PID:1396
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\8⤵PID:1544
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\9⤵PID:2028
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\8⤵PID:2884
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\8⤵
- Drops file in Program Files directory
PID:1864 -
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\9⤵PID:1716
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\10⤵PID:1428
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\9⤵PID:2380
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\10⤵PID:932
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\11⤵PID:1920
-
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\9⤵PID:1880
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\10⤵PID:112
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\9⤵PID:1464
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\10⤵PID:1992
-
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\8⤵PID:3012
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\9⤵PID:2636
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\8⤵PID:1608
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\8⤵PID:2972
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵PID:2752
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\8⤵PID:2764
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\9⤵PID:1888
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\8⤵PID:2404
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\8⤵PID:2360
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\9⤵PID:276
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\9⤵PID:2264
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\10⤵PID:532
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\11⤵PID:2108
-
-
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\8⤵PID:888
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\8⤵PID:2244
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\9⤵PID:564
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\10⤵PID:2092
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\10⤵PID:988
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\11⤵PID:2980
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\11⤵PID:2504
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\11⤵PID:2952
-
-
-
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵PID:2720
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\8⤵PID:2436
-
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵PID:2312
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵PID:2604
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵PID:2472
-
-
C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\7⤵PID:2532
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\8⤵PID:1256
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9⤵PID:2404
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\10⤵PID:2340
-
-
-
-
-
C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Updater6\7⤵PID:276
-
-
-
C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\6⤵PID:1552
-
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\Versions\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\Versions\7⤵PID:1096
-
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\8⤵PID:2744
-
-
-
-
C:\Program Files (x86)\Common Files\DESIGNER\backup.exe"C:\Program Files (x86)\Common Files\DESIGNER\backup.exe" C:\Program Files (x86)\Common Files\DESIGNER\6⤵PID:592
-
-
C:\Program Files (x86)\Common Files\microsoft shared\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\6⤵
- Drops file in Program Files directory
PID:1676 -
C:\Program Files (x86)\Common Files\microsoft shared\DAO\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\DAO\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\DAO\7⤵PID:1288
-
-
C:\Program Files (x86)\Common Files\microsoft shared\DW\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\DW\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\DW\7⤵PID:892
-
-
C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\7⤵PID:3000
-
C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\1033\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\1033\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\1033\8⤵PID:1712
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\EURO\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\EURO\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\EURO\7⤵PID:3064
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Filters\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Filters\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Filters\7⤵PID:1892
-
-
C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\7⤵PID:1624
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\7⤵PID:2580
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\8⤵PID:2216
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\8⤵PID:2516
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\8⤵PID:2748
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\8⤵PID:2188
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\8⤵PID:2764
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\8⤵PID:1680
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\update.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\update.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\8⤵PID:2428
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\8⤵PID:2904
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\8⤵PID:2896
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\System Restore.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\System Restore.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\8⤵PID:2140
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\System Restore.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\System Restore.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\8⤵PID:1536
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\7⤵PID:3048
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\1.0\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\1.0\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\1.0\8⤵PID:1032
-
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\8⤵PID:1504
-
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\8⤵PID:2396
-
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\8⤵PID:3008
-
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\8⤵PID:2796
-
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\8⤵PID:1992
-
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\HWRCustomization\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\HWRCustomization\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\HWRCustomization\8⤵PID:2528
-
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\it-IT\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\it-IT\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\it-IT\8⤵PID:2840
-
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\8⤵PID:2436
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\MSClientDataMgr\System Restore.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSClientDataMgr\System Restore.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSClientDataMgr\7⤵PID:2376
-
-
C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\7⤵PID:2880
-
C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\PublicAssemblies\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\PublicAssemblies\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\PublicAssemblies\8⤵
- System policy modification
PID:2920
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\7⤵PID:1848
-
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\de-DE\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\de-DE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\de-DE\8⤵PID:2732
-
-
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\en-US\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\en-US\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\en-US\8⤵PID:2512
-
-
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\es-ES\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\es-ES\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\es-ES\8⤵PID:2016
-
-
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\fr-FR\8⤵PID:808
-
-
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\it-IT\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\it-IT\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\it-IT\8⤵PID:1260
-
-
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\ja-JP\8⤵PID:2124
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\7⤵PID:2204
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\8⤵PID:1652
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\8⤵PID:2324
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\8⤵PID:804
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Access.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Access.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Access.en-us\9⤵PID:1632
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Excel.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Excel.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Excel.en-us\9⤵PID:2064
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Groove.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Groove.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Groove.en-us\9⤵
- Modifies visibility of file extensions in Explorer
PID:2816
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\InfoPath.en-us\System Restore.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\InfoPath.en-us\System Restore.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\InfoPath.en-us\9⤵PID:1992
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\9⤵PID:2668
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.en-us\9⤵PID:2712
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.WW\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.WW\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.WW\9⤵PID:2720
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\OneNote.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\OneNote.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\OneNote.en-us\9⤵PID:1608
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Outlook.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Outlook.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Outlook.en-us\9⤵PID:2500
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\9⤵PID:1700
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.en\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.en\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.en\9⤵PID:2120
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.es\System Restore.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.es\System Restore.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.es\9⤵PID:2908
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.fr\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.fr\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.fr\9⤵PID:2180
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proofing.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proofing.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proofing.en-us\9⤵PID:2780
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PROPLUS\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PROPLUS\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PROPLUS\9⤵PID:996
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Publisher.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Publisher.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Publisher.en-us\9⤵PID:536
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Word.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Word.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Word.en-us\9⤵PID:1824
-
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\7⤵PID:2580
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Portal\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Portal\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Portal\7⤵PID:2836
-
C:\Program Files (x86)\Common Files\microsoft shared\Portal\1033\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Portal\1033\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Portal\1033\8⤵PID:1960
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\PROOF\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\PROOF\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\PROOF\7⤵PID:1288
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\7⤵PID:2004
-
C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\1033\update.exe"C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\1033\update.exe" C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\1033\8⤵PID:1636
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\8⤵PID:308
-
C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\1033\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\1033\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\1033\9⤵PID:1628
-
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\7⤵PID:1444
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Stationery\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Stationery\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Stationery\7⤵PID:1668
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TextConv\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TextConv\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\7⤵
- Drops file in Program Files directory
PID:3016 -
C:\Program Files (x86)\Common Files\microsoft shared\TextConv\de-DE\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TextConv\de-DE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\de-DE\8⤵PID:2720
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TextConv\en-US\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TextConv\en-US\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\en-US\8⤵PID:1240
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TextConv\es-ES\data.exe"C:\Program Files (x86)\Common Files\microsoft shared\TextConv\es-ES\data.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\es-ES\8⤵PID:2440
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TextConv\fr-FR\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TextConv\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\fr-FR\8⤵PID:2276
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TextConv\it-IT\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TextConv\it-IT\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\it-IT\8⤵PID:1264
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TextConv\ja-JP\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TextConv\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\ja-JP\8⤵PID:904
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\8⤵PID:1252
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\7⤵
- Drops file in Program Files directory
PID:1980 -
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AFTRNOON\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AFTRNOON\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AFTRNOON\8⤵PID:2784
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ARCTIC\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ARCTIC\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ARCTIC\8⤵PID:2332
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AXIS\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AXIS\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AXIS\8⤵PID:1184
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLENDS\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLENDS\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLENDS\8⤵PID:1688
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\8⤵PID:2100
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUEPRNT\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUEPRNT\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUEPRNT\8⤵PID:764
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BOLDSTRI\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BOLDSTRI\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BOLDSTRI\8⤵PID:2156
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BREEZE\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BREEZE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BREEZE\8⤵PID:1636
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CANYON\System Restore.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CANYON\System Restore.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CANYON\8⤵PID:2536
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CAPSULES\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CAPSULES\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CAPSULES\8⤵PID:2640
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CASCADE\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CASCADE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CASCADE\8⤵PID:2620
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\COMPASS\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\COMPASS\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\COMPASS\8⤵PID:1500
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CONCRETE\System Restore.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CONCRETE\System Restore.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CONCRETE\8⤵PID:2592
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\DEEPBLUE\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\DEEPBLUE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\DEEPBLUE\8⤵PID:2792
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECHO\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECHO\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECHO\8⤵PID:2304
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECLIPSE\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECLIPSE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECLIPSE\8⤵PID:2672
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EDGE\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EDGE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EDGE\8⤵PID:2508
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EVRGREEN\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EVRGREEN\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EVRGREEN\8⤵PID:1000
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EXPEDITN\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EXPEDITN\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EXPEDITN\8⤵PID:2276
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ICE\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ICE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ICE\8⤵PID:2732
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\INDUST\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\INDUST\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\INDUST\8⤵PID:1120
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\IRIS\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\IRIS\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\IRIS\8⤵PID:808
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\JOURNAL\data.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\JOURNAL\data.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\JOURNAL\8⤵PID:2172
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LAYERS\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LAYERS\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LAYERS\8⤵PID:2108
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LEVEL\data.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LEVEL\data.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LEVEL\8⤵PID:2744
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\NETWORK\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\NETWORK\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\NETWORK\8⤵PID:1096
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PAPYRUS\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PAPYRUS\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PAPYRUS\8⤵PID:348
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PIXEL\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PIXEL\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PIXEL\8⤵PID:1960
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PROFILE\data.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PROFILE\data.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PROFILE\8⤵PID:2224
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\QUAD\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\QUAD\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\QUAD\8⤵PID:112
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RADIAL\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RADIAL\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RADIAL\8⤵PID:2680
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\REFINED\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\REFINED\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\REFINED\8⤵PID:2632
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RICEPAPR\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RICEPAPR\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RICEPAPR\8⤵PID:564
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RIPPLE\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RIPPLE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RIPPLE\8⤵PID:2192
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RMNSQUE\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RMNSQUE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RMNSQUE\8⤵PID:2436
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SATIN\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SATIN\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SATIN\8⤵PID:1188
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SKY\data.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SKY\data.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SKY\8⤵PID:2212
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SLATE\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SLATE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SLATE\8⤵PID:2240
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SONORA\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SONORA\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SONORA\8⤵PID:2440
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SPRING\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SPRING\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SPRING\8⤵PID:1000
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\STRTEDGE\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\STRTEDGE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\STRTEDGE\8⤵PID:2908
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\STUDIO\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\STUDIO\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\STUDIO\8⤵PID:2456
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SUMIPNTG\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SUMIPNTG\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SUMIPNTG\8⤵PID:904
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATER\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATER\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATER\8⤵
- Modifies visibility of file extensions in Explorer
PID:2376
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATERMAR\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATERMAR\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATERMAR\8⤵PID:2964
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\7⤵PID:2084
-
C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ARFR\data.exe"C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ARFR\data.exe" C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ARFR\8⤵PID:332
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENES\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENES\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENES\8⤵
- System policy modification
PID:1652
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENFR\update.exe"C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENFR\update.exe" C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENFR\8⤵PID:2772
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ESEN\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ESEN\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ESEN\8⤵PID:340
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\FRAR\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\FRAR\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\FRAR\8⤵PID:2148
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\FREN\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\FREN\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\FREN\8⤵PID:2052
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Triedit\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Triedit\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Triedit\7⤵PID:2728
-
C:\Program Files (x86)\Common Files\microsoft shared\Triedit\de-DE\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Triedit\de-DE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Triedit\de-DE\8⤵PID:1696
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Triedit\en-US\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Triedit\en-US\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Triedit\en-US\8⤵PID:2116
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Triedit\es-ES\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Triedit\es-ES\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Triedit\es-ES\8⤵PID:2528
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Triedit\fr-FR\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Triedit\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Triedit\fr-FR\8⤵PID:2804
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Triedit\it-IT\update.exe"C:\Program Files (x86)\Common Files\microsoft shared\Triedit\it-IT\update.exe" C:\Program Files (x86)\Common Files\microsoft shared\Triedit\it-IT\8⤵PID:2304
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Triedit\ja-JP\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Triedit\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Triedit\ja-JP\8⤵PID:2808
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\VBA\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\VBA\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\VBA\7⤵PID:2748
-
C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA6\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA6\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA6\8⤵PID:1436
-
-
C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA7\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA7\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA7\8⤵PID:1516
-
C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA7\1033\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA7\1033\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA7\1033\9⤵PID:1580
-
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\VC\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\VC\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\VC\7⤵PID:1356
-
-
C:\Program Files (x86)\Common Files\microsoft shared\VGX\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\VGX\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\VGX\7⤵PID:1256
-
-
C:\Program Files (x86)\Common Files\microsoft shared\VSTA\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\VSTA\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\VSTA\7⤵PID:1740
-
C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\8⤵PID:656
-
C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\x86\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\x86\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\x86\9⤵PID:2420
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\8⤵PID:1988
-
C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\9⤵PID:2744
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\8⤵PID:1096
-
C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInSideAdapters\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInSideAdapters\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInSideAdapters\9⤵PID:1032
-
-
C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInViews\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInViews\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInViews\9⤵PID:1960
-
-
C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\9⤵PID:1420
-
-
C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\HostSideAdapters\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\HostSideAdapters\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\HostSideAdapters\9⤵PID:2548
-
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\VSTO\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\VSTO\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\VSTO\7⤵PID:2264
-
C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\8⤵PID:2104
-
C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\9⤵PID:2100
-
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\7⤵PID:2576
-
C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\1033\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\1033\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\1033\8⤵PID:1624
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\7⤵PID:2516
-
C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\8⤵PID:2672
-
C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\BIN\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\BIN\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\BIN\9⤵PID:2112
-
C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\BIN\1033\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\BIN\1033\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\BIN\1033\10⤵PID:1564
-
-
-
-
-
-
C:\Program Files (x86)\Common Files\Services\update.exe"C:\Program Files (x86)\Common Files\Services\update.exe" C:\Program Files (x86)\Common Files\Services\6⤵PID:2188
-
-
C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe"C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe" C:\Program Files (x86)\Common Files\SpeechEngines\6⤵PID:2028
-
C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\backup.exe"C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\7⤵PID:2512
-
-
-
C:\Program Files (x86)\Common Files\System\backup.exe"C:\Program Files (x86)\Common Files\System\backup.exe" C:\Program Files (x86)\Common Files\System\6⤵
- Drops file in Program Files directory
PID:2016 -
C:\Program Files (x86)\Common Files\System\ado\backup.exe"C:\Program Files (x86)\Common Files\System\ado\backup.exe" C:\Program Files (x86)\Common Files\System\ado\7⤵PID:904
-
C:\Program Files (x86)\Common Files\System\ado\de-DE\backup.exe"C:\Program Files (x86)\Common Files\System\ado\de-DE\backup.exe" C:\Program Files (x86)\Common Files\System\ado\de-DE\8⤵PID:2932
-
-
C:\Program Files (x86)\Common Files\System\ado\en-US\update.exe"C:\Program Files (x86)\Common Files\System\ado\en-US\update.exe" C:\Program Files (x86)\Common Files\System\ado\en-US\8⤵PID:864
-
-
C:\Program Files (x86)\Common Files\System\ado\es-ES\backup.exe"C:\Program Files (x86)\Common Files\System\ado\es-ES\backup.exe" C:\Program Files (x86)\Common Files\System\ado\es-ES\8⤵PID:1540
-
-
C:\Program Files (x86)\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files (x86)\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\System\ado\fr-FR\8⤵PID:2928
-
-
C:\Program Files (x86)\Common Files\System\ado\it-IT\backup.exe"C:\Program Files (x86)\Common Files\System\ado\it-IT\backup.exe" C:\Program Files (x86)\Common Files\System\ado\it-IT\8⤵PID:348
-
-
C:\Program Files (x86)\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files (x86)\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\System\ado\ja-JP\8⤵PID:1896
-
-
-
C:\Program Files (x86)\Common Files\System\de-DE\backup.exe"C:\Program Files (x86)\Common Files\System\de-DE\backup.exe" C:\Program Files (x86)\Common Files\System\de-DE\7⤵PID:2292
-
-
C:\Program Files (x86)\Common Files\System\en-US\backup.exe"C:\Program Files (x86)\Common Files\System\en-US\backup.exe" C:\Program Files (x86)\Common Files\System\en-US\7⤵PID:764
-
-
C:\Program Files (x86)\Common Files\System\es-ES\backup.exe"C:\Program Files (x86)\Common Files\System\es-ES\backup.exe" C:\Program Files (x86)\Common Files\System\es-ES\7⤵PID:1928
-
-
C:\Program Files (x86)\Common Files\System\fr-FR\backup.exe"C:\Program Files (x86)\Common Files\System\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\System\fr-FR\7⤵PID:2244
-
-
C:\Program Files (x86)\Common Files\System\it-IT\backup.exe"C:\Program Files (x86)\Common Files\System\it-IT\backup.exe" C:\Program Files (x86)\Common Files\System\it-IT\7⤵PID:1964
-
-
C:\Program Files (x86)\Common Files\System\ja-JP\backup.exe"C:\Program Files (x86)\Common Files\System\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\System\ja-JP\7⤵PID:1892
-
-
C:\Program Files (x86)\Common Files\System\msadc\backup.exe"C:\Program Files (x86)\Common Files\System\msadc\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\7⤵PID:1992
-
C:\Program Files (x86)\Common Files\System\msadc\de-DE\backup.exe"C:\Program Files (x86)\Common Files\System\msadc\de-DE\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\de-DE\8⤵PID:2792
-
-
C:\Program Files (x86)\Common Files\System\msadc\en-US\backup.exe"C:\Program Files (x86)\Common Files\System\msadc\en-US\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\en-US\8⤵PID:2576
-
-
C:\Program Files (x86)\Common Files\System\msadc\es-ES\backup.exe"C:\Program Files (x86)\Common Files\System\msadc\es-ES\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\es-ES\8⤵PID:1944
-
-
C:\Program Files (x86)\Common Files\System\msadc\fr-FR\backup.exe"C:\Program Files (x86)\Common Files\System\msadc\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\fr-FR\8⤵PID:2168
-
-
C:\Program Files (x86)\Common Files\System\msadc\it-IT\backup.exe"C:\Program Files (x86)\Common Files\System\msadc\it-IT\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\it-IT\8⤵PID:1608
-
-
C:\Program Files (x86)\Common Files\System\msadc\ja-JP\backup.exe"C:\Program Files (x86)\Common Files\System\msadc\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\ja-JP\8⤵PID:1564
-
-
-
C:\Program Files (x86)\Common Files\System\MSMAPI\backup.exe"C:\Program Files (x86)\Common Files\System\MSMAPI\backup.exe" C:\Program Files (x86)\Common Files\System\MSMAPI\7⤵PID:2248
-
C:\Program Files (x86)\Common Files\System\MSMAPI\1033\backup.exe"C:\Program Files (x86)\Common Files\System\MSMAPI\1033\backup.exe" C:\Program Files (x86)\Common Files\System\MSMAPI\1033\8⤵PID:2012
-
-
-
C:\Program Files (x86)\Common Files\System\Ole DB\backup.exe"C:\Program Files (x86)\Common Files\System\Ole DB\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\7⤵PID:2520
-
C:\Program Files (x86)\Common Files\System\Ole DB\de-DE\backup.exe"C:\Program Files (x86)\Common Files\System\Ole DB\de-DE\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\de-DE\8⤵PID:1120
-
-
C:\Program Files (x86)\Common Files\System\Ole DB\en-US\backup.exe"C:\Program Files (x86)\Common Files\System\Ole DB\en-US\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\en-US\8⤵PID:2068
-
-
C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\backup.exe"C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\8⤵PID:1136
-
-
C:\Program Files (x86)\Common Files\System\Ole DB\fr-FR\backup.exe"C:\Program Files (x86)\Common Files\System\Ole DB\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\fr-FR\8⤵PID:1672
-
-
C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\backup.exe"C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\8⤵PID:1472
-
-
C:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\backup.exe"C:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\8⤵PID:2172
-
-
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵PID:2300
-
C:\Program Files (x86)\Google\CrashReports\backup.exe"C:\Program Files (x86)\Google\CrashReports\backup.exe" C:\Program Files (x86)\Google\CrashReports\6⤵PID:1652
-
-
C:\Program Files (x86)\Google\Temp\backup.exe"C:\Program Files (x86)\Google\Temp\backup.exe" C:\Program Files (x86)\Google\Temp\6⤵PID:1924
-
-
C:\Program Files (x86)\Google\Update\backup.exe"C:\Program Files (x86)\Google\Update\backup.exe" C:\Program Files (x86)\Google\Update\6⤵
- Modifies visibility of file extensions in Explorer
PID:2396 -
C:\Program Files (x86)\Google\Update\1.3.36.151\backup.exe"C:\Program Files (x86)\Google\Update\1.3.36.151\backup.exe" C:\Program Files (x86)\Google\Update\1.3.36.151\7⤵PID:932
-
-
C:\Program Files (x86)\Google\Update\Download\backup.exe"C:\Program Files (x86)\Google\Update\Download\backup.exe" C:\Program Files (x86)\Google\Update\Download\7⤵PID:2816
-
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\backup.exe"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\backup.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\8⤵PID:1464
-
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\backup.exe"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\backup.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\9⤵PID:2900
-
-
-
-
C:\Program Files (x86)\Google\Update\Install\backup.exe"C:\Program Files (x86)\Google\Update\Install\backup.exe" C:\Program Files (x86)\Google\Update\Install\7⤵PID:2712
-
C:\Program Files (x86)\Google\Update\Install\{9DE7027D-B8EC-4BBC-9990-0AF535C09D17}\backup.exe"C:\Program Files (x86)\Google\Update\Install\{9DE7027D-B8EC-4BBC-9990-0AF535C09D17}\backup.exe" C:\Program Files (x86)\Google\Update\Install\{9DE7027D-B8EC-4BBC-9990-0AF535C09D17}\8⤵PID:3000
-
-
-
C:\Program Files (x86)\Google\Update\Offline\backup.exe"C:\Program Files (x86)\Google\Update\Offline\backup.exe" C:\Program Files (x86)\Google\Update\Offline\7⤵PID:2824
-
-
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
- Drops file in Program Files directory
PID:1524 -
C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe"C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe" C:\Program Files (x86)\Internet Explorer\de-DE\6⤵PID:2692
-
-
C:\Program Files (x86)\Internet Explorer\en-US\backup.exe"C:\Program Files (x86)\Internet Explorer\en-US\backup.exe" C:\Program Files (x86)\Internet Explorer\en-US\6⤵PID:2672
-
-
C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe"C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe" C:\Program Files (x86)\Internet Explorer\es-ES\6⤵
- System policy modification
PID:2416
-
-
C:\Program Files (x86)\Internet Explorer\fr-FR\backup.exe"C:\Program Files (x86)\Internet Explorer\fr-FR\backup.exe" C:\Program Files (x86)\Internet Explorer\fr-FR\6⤵PID:612
-
-
C:\Program Files (x86)\Internet Explorer\it-IT\backup.exe"C:\Program Files (x86)\Internet Explorer\it-IT\backup.exe" C:\Program Files (x86)\Internet Explorer\it-IT\6⤵PID:2908
-
-
C:\Program Files (x86)\Internet Explorer\ja-JP\backup.exe"C:\Program Files (x86)\Internet Explorer\ja-JP\backup.exe" C:\Program Files (x86)\Internet Explorer\ja-JP\6⤵PID:856
-
-
C:\Program Files (x86)\Internet Explorer\SIGNUP\backup.exe"C:\Program Files (x86)\Internet Explorer\SIGNUP\backup.exe" C:\Program Files (x86)\Internet Explorer\SIGNUP\6⤵PID:2784
-
-
-
C:\Program Files (x86)\Microsoft Analysis Services\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\5⤵PID:2108
-
C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\6⤵PID:2932
-
C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\7⤵
- Drops file in Program Files directory
PID:1824 -
C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\8⤵PID:2092
-
-
C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\update.exe"C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\update.exe" C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\8⤵PID:764
-
C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\9⤵PID:876
-
-
-
-
-
-
C:\Program Files (x86)\Microsoft Office\backup.exe"C:\Program Files (x86)\Microsoft Office\backup.exe" C:\Program Files (x86)\Microsoft Office\5⤵PID:2556
-
C:\Program Files (x86)\Microsoft Office\CLIPART\backup.exe"C:\Program Files (x86)\Microsoft Office\CLIPART\backup.exe" C:\Program Files (x86)\Microsoft Office\CLIPART\6⤵
- Modifies visibility of file extensions in Explorer
PID:1636 -
C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\backup.exe"C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\backup.exe" C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\7⤵PID:1832
-
-
C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\backup.exe"C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\backup.exe" C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\7⤵PID:1992
-
C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\backup.exe"C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\backup.exe" C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\8⤵PID:2532
-
-
-
-
C:\Program Files (x86)\Microsoft Office\Document Themes 14\backup.exe"C:\Program Files (x86)\Microsoft Office\Document Themes 14\backup.exe" C:\Program Files (x86)\Microsoft Office\Document Themes 14\6⤵PID:2696
-
C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\backup.exe"C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\backup.exe" C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\7⤵PID:1524
-
-
C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\backup.exe"C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\backup.exe" C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\7⤵PID:2408
-
-
C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\backup.exe"C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\backup.exe" C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\7⤵PID:2016
-
-
-
C:\Program Files (x86)\Microsoft Office\MEDIA\backup.exe"C:\Program Files (x86)\Microsoft Office\MEDIA\backup.exe" C:\Program Files (x86)\Microsoft Office\MEDIA\6⤵PID:2360
-
C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\backup.exe"C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\backup.exe" C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\7⤵PID:2548
-
C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\1033\backup.exe"C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\1033\backup.exe" C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\1033\8⤵PID:2752
-
-
-
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\backup.exe"C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\backup.exe" C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\7⤵PID:2668
-
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\1033\backup.exe"C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\1033\backup.exe" C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\1033\8⤵PID:2356
-
-
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\backup.exe"C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\backup.exe" C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\8⤵PID:2472
-
-
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\backup.exe"C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\backup.exe" C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\8⤵PID:2348
-
-
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\update.exe"C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\update.exe" C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\8⤵PID:2112
-
-
-
-
C:\Program Files (x86)\Microsoft Office\Office14\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\6⤵PID:2416
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\7⤵
- Drops file in Program Files directory
PID:2732 -
C:\Program Files (x86)\Microsoft Office\Office14\1033\Bibliography\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\Bibliography\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\Bibliography\8⤵PID:1400
-
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\8⤵PID:1672
-
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\8⤵PID:348
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\9⤵PID:968
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Americana\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Americana\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Americana\10⤵PID:2680
-
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\10⤵PID:2552
-
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\10⤵PID:3012
-
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\10⤵PID:2996
-
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\10⤵PID:2300
-
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Desert\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Desert\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Desert\10⤵PID:332
-
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\GrayCheck\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\GrayCheck\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\GrayCheck\10⤵PID:1860
-
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Lime\update.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Lime\update.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Lime\10⤵PID:2668
-
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Oasis\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Oasis\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Oasis\10⤵PID:1692
-
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Slate\data.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Slate\data.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Slate\10⤵PID:2340
-
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SoftBlue\data.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SoftBlue\data.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SoftBlue\10⤵PID:2980
-
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\10⤵PID:2404
-
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SpringGreen\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SpringGreen\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SpringGreen\10⤵PID:2504
-
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\STS2\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\STS2\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\STS2\10⤵PID:2612
-
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl\10⤵PID:2332
-
-
-
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\8⤵PID:2248
-
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\8⤵PID:2628
-
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\QuickStyles\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\QuickStyles\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\QuickStyles\8⤵PID:1964
-
-
-
C:\Program Files (x86)\Microsoft Office\Office14\1036\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\1036\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1036\7⤵PID:2388
-
-
C:\Program Files (x86)\Microsoft Office\Office14\3082\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\3082\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\3082\7⤵PID:2600
-
-
C:\Program Files (x86)\Microsoft Office\Office14\AccessWeb\System Restore.exe"C:\Program Files (x86)\Microsoft Office\Office14\AccessWeb\System Restore.exe" C:\Program Files (x86)\Microsoft Office\Office14\AccessWeb\7⤵PID:1652
-
-
C:\Program Files (x86)\Microsoft Office\Office14\ACCWIZ\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\ACCWIZ\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\ACCWIZ\7⤵PID:2456
-
-
C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\7⤵PID:1992
-
-
C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\7⤵PID:1236
-
C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Sort\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Sort\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Sort\8⤵
- System policy modification
PID:1984
-
-
C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\8⤵PID:2140
-
-
-
C:\Program Files (x86)\Microsoft Office\Office14\BORDERS\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\BORDERS\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\BORDERS\7⤵PID:2960
-
-
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵PID:532
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵PID:2452
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\6⤵PID:2896
-
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵PID:1724
-
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\6⤵PID:112
-
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵PID:2496
-
-
C:\Users\Admin\Favorites\backup.exeC:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\6⤵PID:1628
-
-
C:\Users\Admin\Links\backup.exeC:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\6⤵
- Disables RegEdit via registry modification
PID:2616
-
-
C:\Users\Admin\Music\backup.exeC:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\6⤵PID:2592
-
-
C:\Users\Admin\Pictures\backup.exeC:\Users\Admin\Pictures\backup.exe C:\Users\Admin\Pictures\6⤵PID:1944
-
-
C:\Users\Admin\Saved Games\backup.exe"C:\Users\Admin\Saved Games\backup.exe" C:\Users\Admin\Saved Games\6⤵PID:1436
-
-
C:\Users\Admin\Searches\update.exeC:\Users\Admin\Searches\update.exe C:\Users\Admin\Searches\6⤵PID:1676
-
-
C:\Users\Admin\Videos\backup.exeC:\Users\Admin\Videos\backup.exe C:\Users\Admin\Videos\6⤵PID:1580
-
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵PID:2276
-
C:\Users\Public\Documents\backup.exeC:\Users\Public\Documents\backup.exe C:\Users\Public\Documents\6⤵PID:1496
-
-
C:\Users\Public\Downloads\backup.exeC:\Users\Public\Downloads\backup.exe C:\Users\Public\Downloads\6⤵PID:1980
-
-
C:\Users\Public\Music\backup.exeC:\Users\Public\Music\backup.exe C:\Users\Public\Music\6⤵PID:804
-
C:\Users\Public\Music\Sample Music\backup.exe"C:\Users\Public\Music\Sample Music\backup.exe" C:\Users\Public\Music\Sample Music\7⤵PID:1848
-
-
-
C:\Users\Public\Pictures\System Restore.exe"C:\Users\Public\Pictures\System Restore.exe" C:\Users\Public\Pictures\6⤵PID:2768
-
C:\Users\Public\Pictures\Sample Pictures\backup.exe"C:\Users\Public\Pictures\Sample Pictures\backup.exe" C:\Users\Public\Pictures\Sample Pictures\7⤵PID:2776
-
-
-
C:\Users\Public\Recorded TV\backup.exe"C:\Users\Public\Recorded TV\backup.exe" C:\Users\Public\Recorded TV\6⤵PID:736
-
C:\Users\Public\Recorded TV\Sample Media\data.exe"C:\Users\Public\Recorded TV\Sample Media\data.exe" C:\Users\Public\Recorded TV\Sample Media\7⤵PID:2724
-
-
-
C:\Users\Public\Videos\backup.exeC:\Users\Public\Videos\backup.exe C:\Users\Public\Videos\6⤵PID:764
-
C:\Users\Public\Videos\Sample Videos\backup.exe"C:\Users\Public\Videos\Sample Videos\backup.exe" C:\Users\Public\Videos\Sample Videos\7⤵PID:1668
-
-
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:2804 -
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵PID:988
-
-
C:\Windows\AppCompat\backup.exeC:\Windows\AppCompat\backup.exe C:\Windows\AppCompat\5⤵PID:2672
-
-
C:\Windows\AppPatch\backup.exeC:\Windows\AppPatch\backup.exe C:\Windows\AppPatch\5⤵
- Modifies visibility of file extensions in Explorer
PID:1396 -
C:\Windows\AppPatch\AppPatch64\backup.exeC:\Windows\AppPatch\AppPatch64\backup.exe C:\Windows\AppPatch\AppPatch64\6⤵PID:2036
-
-
C:\Windows\AppPatch\Custom\backup.exeC:\Windows\AppPatch\Custom\backup.exe C:\Windows\AppPatch\Custom\6⤵PID:2404
-
C:\Windows\AppPatch\Custom\Custom64\backup.exeC:\Windows\AppPatch\Custom\Custom64\backup.exe C:\Windows\AppPatch\Custom\Custom64\7⤵PID:1956
-
-
-
C:\Windows\AppPatch\de-DE\backup.exeC:\Windows\AppPatch\de-DE\backup.exe C:\Windows\AppPatch\de-DE\6⤵PID:2944
-
-
C:\Windows\AppPatch\en-US\backup.exeC:\Windows\AppPatch\en-US\backup.exe C:\Windows\AppPatch\en-US\6⤵PID:2780
-
-
C:\Windows\AppPatch\es-ES\backup.exeC:\Windows\AppPatch\es-ES\backup.exe C:\Windows\AppPatch\es-ES\6⤵PID:2016
-
-
C:\Windows\AppPatch\fr-FR\backup.exeC:\Windows\AppPatch\fr-FR\backup.exe C:\Windows\AppPatch\fr-FR\6⤵PID:2052
-
-
C:\Windows\AppPatch\it-IT\backup.exeC:\Windows\AppPatch\it-IT\backup.exe C:\Windows\AppPatch\it-IT\6⤵PID:1016
-
-
C:\Windows\AppPatch\ja-JP\System Restore.exe"C:\Windows\AppPatch\ja-JP\System Restore.exe" C:\Windows\AppPatch\ja-JP\6⤵PID:1444
-
-
-
C:\Windows\assembly\backup.exeC:\Windows\assembly\backup.exe C:\Windows\assembly\5⤵PID:1500
-
C:\Windows\assembly\GAC\backup.exeC:\Windows\assembly\GAC\backup.exe C:\Windows\assembly\GAC\6⤵
- Drops file in Windows directory
PID:1416 -
C:\Windows\assembly\GAC\ADODB\backup.exeC:\Windows\assembly\GAC\ADODB\backup.exe C:\Windows\assembly\GAC\ADODB\7⤵PID:1944
-
C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\8⤵PID:2164
-
-
-
C:\Windows\assembly\GAC\Extensibility\backup.exeC:\Windows\assembly\GAC\Extensibility\backup.exe C:\Windows\assembly\GAC\Extensibility\7⤵PID:2360
-
C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\8⤵PID:1452
-
-
-
C:\Windows\assembly\GAC\Microsoft.Ink\backup.exeC:\Windows\assembly\GAC\Microsoft.Ink\backup.exe C:\Windows\assembly\GAC\Microsoft.Ink\7⤵PID:1252
-
C:\Windows\assembly\GAC\Microsoft.Ink\1.0.2201.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC\Microsoft.Ink\1.0.2201.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC\Microsoft.Ink\1.0.2201.0__31bf3856ad364e35\8⤵PID:2144
-
-
C:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\8⤵PID:788
-
-
-
C:\Windows\assembly\GAC\Microsoft.mshtml\backup.exeC:\Windows\assembly\GAC\Microsoft.mshtml\backup.exe C:\Windows\assembly\GAC\Microsoft.mshtml\7⤵PID:2928
-
C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\8⤵PID:1204
-
-
-
C:\Windows\assembly\GAC\Microsoft.StdFormat\backup.exeC:\Windows\assembly\GAC\Microsoft.StdFormat\backup.exe C:\Windows\assembly\GAC\Microsoft.StdFormat\7⤵PID:2948
-
C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\8⤵PID:2044
-
-
-
C:\Windows\assembly\GAC\mscomctl\backup.exeC:\Windows\assembly\GAC\mscomctl\backup.exe C:\Windows\assembly\GAC\mscomctl\7⤵PID:2192
-
C:\Windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\8⤵PID:2936
-
-
-
C:\Windows\assembly\GAC\MSDATASRC\backup.exeC:\Windows\assembly\GAC\MSDATASRC\backup.exe C:\Windows\assembly\GAC\MSDATASRC\7⤵PID:2460
-
C:\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\8⤵PID:2856
-
-
-
C:\Windows\assembly\GAC\stdole\backup.exeC:\Windows\assembly\GAC\stdole\backup.exe C:\Windows\assembly\GAC\stdole\7⤵PID:1676
-
C:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\8⤵PID:2452
-
-
-
-
C:\Windows\assembly\GAC_32\backup.exeC:\Windows\assembly\GAC_32\backup.exe C:\Windows\assembly\GAC_32\6⤵
- Drops file in Windows directory
PID:3016 -
C:\Windows\assembly\GAC_32\AuditPolicyGPManagedStubs.Interop\backup.exeC:\Windows\assembly\GAC_32\AuditPolicyGPManagedStubs.Interop\backup.exe C:\Windows\assembly\GAC_32\AuditPolicyGPManagedStubs.Interop\7⤵
- Disables RegEdit via registry modification
PID:2968 -
C:\Windows\assembly\GAC_32\AuditPolicyGPManagedStubs.Interop\6.1.0.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_32\AuditPolicyGPManagedStubs.Interop\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\AuditPolicyGPManagedStubs.Interop\6.1.0.0__31bf3856ad364e35\8⤵PID:1260
-
-
-
C:\Windows\assembly\GAC_32\BDATunePIA\backup.exeC:\Windows\assembly\GAC_32\BDATunePIA\backup.exe C:\Windows\assembly\GAC_32\BDATunePIA\7⤵PID:3060
-
C:\Windows\assembly\GAC_32\BDATunePIA\6.1.0.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_32\BDATunePIA\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\BDATunePIA\6.1.0.0__31bf3856ad364e35\8⤵PID:804
-
-
-
C:\Windows\assembly\GAC_32\CustomMarshalers\backup.exeC:\Windows\assembly\GAC_32\CustomMarshalers\backup.exe C:\Windows\assembly\GAC_32\CustomMarshalers\7⤵PID:2696
-
C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\8⤵PID:1924
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1872
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2212
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2628
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2588
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\System Restore.exe"C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\System Restore.exe" C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2664
-
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeC:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2756
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
20KB
MD5290188b4b288c00a81e4c61c87364a7d
SHA146b74f657dc2b422c2f0323f16dc69a6201860a6
SHA256d6a6c24f98e483187fc88b79bfab63544288b419a1cd9bbeebda7ca6ed36c16e
SHA5129257d22ee314c1419acffb69c1fc127b3fca5c859a378f4b0e8bfeb20dc1de92250bc97dd5ed6a1da98d18bcc6bcbcf46c24982ffe4fc52cee290053c60cb51c
-
Filesize
22B
MD576cdb2bad9582d23c1f6f4d868218d6c
SHA1b04f3ee8f5e43fa3b162981b50bb72fe1acabb33
SHA2568739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85
SHA5125e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f
-
Filesize
72KB
MD557aa1a11fd0733e5a9cab82aa027555c
SHA175fef2e7eb91d10c27815b730e93af0d831dea6b
SHA2569394a65b46514b3d3716faa38d1489768223183122e36594ea56cdddc7cf93cf
SHA512e08d4ecddf2bb45d5b3af9a00363f1738e460986c7aaa0cb0e96a9f74df4c35fc8513a1f213b7e33bd8a4543d32e7079d3df32dc7c9dab9a075c7d18bf09c780
-
Filesize
72KB
MD5964e069c5c6efb834dc8daf9cc560ee8
SHA1ed1163058c0c4caef4728d70c574cdf803f41822
SHA256c7480fe2fc2e3c13b299bf8c8da0313c4182617529dca4ecdf15625b79a56aa2
SHA5122c2521072724ed7e01b6c370d8b4963e9436e28f2f151386cbc67d9481e70f0a73c2ee9cc5136bafd37b752c2f95b87b3cba681cdd81134263286f21a48443fa
-
Filesize
72KB
MD574b8380c2ddb2d214e2d8575497b68dc
SHA1cd77ab734f780af7ee45c5343543e64922527da9
SHA25665b74ee4b6c14cc10d017e60d250a5dbade94bcf6ea24f57fd2175e54c3cdef3
SHA512be4f1ff27aac9638b19c09c5b973848036668e180680cef9cab1f57866d1f698f5e4a4054c6f6d9ab0472633cdabbda7785370129022fbea1f5a3705f0d3f843
-
Filesize
72KB
MD5993a8e1a237741e09a699340c11cd585
SHA1551b41ab02b4ce2ec35ec2757e2e1da024cfbe0b
SHA25687a8db1458a30738ae09f54d72f227b716eca8c724bba7cdb45e14e70a308c8f
SHA51224367d106ea6cf993ebc3522f72fd019846cc3fca3c303eb5f8172b1efb8b6f8571bca17c0f657bf2234c88ba9a6883b7345df81b99ef1e7ac5def16256a302a
-
Filesize
72KB
MD5010f478b6045d1c5762edcc73d553320
SHA1dbc0d05fab6cea9827b605b2bd24621cc9fe0dc9
SHA2566e4197aa57c8eabe160426730e0c030939d89322dbfc56dcd87c56d24efb312a
SHA512cf84759358d5afed3f4c0fe0eb79b1e2b8675b10046e4de78dee27d5d8992b7d3dee8fe52f3cba70a2cdd03ffa1f525f8bc5cd00feb8085b34e054e2278e6f02
-
Filesize
72KB
MD527f96733b1a7635266114cc429925633
SHA1a3550ac4f1acd67425d4b45b61293592dbff4f9e
SHA2568ccfc0c714b56ef1e4d28ef7489fbbf37146ec1ba4f1d9596762261cce5a63e3
SHA512ca031e2cc695eb194f30cf738a9fbc8120550a32de89c15fd8edb4e81fc49fa1443214aa6b0e6bc858b19b90d9a960f9d636f1e0b4870d973d2b0f11b51bb761
-
Filesize
72KB
MD54901b77cf427b38a4943dbcde2fcc5a9
SHA1d0c7a17b5dadfc8bd0580253f0d73e225737c4d0
SHA2564c59c56e6bc05513328c31ec6e5b0be598d95c63003fff978df386ea11cb8049
SHA51253182d16deecf78240e519f48c19dd554f3a5e14bcd3ef656fc85b778527bf23e70643fa2d1484252f1f743c49c8a556b2890e9d389e622090cd1aafd15151dd