Analysis
-
max time kernel
120s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
22/08/2024, 23:26
General
-
Target
d4bc593a86375a5df830c4176a84e300N.exe
-
Size
122KB
-
MD5
d4bc593a86375a5df830c4176a84e300
-
SHA1
106b6bb3d04137eb7f47e9c4477672afb9890628
-
SHA256
2d3e9c66a65465c7a057dba437cf32601fde2ce703d1acbdf5b0143ab253b30b
-
SHA512
f82c1fd2a734a052441d9e14af8bf90016d3f8d9ed915fa786cbaa01f5e952771d7267304e73d990c0e678118275a22a67baad759d8a908f422ea15e33ad7497
-
SSDEEP
1536:lvm1Fu8AjYaFwjRUdW7fmyY7aZYJVmy0KQbj6vbjuKoauGi4B:6u8ANCUdgfmD7zey0KUj6TjR9i4B
Score
10/10
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 4 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d4bc593a86375a5df830c4176a84e300N.exe"C:\Users\Admin\AppData\Local\Temp\d4bc593a86375a5df830c4176a84e300N.exe"1⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1001944135\backup.exeC:\Users\Admin\AppData\Local\Temp\1001944135\backup.exe C:\Users\Admin\AppData\Local\Temp\1001944135\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\System Restore.exe"\System Restore.exe" \3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\PerfLogs\Admin\backup.exeC:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\backup.exe"C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\8⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\8⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\9⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\9⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\8⤵
- Executes dropped EXE
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\8⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\8⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\8⤵
- System policy modification
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\7⤵
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\update.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\update.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\8⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\data.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\data.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\update.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\update.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VC\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VGX\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\7⤵
- System Location Discovery: System Language Discovery
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\8⤵
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\9⤵
-
-
-
-
-
C:\Program Files\Common Files\Services\backup.exe"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\6⤵
-
-
C:\Program Files\Common Files\SpeechEngines\update.exe"C:\Program Files\Common Files\SpeechEngines\update.exe" C:\Program Files\Common Files\SpeechEngines\6⤵
- System policy modification
-
C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe"C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\7⤵
-
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
-
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
-
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
-
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
-
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
-
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
-
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\7⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
-
-
C:\Program Files\Common Files\System\msadc\backup.exe"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\7⤵
- System Location Discovery: System Language Discovery
-
C:\Program Files\Common Files\System\msadc\de-DE\backup.exe"C:\Program Files\Common Files\System\msadc\de-DE\backup.exe" C:\Program Files\Common Files\System\msadc\de-DE\8⤵
-
-
C:\Program Files\Common Files\System\msadc\en-US\backup.exe"C:\Program Files\Common Files\System\msadc\en-US\backup.exe" C:\Program Files\Common Files\System\msadc\en-US\8⤵
-
-
C:\Program Files\Common Files\System\msadc\es-ES\backup.exe"C:\Program Files\Common Files\System\msadc\es-ES\backup.exe" C:\Program Files\Common Files\System\msadc\es-ES\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe"C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe" C:\Program Files\Common Files\System\msadc\fr-FR\8⤵
-
-
C:\Program Files\Common Files\System\msadc\it-IT\backup.exe"C:\Program Files\Common Files\System\msadc\it-IT\backup.exe" C:\Program Files\Common Files\System\msadc\it-IT\8⤵
-
-
C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe"C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe" C:\Program Files\Common Files\System\msadc\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\System\Ole DB\backup.exe"C:\Program Files\Common Files\System\Ole DB\backup.exe" C:\Program Files\Common Files\System\Ole DB\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\Ole DB\de-DE\backup.exe"C:\Program Files\Common Files\System\Ole DB\de-DE\backup.exe" C:\Program Files\Common Files\System\Ole DB\de-DE\8⤵
-
-
C:\Program Files\Common Files\System\Ole DB\en-US\backup.exe"C:\Program Files\Common Files\System\Ole DB\en-US\backup.exe" C:\Program Files\Common Files\System\Ole DB\en-US\8⤵
-
-
C:\Program Files\Common Files\System\Ole DB\es-ES\backup.exe"C:\Program Files\Common Files\System\Ole DB\es-ES\backup.exe" C:\Program Files\Common Files\System\Ole DB\es-ES\8⤵
-
-
C:\Program Files\Common Files\System\Ole DB\fr-FR\backup.exe"C:\Program Files\Common Files\System\Ole DB\fr-FR\backup.exe" C:\Program Files\Common Files\System\Ole DB\fr-FR\8⤵
-
-
C:\Program Files\Common Files\System\Ole DB\it-IT\backup.exe"C:\Program Files\Common Files\System\Ole DB\it-IT\backup.exe" C:\Program Files\Common Files\System\Ole DB\it-IT\8⤵
-
-
C:\Program Files\Common Files\System\Ole DB\ja-JP\backup.exe"C:\Program Files\Common Files\System\Ole DB\ja-JP\backup.exe" C:\Program Files\Common Files\System\Ole DB\ja-JP\8⤵
-
-
-
-
-
C:\Program Files\DVD Maker\backup.exe"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\5⤵
-
C:\Program Files\DVD Maker\de-DE\System Restore.exe"C:\Program Files\DVD Maker\de-DE\System Restore.exe" C:\Program Files\DVD Maker\de-DE\6⤵
-
-
C:\Program Files\DVD Maker\en-US\backup.exe"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\6⤵
-
-
C:\Program Files\DVD Maker\es-ES\backup.exe"C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\6⤵
-
-
C:\Program Files\DVD Maker\fr-FR\backup.exe"C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\6⤵
-
-
C:\Program Files\DVD Maker\it-IT\backup.exe"C:\Program Files\DVD Maker\it-IT\backup.exe" C:\Program Files\DVD Maker\it-IT\6⤵
-
-
C:\Program Files\DVD Maker\ja-JP\backup.exe"C:\Program Files\DVD Maker\ja-JP\backup.exe" C:\Program Files\DVD Maker\ja-JP\6⤵
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\backup.exe"C:\Program Files\DVD Maker\Shared\backup.exe" C:\Program Files\DVD Maker\Shared\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\7⤵
- Drops file in Program Files directory
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Full\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\8⤵
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\System Restore.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\System Restore.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Push\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Push\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Push\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\data.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\data.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
-
C:\Program Files\Google\Chrome\update.exe"C:\Program Files\Google\Chrome\update.exe" C:\Program Files\Google\Chrome\6⤵
-
C:\Program Files\Google\Chrome\Application\data.exe"C:\Program Files\Google\Chrome\Application\data.exe" C:\Program Files\Google\Chrome\Application\7⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\backup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\8⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\backup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\9⤵
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\backup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\9⤵
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\backup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\9⤵
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\backup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\9⤵
- System policy modification
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\backup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\9⤵
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\backup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\9⤵
- System policy modification
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\backup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\9⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\System Restore.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\System Restore.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\10⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\data.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\data.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\11⤵
-
-
-
-
-
C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe"C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\8⤵
-
-
-
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
-
C:\Program Files\Internet Explorer\de-DE\backup.exe"C:\Program Files\Internet Explorer\de-DE\backup.exe" C:\Program Files\Internet Explorer\de-DE\6⤵
-
-
C:\Program Files\Internet Explorer\en-US\backup.exe"C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\6⤵
-
-
C:\Program Files\Internet Explorer\es-ES\backup.exe"C:\Program Files\Internet Explorer\es-ES\backup.exe" C:\Program Files\Internet Explorer\es-ES\6⤵
- System Location Discovery: System Language Discovery
- System policy modification
-
-
C:\Program Files\Internet Explorer\fr-FR\backup.exe"C:\Program Files\Internet Explorer\fr-FR\backup.exe" C:\Program Files\Internet Explorer\fr-FR\6⤵
-
-
C:\Program Files\Internet Explorer\images\backup.exe"C:\Program Files\Internet Explorer\images\backup.exe" C:\Program Files\Internet Explorer\images\6⤵
-
-
C:\Program Files\Internet Explorer\it-IT\update.exe"C:\Program Files\Internet Explorer\it-IT\update.exe" C:\Program Files\Internet Explorer\it-IT\6⤵
-
-
C:\Program Files\Internet Explorer\ja-JP\backup.exe"C:\Program Files\Internet Explorer\ja-JP\backup.exe" C:\Program Files\Internet Explorer\ja-JP\6⤵
-
-
C:\Program Files\Internet Explorer\SIGNUP\backup.exe"C:\Program Files\Internet Explorer\SIGNUP\backup.exe" C:\Program Files\Internet Explorer\SIGNUP\6⤵
-
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
- System policy modification
-
C:\Program Files\Java\jdk1.7.0_80\backup.exe"C:\Program Files\Java\jdk1.7.0_80\backup.exe" C:\Program Files\Java\jdk1.7.0_80\6⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files\Java\jdk1.7.0_80\bin\backup.exe"C:\Program Files\Java\jdk1.7.0_80\bin\backup.exe" C:\Program Files\Java\jdk1.7.0_80\bin\7⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\db\backup.exe"C:\Program Files\Java\jdk1.7.0_80\db\backup.exe" C:\Program Files\Java\jdk1.7.0_80\db\7⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- System policy modification
-
C:\Program Files\Java\jdk1.7.0_80\db\bin\backup.exe"C:\Program Files\Java\jdk1.7.0_80\db\bin\backup.exe" C:\Program Files\Java\jdk1.7.0_80\db\bin\8⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\db\lib\backup.exe"C:\Program Files\Java\jdk1.7.0_80\db\lib\backup.exe" C:\Program Files\Java\jdk1.7.0_80\db\lib\8⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\include\backup.exe"C:\Program Files\Java\jdk1.7.0_80\include\backup.exe" C:\Program Files\Java\jdk1.7.0_80\include\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Java\jdk1.7.0_80\include\win32\backup.exe"C:\Program Files\Java\jdk1.7.0_80\include\win32\backup.exe" C:\Program Files\Java\jdk1.7.0_80\include\win32\8⤵
-
C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\update.exe"C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\update.exe" C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\9⤵
-
-
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\7⤵
-
C:\Program Files\Java\jdk1.7.0_80\jre\bin\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\bin\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\bin\8⤵
-
C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\9⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\9⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\9⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\8⤵
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\9⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\applet\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\applet\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\applet\9⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\9⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\9⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\9⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\9⤵
- System policy modification
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\9⤵
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\10⤵
- System policy modification
-
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\9⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\9⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\9⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\9⤵
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\10⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\10⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\11⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\11⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\11⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\11⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\10⤵
- System policy modification
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\update.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\update.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\10⤵
- System policy modification
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\10⤵
- System policy modification
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\System Restore.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\System Restore.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\10⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\10⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\10⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\data.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\data.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\10⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\10⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\10⤵
-
-
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\8⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\9⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\10⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\10⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\9⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\9⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\System Restore.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\System Restore.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\10⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\10⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\System Restore.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\System Restore.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\10⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\10⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\10⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\10⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\10⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\10⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\System Restore.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\System Restore.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\10⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\data.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\data.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\10⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\System Restore.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\System Restore.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\11⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\10⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\11⤵
- System policy modification
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\data.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\data.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\10⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\11⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\10⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\11⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\10⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\11⤵
-
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\9⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\10⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\11⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\12⤵
-
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\10⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\11⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\12⤵
-
-
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\9⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\10⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\11⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\12⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\13⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\13⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\13⤵
-
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\11⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\11⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\10⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\11⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\11⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\11⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\11⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\10⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\11⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\10⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\11⤵
- Modifies visibility of file extensions in Explorer
- System Location Discovery: System Language Discovery
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\12⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\11⤵
-
-
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\8⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\data.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\data.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\9⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\10⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\11⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\11⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\10⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\11⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\10⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\11⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\10⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\11⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\12⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\update.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\update.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\11⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\10⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\9⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\10⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\11⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\10⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\data.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\data.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\11⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\12⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\13⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\12⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\13⤵
-
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\11⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\10⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\11⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\10⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\9⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\10⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\data.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\data.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\11⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\10⤵
- System Location Discovery: System Language Discovery
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\11⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\System Restore.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\System Restore.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\10⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\11⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\10⤵
- System Location Discovery: System Language Discovery
-
-
-
-
-
-
C:\Program Files\Java\jre7\data.exe"C:\Program Files\Java\jre7\data.exe" C:\Program Files\Java\jre7\6⤵
-
C:\Program Files\Java\jre7\bin\backup.exe"C:\Program Files\Java\jre7\bin\backup.exe" C:\Program Files\Java\jre7\bin\7⤵
-
C:\Program Files\Java\jre7\bin\dtplugin\backup.exe"C:\Program Files\Java\jre7\bin\dtplugin\backup.exe" C:\Program Files\Java\jre7\bin\dtplugin\8⤵
- System policy modification
-
-
C:\Program Files\Java\jre7\bin\plugin2\backup.exe"C:\Program Files\Java\jre7\bin\plugin2\backup.exe" C:\Program Files\Java\jre7\bin\plugin2\8⤵
-
-
C:\Program Files\Java\jre7\bin\server\backup.exe"C:\Program Files\Java\jre7\bin\server\backup.exe" C:\Program Files\Java\jre7\bin\server\8⤵
-
-
-
C:\Program Files\Java\jre7\lib\backup.exe"C:\Program Files\Java\jre7\lib\backup.exe" C:\Program Files\Java\jre7\lib\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jre7\lib\amd64\backup.exe"C:\Program Files\Java\jre7\lib\amd64\backup.exe" C:\Program Files\Java\jre7\lib\amd64\8⤵
-
-
C:\Program Files\Java\jre7\lib\applet\backup.exe"C:\Program Files\Java\jre7\lib\applet\backup.exe" C:\Program Files\Java\jre7\lib\applet\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Java\jre7\lib\cmm\backup.exe"C:\Program Files\Java\jre7\lib\cmm\backup.exe" C:\Program Files\Java\jre7\lib\cmm\8⤵
-
-
C:\Program Files\Java\jre7\lib\deploy\backup.exe"C:\Program Files\Java\jre7\lib\deploy\backup.exe" C:\Program Files\Java\jre7\lib\deploy\8⤵
-
-
C:\Program Files\Java\jre7\lib\ext\backup.exe"C:\Program Files\Java\jre7\lib\ext\backup.exe" C:\Program Files\Java\jre7\lib\ext\8⤵
-
-
C:\Program Files\Java\jre7\lib\fonts\backup.exe"C:\Program Files\Java\jre7\lib\fonts\backup.exe" C:\Program Files\Java\jre7\lib\fonts\8⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files\Java\jre7\lib\images\backup.exe"C:\Program Files\Java\jre7\lib\images\backup.exe" C:\Program Files\Java\jre7\lib\images\8⤵
-
C:\Program Files\Java\jre7\lib\images\cursors\backup.exe"C:\Program Files\Java\jre7\lib\images\cursors\backup.exe" C:\Program Files\Java\jre7\lib\images\cursors\9⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Program Files\Java\jre7\lib\jfr\backup.exe"C:\Program Files\Java\jre7\lib\jfr\backup.exe" C:\Program Files\Java\jre7\lib\jfr\8⤵
-
-
C:\Program Files\Java\jre7\lib\management\update.exe"C:\Program Files\Java\jre7\lib\management\update.exe" C:\Program Files\Java\jre7\lib\management\8⤵
-
-
C:\Program Files\Java\jre7\lib\security\System Restore.exe"C:\Program Files\Java\jre7\lib\security\System Restore.exe" C:\Program Files\Java\jre7\lib\security\8⤵
-
-
C:\Program Files\Java\jre7\lib\zi\backup.exe"C:\Program Files\Java\jre7\lib\zi\backup.exe" C:\Program Files\Java\jre7\lib\zi\8⤵
-
C:\Program Files\Java\jre7\lib\zi\Africa\update.exe"C:\Program Files\Java\jre7\lib\zi\Africa\update.exe" C:\Program Files\Java\jre7\lib\zi\Africa\9⤵
-
-
C:\Program Files\Java\jre7\lib\zi\America\backup.exe"C:\Program Files\Java\jre7\lib\zi\America\backup.exe" C:\Program Files\Java\jre7\lib\zi\America\9⤵
-
C:\Program Files\Java\jre7\lib\zi\America\Argentina\backup.exe"C:\Program Files\Java\jre7\lib\zi\America\Argentina\backup.exe" C:\Program Files\Java\jre7\lib\zi\America\Argentina\10⤵
-
-
C:\Program Files\Java\jre7\lib\zi\America\Indiana\backup.exe"C:\Program Files\Java\jre7\lib\zi\America\Indiana\backup.exe" C:\Program Files\Java\jre7\lib\zi\America\Indiana\10⤵
- System policy modification
-
-
C:\Program Files\Java\jre7\lib\zi\America\Kentucky\backup.exe"C:\Program Files\Java\jre7\lib\zi\America\Kentucky\backup.exe" C:\Program Files\Java\jre7\lib\zi\America\Kentucky\10⤵
-
-
C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\data.exe"C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\data.exe" C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\10⤵
-
-
-
C:\Program Files\Java\jre7\lib\zi\Antarctica\backup.exe"C:\Program Files\Java\jre7\lib\zi\Antarctica\backup.exe" C:\Program Files\Java\jre7\lib\zi\Antarctica\9⤵
-
-
C:\Program Files\Java\jre7\lib\zi\Asia\backup.exe"C:\Program Files\Java\jre7\lib\zi\Asia\backup.exe" C:\Program Files\Java\jre7\lib\zi\Asia\9⤵
-
-
C:\Program Files\Java\jre7\lib\zi\Atlantic\backup.exe"C:\Program Files\Java\jre7\lib\zi\Atlantic\backup.exe" C:\Program Files\Java\jre7\lib\zi\Atlantic\9⤵
- System policy modification
-
-
C:\Program Files\Java\jre7\lib\zi\Australia\backup.exe"C:\Program Files\Java\jre7\lib\zi\Australia\backup.exe" C:\Program Files\Java\jre7\lib\zi\Australia\9⤵
-
-
C:\Program Files\Java\jre7\lib\zi\Etc\backup.exe"C:\Program Files\Java\jre7\lib\zi\Etc\backup.exe" C:\Program Files\Java\jre7\lib\zi\Etc\9⤵
-
-
-
-
-
-
C:\Program Files\Microsoft Games\backup.exe"C:\Program Files\Microsoft Games\backup.exe" C:\Program Files\Microsoft Games\5⤵
- Drops file in Program Files directory
-
C:\Program Files\Microsoft Games\Chess\backup.exe"C:\Program Files\Microsoft Games\Chess\backup.exe" C:\Program Files\Microsoft Games\Chess\6⤵
- Drops file in Program Files directory
-
C:\Program Files\Microsoft Games\Chess\de-DE\backup.exe"C:\Program Files\Microsoft Games\Chess\de-DE\backup.exe" C:\Program Files\Microsoft Games\Chess\de-DE\7⤵
-
-
C:\Program Files\Microsoft Games\Chess\en-US\backup.exe"C:\Program Files\Microsoft Games\Chess\en-US\backup.exe" C:\Program Files\Microsoft Games\Chess\en-US\7⤵
-
-
C:\Program Files\Microsoft Games\Chess\es-ES\backup.exe"C:\Program Files\Microsoft Games\Chess\es-ES\backup.exe" C:\Program Files\Microsoft Games\Chess\es-ES\7⤵
-
-
C:\Program Files\Microsoft Games\Chess\fr-FR\backup.exe"C:\Program Files\Microsoft Games\Chess\fr-FR\backup.exe" C:\Program Files\Microsoft Games\Chess\fr-FR\7⤵
-
-
C:\Program Files\Microsoft Games\Chess\it-IT\backup.exe"C:\Program Files\Microsoft Games\Chess\it-IT\backup.exe" C:\Program Files\Microsoft Games\Chess\it-IT\7⤵
- System policy modification
-
-
C:\Program Files\Microsoft Games\Chess\ja-JP\backup.exe"C:\Program Files\Microsoft Games\Chess\ja-JP\backup.exe" C:\Program Files\Microsoft Games\Chess\ja-JP\7⤵
-
-
-
C:\Program Files\Microsoft Games\FreeCell\backup.exe"C:\Program Files\Microsoft Games\FreeCell\backup.exe" C:\Program Files\Microsoft Games\FreeCell\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Microsoft Games\FreeCell\de-DE\backup.exe"C:\Program Files\Microsoft Games\FreeCell\de-DE\backup.exe" C:\Program Files\Microsoft Games\FreeCell\de-DE\7⤵
-
-
C:\Program Files\Microsoft Games\FreeCell\en-US\backup.exe"C:\Program Files\Microsoft Games\FreeCell\en-US\backup.exe" C:\Program Files\Microsoft Games\FreeCell\en-US\7⤵
-
-
C:\Program Files\Microsoft Games\FreeCell\es-ES\backup.exe"C:\Program Files\Microsoft Games\FreeCell\es-ES\backup.exe" C:\Program Files\Microsoft Games\FreeCell\es-ES\7⤵
-
-
C:\Program Files\Microsoft Games\FreeCell\fr-FR\System Restore.exe"C:\Program Files\Microsoft Games\FreeCell\fr-FR\System Restore.exe" C:\Program Files\Microsoft Games\FreeCell\fr-FR\7⤵
-
-
C:\Program Files\Microsoft Games\FreeCell\it-IT\backup.exe"C:\Program Files\Microsoft Games\FreeCell\it-IT\backup.exe" C:\Program Files\Microsoft Games\FreeCell\it-IT\7⤵
-
-
C:\Program Files\Microsoft Games\FreeCell\ja-JP\backup.exe"C:\Program Files\Microsoft Games\FreeCell\ja-JP\backup.exe" C:\Program Files\Microsoft Games\FreeCell\ja-JP\7⤵
-
-
-
C:\Program Files\Microsoft Games\Hearts\backup.exe"C:\Program Files\Microsoft Games\Hearts\backup.exe" C:\Program Files\Microsoft Games\Hearts\6⤵
- Drops file in Program Files directory
-
C:\Program Files\Microsoft Games\Hearts\de-DE\backup.exe"C:\Program Files\Microsoft Games\Hearts\de-DE\backup.exe" C:\Program Files\Microsoft Games\Hearts\de-DE\7⤵
-
-
C:\Program Files\Microsoft Games\Hearts\en-US\backup.exe"C:\Program Files\Microsoft Games\Hearts\en-US\backup.exe" C:\Program Files\Microsoft Games\Hearts\en-US\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Microsoft Games\Hearts\es-ES\backup.exe"C:\Program Files\Microsoft Games\Hearts\es-ES\backup.exe" C:\Program Files\Microsoft Games\Hearts\es-ES\7⤵
-
-
C:\Program Files\Microsoft Games\Hearts\fr-FR\backup.exe"C:\Program Files\Microsoft Games\Hearts\fr-FR\backup.exe" C:\Program Files\Microsoft Games\Hearts\fr-FR\7⤵
-
-
C:\Program Files\Microsoft Games\Hearts\it-IT\backup.exe"C:\Program Files\Microsoft Games\Hearts\it-IT\backup.exe" C:\Program Files\Microsoft Games\Hearts\it-IT\7⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files\Microsoft Games\Hearts\ja-JP\backup.exe"C:\Program Files\Microsoft Games\Hearts\ja-JP\backup.exe" C:\Program Files\Microsoft Games\Hearts\ja-JP\7⤵
-
-
-
C:\Program Files\Microsoft Games\Mahjong\backup.exe"C:\Program Files\Microsoft Games\Mahjong\backup.exe" C:\Program Files\Microsoft Games\Mahjong\6⤵
- Drops file in Program Files directory
-
C:\Program Files\Microsoft Games\Mahjong\de-DE\backup.exe"C:\Program Files\Microsoft Games\Mahjong\de-DE\backup.exe" C:\Program Files\Microsoft Games\Mahjong\de-DE\7⤵
-
-
C:\Program Files\Microsoft Games\Mahjong\en-US\backup.exe"C:\Program Files\Microsoft Games\Mahjong\en-US\backup.exe" C:\Program Files\Microsoft Games\Mahjong\en-US\7⤵
-
-
C:\Program Files\Microsoft Games\Mahjong\es-ES\System Restore.exe"C:\Program Files\Microsoft Games\Mahjong\es-ES\System Restore.exe" C:\Program Files\Microsoft Games\Mahjong\es-ES\7⤵
-
-
C:\Program Files\Microsoft Games\Mahjong\fr-FR\backup.exe"C:\Program Files\Microsoft Games\Mahjong\fr-FR\backup.exe" C:\Program Files\Microsoft Games\Mahjong\fr-FR\7⤵
-
-
C:\Program Files\Microsoft Games\Mahjong\it-IT\backup.exe"C:\Program Files\Microsoft Games\Mahjong\it-IT\backup.exe" C:\Program Files\Microsoft Games\Mahjong\it-IT\7⤵
-
-
C:\Program Files\Microsoft Games\Mahjong\ja-JP\update.exe"C:\Program Files\Microsoft Games\Mahjong\ja-JP\update.exe" C:\Program Files\Microsoft Games\Mahjong\ja-JP\7⤵
-
-
-
C:\Program Files\Microsoft Games\Minesweeper\backup.exe"C:\Program Files\Microsoft Games\Minesweeper\backup.exe" C:\Program Files\Microsoft Games\Minesweeper\6⤵
- Drops file in Program Files directory
-
C:\Program Files\Microsoft Games\Minesweeper\de-DE\backup.exe"C:\Program Files\Microsoft Games\Minesweeper\de-DE\backup.exe" C:\Program Files\Microsoft Games\Minesweeper\de-DE\7⤵
-
-
C:\Program Files\Microsoft Games\Minesweeper\en-US\backup.exe"C:\Program Files\Microsoft Games\Minesweeper\en-US\backup.exe" C:\Program Files\Microsoft Games\Minesweeper\en-US\7⤵
-
-
C:\Program Files\Microsoft Games\Minesweeper\es-ES\backup.exe"C:\Program Files\Microsoft Games\Minesweeper\es-ES\backup.exe" C:\Program Files\Microsoft Games\Minesweeper\es-ES\7⤵
-
-
C:\Program Files\Microsoft Games\Minesweeper\fr-FR\backup.exe"C:\Program Files\Microsoft Games\Minesweeper\fr-FR\backup.exe" C:\Program Files\Microsoft Games\Minesweeper\fr-FR\7⤵
-
-
C:\Program Files\Microsoft Games\Minesweeper\it-IT\backup.exe"C:\Program Files\Microsoft Games\Minesweeper\it-IT\backup.exe" C:\Program Files\Microsoft Games\Minesweeper\it-IT\7⤵
-
-
C:\Program Files\Microsoft Games\Minesweeper\ja-JP\backup.exe"C:\Program Files\Microsoft Games\Minesweeper\ja-JP\backup.exe" C:\Program Files\Microsoft Games\Minesweeper\ja-JP\7⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Program Files\Microsoft Games\More Games\backup.exe"C:\Program Files\Microsoft Games\More Games\backup.exe" C:\Program Files\Microsoft Games\More Games\6⤵
-
C:\Program Files\Microsoft Games\More Games\de-DE\backup.exe"C:\Program Files\Microsoft Games\More Games\de-DE\backup.exe" C:\Program Files\Microsoft Games\More Games\de-DE\7⤵
-
-
C:\Program Files\Microsoft Games\More Games\en-US\backup.exe"C:\Program Files\Microsoft Games\More Games\en-US\backup.exe" C:\Program Files\Microsoft Games\More Games\en-US\7⤵
-
-
C:\Program Files\Microsoft Games\More Games\es-ES\backup.exe"C:\Program Files\Microsoft Games\More Games\es-ES\backup.exe" C:\Program Files\Microsoft Games\More Games\es-ES\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Microsoft Games\More Games\fr-FR\backup.exe"C:\Program Files\Microsoft Games\More Games\fr-FR\backup.exe" C:\Program Files\Microsoft Games\More Games\fr-FR\7⤵
-
-
C:\Program Files\Microsoft Games\More Games\it-IT\backup.exe"C:\Program Files\Microsoft Games\More Games\it-IT\backup.exe" C:\Program Files\Microsoft Games\More Games\it-IT\7⤵
-
-
C:\Program Files\Microsoft Games\More Games\ja-JP\backup.exe"C:\Program Files\Microsoft Games\More Games\ja-JP\backup.exe" C:\Program Files\Microsoft Games\More Games\ja-JP\7⤵
-
-
-
C:\Program Files\Microsoft Games\Multiplayer\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\6⤵
-
C:\Program Files\Microsoft Games\Multiplayer\Backgammon\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Backgammon\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Backgammon\7⤵
-
C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\8⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\8⤵
-
-
-
-
-
C:\Program Files\Microsoft Office\backup.exe"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\5⤵
- Drops file in Program Files directory
-
C:\Program Files\Microsoft Office\Office14\System Restore.exe"C:\Program Files\Microsoft Office\Office14\System Restore.exe" C:\Program Files\Microsoft Office\Office14\6⤵
-
C:\Program Files\Microsoft Office\Office14\1033\backup.exe"C:\Program Files\Microsoft Office\Office14\1033\backup.exe" C:\Program Files\Microsoft Office\Office14\1033\7⤵
-
-
-
-
C:\Program Files\Mozilla Firefox\backup.exe"C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\5⤵
-
C:\Program Files\Mozilla Firefox\browser\backup.exe"C:\Program Files\Mozilla Firefox\browser\backup.exe" C:\Program Files\Mozilla Firefox\browser\6⤵
-
C:\Program Files\Mozilla Firefox\browser\features\backup.exe"C:\Program Files\Mozilla Firefox\browser\features\backup.exe" C:\Program Files\Mozilla Firefox\browser\features\7⤵
-
-
C:\Program Files\Mozilla Firefox\browser\VisualElements\data.exe"C:\Program Files\Mozilla Firefox\browser\VisualElements\data.exe" C:\Program Files\Mozilla Firefox\browser\VisualElements\7⤵
- Modifies visibility of file extensions in Explorer
- System Location Discovery: System Language Discovery
-
-
-
C:\Program Files\Mozilla Firefox\defaults\backup.exe"C:\Program Files\Mozilla Firefox\defaults\backup.exe" C:\Program Files\Mozilla Firefox\defaults\6⤵
-
C:\Program Files\Mozilla Firefox\defaults\pref\backup.exe"C:\Program Files\Mozilla Firefox\defaults\pref\backup.exe" C:\Program Files\Mozilla Firefox\defaults\pref\7⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files\Mozilla Firefox\fonts\update.exe"C:\Program Files\Mozilla Firefox\fonts\update.exe" C:\Program Files\Mozilla Firefox\fonts\6⤵
-
-
C:\Program Files\Mozilla Firefox\gmp-clearkey\backup.exe"C:\Program Files\Mozilla Firefox\gmp-clearkey\backup.exe" C:\Program Files\Mozilla Firefox\gmp-clearkey\6⤵
-
C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\backup.exe"C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\backup.exe" C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\7⤵
-
-
-
C:\Program Files\Mozilla Firefox\uninstall\backup.exe"C:\Program Files\Mozilla Firefox\uninstall\backup.exe" C:\Program Files\Mozilla Firefox\uninstall\6⤵
-
-
-
C:\Program Files\MSBuild\backup.exe"C:\Program Files\MSBuild\backup.exe" C:\Program Files\MSBuild\5⤵
- Drops file in Program Files directory
-
C:\Program Files\MSBuild\Microsoft\backup.exe"C:\Program Files\MSBuild\Microsoft\backup.exe" C:\Program Files\MSBuild\Microsoft\6⤵
-
C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\backup.exe"C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\backup.exe" C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\7⤵
-
C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\backup.exe"C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\backup.exe" C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\8⤵
-
-
C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\backup.exe"C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\backup.exe" C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\8⤵
-
-
-
-
-
C:\Program Files\Reference Assemblies\backup.exe"C:\Program Files\Reference Assemblies\backup.exe" C:\Program Files\Reference Assemblies\5⤵
- System policy modification
-
C:\Program Files\Reference Assemblies\Microsoft\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\6⤵
- System Location Discovery: System Language Discovery
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\7⤵
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\8⤵
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\data.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\data.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\9⤵
- System policy modification
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\9⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\9⤵
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System Restore.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System Restore.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\9⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System Restore.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System Restore.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\9⤵
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\9⤵
-
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\8⤵
- Drops file in Program Files directory
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\9⤵
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\9⤵
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\9⤵
-
-
-
-
-
-
C:\Program Files\VideoLAN\backup.exe"C:\Program Files\VideoLAN\backup.exe" C:\Program Files\VideoLAN\5⤵
-
C:\Program Files\VideoLAN\VLC\backup.exe"C:\Program Files\VideoLAN\VLC\backup.exe" C:\Program Files\VideoLAN\VLC\6⤵
-
C:\Program Files\VideoLAN\VLC\hrtfs\backup.exe"C:\Program Files\VideoLAN\VLC\hrtfs\backup.exe" C:\Program Files\VideoLAN\VLC\hrtfs\7⤵
-
-
C:\Program Files\VideoLAN\VLC\locale\backup.exe"C:\Program Files\VideoLAN\VLC\locale\backup.exe" C:\Program Files\VideoLAN\VLC\locale\7⤵
-
C:\Program Files\VideoLAN\VLC\locale\ach\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ach\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ach\8⤵
-
C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\9⤵
-
-
-
-
-
-
C:\Program Files\Windows Defender\backup.exe"C:\Program Files\Windows Defender\backup.exe" C:\Program Files\Windows Defender\5⤵
-
C:\Program Files\Windows Defender\de-DE\backup.exe"C:\Program Files\Windows Defender\de-DE\backup.exe" C:\Program Files\Windows Defender\de-DE\6⤵
-
-
C:\Program Files\Windows Defender\en-US\backup.exe"C:\Program Files\Windows Defender\en-US\backup.exe" C:\Program Files\Windows Defender\en-US\6⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\data.exe"C:\Program Files (x86)\Adobe\Reader 9.0\data.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\9⤵
- System policy modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\9⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\10⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\9⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\10⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\11⤵
- System Location Discovery: System Language Discovery
-
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\9⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\10⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\9⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\10⤵
-
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\8⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\8⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\9⤵
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\9⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\10⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\11⤵
-
-
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\9⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\10⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\10⤵
- Drops file in Program Files directory
- System Network Configuration Discovery: Internet Connection Discovery
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\11⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\11⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\11⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
-
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\8⤵
-
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\7⤵
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\update.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\update.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\8⤵
- System Location Discovery: System Language Discovery
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9⤵
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\10⤵
-
-
-
-
-
C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Updater6\7⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\6⤵
-
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\Versions\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\Versions\7⤵
-
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\data.exe"C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\data.exe" C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\8⤵
- System Location Discovery: System Language Discovery
-
-
-
-
C:\Program Files (x86)\Common Files\DESIGNER\backup.exe"C:\Program Files (x86)\Common Files\DESIGNER\backup.exe" C:\Program Files (x86)\Common Files\DESIGNER\6⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\6⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\microsoft shared\DAO\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\DAO\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\DAO\7⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\DW\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\DW\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\DW\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\1033\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\1033\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\1033\8⤵
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\EURO\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\EURO\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\EURO\7⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Filters\update.exe"C:\Program Files (x86)\Common Files\microsoft shared\Filters\update.exe" C:\Program Files (x86)\Common Files\microsoft shared\Filters\7⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\7⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\7⤵
- System Location Discovery: System Language Discovery
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\8⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\8⤵
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\1.0\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\1.0\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\1.0\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\data.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\data.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\HWRCustomization\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\HWRCustomization\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\HWRCustomization\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\it-IT\System Restore.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\it-IT\System Restore.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\8⤵
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\MSClientDataMgr\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSClientDataMgr\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSClientDataMgr\7⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\7⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\PublicAssemblies\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\PublicAssemblies\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\PublicAssemblies\8⤵
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\de-DE\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\de-DE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\de-DE\8⤵
- System policy modification
-
-
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\en-US\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\en-US\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\en-US\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\es-ES\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\es-ES\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\es-ES\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\fr-FR\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\it-IT\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\it-IT\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\it-IT\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\ja-JP\8⤵
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\update.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\update.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\8⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Access.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Access.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Access.en-us\9⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Excel.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Excel.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Excel.en-us\9⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Groove.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Groove.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Groove.en-us\9⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\InfoPath.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\InfoPath.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\InfoPath.en-us\9⤵
- System policy modification
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\9⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.en-us\9⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.WW\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.WW\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.WW\9⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\OneNote.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\OneNote.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\OneNote.en-us\9⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Outlook.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Outlook.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Outlook.en-us\9⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\9⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.en\System Restore.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.en\System Restore.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.en\9⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.es\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.es\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.es\9⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.fr\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.fr\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.fr\9⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proofing.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proofing.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proofing.en-us\9⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PROPLUS\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PROPLUS\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PROPLUS\9⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Publisher.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Publisher.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Publisher.en-us\9⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Word.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Word.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Word.en-us\9⤵
-
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\7⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Portal\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Portal\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Portal\7⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\Portal\1033\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Portal\1033\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Portal\1033\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\PROOF\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\PROOF\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\PROOF\7⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\7⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\1033\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\1033\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\1033\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\8⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\1033\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\1033\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\1033\9⤵
-
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\7⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Stationery\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Stationery\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Stationery\7⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TextConv\System Restore.exe"C:\Program Files (x86)\Common Files\microsoft shared\TextConv\System Restore.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\7⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\TextConv\de-DE\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TextConv\de-DE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\de-DE\8⤵
- System policy modification
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TextConv\en-US\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TextConv\en-US\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\en-US\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TextConv\es-ES\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TextConv\es-ES\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\es-ES\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TextConv\fr-FR\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TextConv\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\fr-FR\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TextConv\it-IT\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TextConv\it-IT\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\it-IT\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TextConv\ja-JP\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TextConv\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\ja-JP\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\7⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AFTRNOON\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AFTRNOON\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AFTRNOON\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ARCTIC\update.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ARCTIC\update.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ARCTIC\8⤵
- System policy modification
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AXIS\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AXIS\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AXIS\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLENDS\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLENDS\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLENDS\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\8⤵
- System policy modification
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ARFR\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ARFR\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ARFR\8⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENES\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENES\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENES\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENFR\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENFR\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENFR\8⤵
-
-
-
-
C:\Program Files (x86)\Common Files\Services\backup.exe"C:\Program Files (x86)\Common Files\Services\backup.exe" C:\Program Files (x86)\Common Files\Services\6⤵
-
-
C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe"C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe" C:\Program Files (x86)\Common Files\SpeechEngines\6⤵
-
C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\backup.exe"C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\7⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files (x86)\Common Files\System\backup.exe"C:\Program Files (x86)\Common Files\System\backup.exe" C:\Program Files (x86)\Common Files\System\6⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\System\ado\backup.exe"C:\Program Files (x86)\Common Files\System\ado\backup.exe" C:\Program Files (x86)\Common Files\System\ado\7⤵
-
C:\Program Files (x86)\Common Files\System\ado\de-DE\backup.exe"C:\Program Files (x86)\Common Files\System\ado\de-DE\backup.exe" C:\Program Files (x86)\Common Files\System\ado\de-DE\8⤵
-
-
C:\Program Files (x86)\Common Files\System\ado\en-US\backup.exe"C:\Program Files (x86)\Common Files\System\ado\en-US\backup.exe" C:\Program Files (x86)\Common Files\System\ado\en-US\8⤵
-
-
C:\Program Files (x86)\Common Files\System\ado\es-ES\backup.exe"C:\Program Files (x86)\Common Files\System\ado\es-ES\backup.exe" C:\Program Files (x86)\Common Files\System\ado\es-ES\8⤵
-
-
C:\Program Files (x86)\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files (x86)\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\System\ado\fr-FR\8⤵
-
-
C:\Program Files (x86)\Common Files\System\ado\it-IT\backup.exe"C:\Program Files (x86)\Common Files\System\ado\it-IT\backup.exe" C:\Program Files (x86)\Common Files\System\ado\it-IT\8⤵
-
-
C:\Program Files (x86)\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files (x86)\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\System\ado\ja-JP\8⤵
-
-
-
C:\Program Files (x86)\Common Files\System\de-DE\backup.exe"C:\Program Files (x86)\Common Files\System\de-DE\backup.exe" C:\Program Files (x86)\Common Files\System\de-DE\7⤵
- System policy modification
-
-
C:\Program Files (x86)\Common Files\System\en-US\backup.exe"C:\Program Files (x86)\Common Files\System\en-US\backup.exe" C:\Program Files (x86)\Common Files\System\en-US\7⤵
-
-
C:\Program Files (x86)\Common Files\System\es-ES\System Restore.exe"C:\Program Files (x86)\Common Files\System\es-ES\System Restore.exe" C:\Program Files (x86)\Common Files\System\es-ES\7⤵
-
-
C:\Program Files (x86)\Common Files\System\fr-FR\backup.exe"C:\Program Files (x86)\Common Files\System\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\System\fr-FR\7⤵
-
-
C:\Program Files (x86)\Common Files\System\it-IT\backup.exe"C:\Program Files (x86)\Common Files\System\it-IT\backup.exe" C:\Program Files (x86)\Common Files\System\it-IT\7⤵
-
-
C:\Program Files (x86)\Common Files\System\ja-JP\backup.exe"C:\Program Files (x86)\Common Files\System\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\System\ja-JP\7⤵
-
-
C:\Program Files (x86)\Common Files\System\msadc\backup.exe"C:\Program Files (x86)\Common Files\System\msadc\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\7⤵
-
C:\Program Files (x86)\Common Files\System\msadc\de-DE\backup.exe"C:\Program Files (x86)\Common Files\System\msadc\de-DE\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\de-DE\8⤵
-
-
C:\Program Files (x86)\Common Files\System\msadc\en-US\backup.exe"C:\Program Files (x86)\Common Files\System\msadc\en-US\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\en-US\8⤵
-
-
C:\Program Files (x86)\Common Files\System\msadc\es-ES\backup.exe"C:\Program Files (x86)\Common Files\System\msadc\es-ES\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\es-ES\8⤵
-
-
C:\Program Files (x86)\Common Files\System\msadc\fr-FR\data.exe"C:\Program Files (x86)\Common Files\System\msadc\fr-FR\data.exe" C:\Program Files (x86)\Common Files\System\msadc\fr-FR\8⤵
-
-
C:\Program Files (x86)\Common Files\System\msadc\it-IT\backup.exe"C:\Program Files (x86)\Common Files\System\msadc\it-IT\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\it-IT\8⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Common Files\System\msadc\ja-JP\update.exe"C:\Program Files (x86)\Common Files\System\msadc\ja-JP\update.exe" C:\Program Files (x86)\Common Files\System\msadc\ja-JP\8⤵
-
-
-
C:\Program Files (x86)\Common Files\System\MSMAPI\backup.exe"C:\Program Files (x86)\Common Files\System\MSMAPI\backup.exe" C:\Program Files (x86)\Common Files\System\MSMAPI\7⤵
-
C:\Program Files (x86)\Common Files\System\MSMAPI\1033\backup.exe"C:\Program Files (x86)\Common Files\System\MSMAPI\1033\backup.exe" C:\Program Files (x86)\Common Files\System\MSMAPI\1033\8⤵
-
-
-
C:\Program Files (x86)\Common Files\System\Ole DB\backup.exe"C:\Program Files (x86)\Common Files\System\Ole DB\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\7⤵
-
C:\Program Files (x86)\Common Files\System\Ole DB\de-DE\backup.exe"C:\Program Files (x86)\Common Files\System\Ole DB\de-DE\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\de-DE\8⤵
-
-
C:\Program Files (x86)\Common Files\System\Ole DB\en-US\backup.exe"C:\Program Files (x86)\Common Files\System\Ole DB\en-US\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\en-US\8⤵
-
-
C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\backup.exe"C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\8⤵
-
-
C:\Program Files (x86)\Common Files\System\Ole DB\fr-FR\backup.exe"C:\Program Files (x86)\Common Files\System\Ole DB\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\fr-FR\8⤵
-
-
C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\backup.exe"C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\8⤵
-
-
C:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\backup.exe"C:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\8⤵
-
-
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
-
C:\Program Files (x86)\Google\CrashReports\update.exe"C:\Program Files (x86)\Google\CrashReports\update.exe" C:\Program Files (x86)\Google\CrashReports\6⤵
-
-
C:\Program Files (x86)\Google\Temp\backup.exe"C:\Program Files (x86)\Google\Temp\backup.exe" C:\Program Files (x86)\Google\Temp\6⤵
-
-
C:\Program Files (x86)\Google\Update\backup.exe"C:\Program Files (x86)\Google\Update\backup.exe" C:\Program Files (x86)\Google\Update\6⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Google\Update\1.3.36.151\backup.exe"C:\Program Files (x86)\Google\Update\1.3.36.151\backup.exe" C:\Program Files (x86)\Google\Update\1.3.36.151\7⤵
-
-
C:\Program Files (x86)\Google\Update\Download\System Restore.exe"C:\Program Files (x86)\Google\Update\Download\System Restore.exe" C:\Program Files (x86)\Google\Update\Download\7⤵
-
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\backup.exe"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\backup.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\8⤵
-
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\backup.exe"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\backup.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\9⤵
-
-
-
-
C:\Program Files (x86)\Google\Update\Install\backup.exe"C:\Program Files (x86)\Google\Update\Install\backup.exe" C:\Program Files (x86)\Google\Update\Install\7⤵
- System policy modification
-
C:\Program Files (x86)\Google\Update\Install\{8EA3FE23-8E0B-4836-8777-C2D6ED0590DC}\backup.exe"C:\Program Files (x86)\Google\Update\Install\{8EA3FE23-8E0B-4836-8777-C2D6ED0590DC}\backup.exe" C:\Program Files (x86)\Google\Update\Install\{8EA3FE23-8E0B-4836-8777-C2D6ED0590DC}\8⤵
-
-
-
C:\Program Files (x86)\Google\Update\Offline\backup.exe"C:\Program Files (x86)\Google\Update\Offline\backup.exe" C:\Program Files (x86)\Google\Update\Offline\7⤵
-
-
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
-
C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe"C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe" C:\Program Files (x86)\Internet Explorer\de-DE\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\en-US\backup.exe"C:\Program Files (x86)\Internet Explorer\en-US\backup.exe" C:\Program Files (x86)\Internet Explorer\en-US\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\es-ES\data.exe"C:\Program Files (x86)\Internet Explorer\es-ES\data.exe" C:\Program Files (x86)\Internet Explorer\es-ES\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\fr-FR\backup.exe"C:\Program Files (x86)\Internet Explorer\fr-FR\backup.exe" C:\Program Files (x86)\Internet Explorer\fr-FR\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\it-IT\backup.exe"C:\Program Files (x86)\Internet Explorer\it-IT\backup.exe" C:\Program Files (x86)\Internet Explorer\it-IT\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\ja-JP\backup.exe"C:\Program Files (x86)\Internet Explorer\ja-JP\backup.exe" C:\Program Files (x86)\Internet Explorer\ja-JP\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\SIGNUP\backup.exe"C:\Program Files (x86)\Internet Explorer\SIGNUP\backup.exe" C:\Program Files (x86)\Internet Explorer\SIGNUP\6⤵
-
-
-
C:\Program Files (x86)\Microsoft Analysis Services\data.exe"C:\Program Files (x86)\Microsoft Analysis Services\data.exe" C:\Program Files (x86)\Microsoft Analysis Services\5⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\6⤵
-
C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\7⤵
-
C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\8⤵
-
-
C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\8⤵
-
C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\9⤵
-
-
-
-
-
-
C:\Program Files (x86)\Microsoft Office\backup.exe"C:\Program Files (x86)\Microsoft Office\backup.exe" C:\Program Files (x86)\Microsoft Office\5⤵
-
C:\Program Files (x86)\Microsoft Office\CLIPART\backup.exe"C:\Program Files (x86)\Microsoft Office\CLIPART\backup.exe" C:\Program Files (x86)\Microsoft Office\CLIPART\6⤵
-
C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\backup.exe"C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\backup.exe" C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\7⤵
-
-
C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\backup.exe"C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\backup.exe" C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\7⤵
-
C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\backup.exe"C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\backup.exe" C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\8⤵
-
-
-
-
C:\Program Files (x86)\Microsoft Office\Document Themes 14\backup.exe"C:\Program Files (x86)\Microsoft Office\Document Themes 14\backup.exe" C:\Program Files (x86)\Microsoft Office\Document Themes 14\6⤵
-
C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\backup.exe"C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\backup.exe" C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\7⤵
-
-
C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\backup.exe"C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\backup.exe" C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\7⤵
-
-
C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\backup.exe"C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\backup.exe" C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\7⤵
-
-
-
C:\Program Files (x86)\Microsoft Office\MEDIA\backup.exe"C:\Program Files (x86)\Microsoft Office\MEDIA\backup.exe" C:\Program Files (x86)\Microsoft Office\MEDIA\6⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\backup.exe"C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\backup.exe" C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\7⤵
-
C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\1033\System Restore.exe"C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\1033\System Restore.exe" C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\1033\8⤵
-
-
-
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\update.exe"C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\update.exe" C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\1033\backup.exe"C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\1033\backup.exe" C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\1033\8⤵
-
-
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\data.exe"C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\data.exe" C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\8⤵
-
-
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\backup.exe"C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\backup.exe" C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\8⤵
-
-
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\backup.exe"C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\backup.exe" C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\8⤵
-
-
-
-
C:\Program Files (x86)\Microsoft Office\Office14\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\6⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\System Restore.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\System Restore.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\Bibliography\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\Bibliography\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\Bibliography\8⤵
-
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\8⤵
-
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\8⤵
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\9⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Americana\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Americana\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Americana\10⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\10⤵
-
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\update.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\update.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\10⤵
-
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\10⤵
-
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\10⤵
- System policy modification
-
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Desert\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Desert\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Desert\10⤵
-
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\GrayCheck\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\GrayCheck\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\GrayCheck\10⤵
- System policy modification
-
-
-
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\8⤵
-
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\8⤵
-
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\QuickStyles\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\QuickStyles\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\QuickStyles\8⤵
-
-
-
C:\Program Files (x86)\Microsoft Office\Office14\1036\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\1036\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1036\7⤵
-
-
C:\Program Files (x86)\Microsoft Office\Office14\3082\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\3082\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\3082\7⤵
-
-
C:\Program Files (x86)\Microsoft Office\Office14\AccessWeb\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\AccessWeb\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\AccessWeb\7⤵
-
-
C:\Program Files (x86)\Microsoft Office\Office14\ACCWIZ\update.exe"C:\Program Files (x86)\Microsoft Office\Office14\ACCWIZ\update.exe" C:\Program Files (x86)\Microsoft Office\Office14\ACCWIZ\7⤵
-
-
C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\7⤵
-
-
C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Sort\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Sort\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Sort\8⤵
-
-
C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\8⤵
-
-
-
C:\Program Files (x86)\Microsoft Office\Office14\BORDERS\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\BORDERS\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\BORDERS\7⤵
-
-
-
C:\Program Files (x86)\Microsoft Office\Stationery\backup.exe"C:\Program Files (x86)\Microsoft Office\Stationery\backup.exe" C:\Program Files (x86)\Microsoft Office\Stationery\6⤵
-
C:\Program Files (x86)\Microsoft Office\Stationery\1033\backup.exe"C:\Program Files (x86)\Microsoft Office\Stationery\1033\backup.exe" C:\Program Files (x86)\Microsoft Office\Stationery\1033\7⤵
-
-
-
C:\Program Files (x86)\Microsoft Office\Templates\backup.exe"C:\Program Files (x86)\Microsoft Office\Templates\backup.exe" C:\Program Files (x86)\Microsoft Office\Templates\6⤵
-
C:\Program Files (x86)\Microsoft Office\Templates\1033\backup.exe"C:\Program Files (x86)\Microsoft Office\Templates\1033\backup.exe" C:\Program Files (x86)\Microsoft Office\Templates\1033\7⤵
-
C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\backup.exe"C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\backup.exe" C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\8⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\DataType\backup.exe"C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\DataType\backup.exe" C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\DataType\9⤵
-
-
C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\Part\backup.exe"C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\Part\backup.exe" C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\Part\9⤵
-
-
C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\WSS\backup.exe"C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\WSS\backup.exe" C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\WSS\9⤵
-
-
-
C:\Program Files (x86)\Microsoft Office\Templates\1033\FAX\backup.exe"C:\Program Files (x86)\Microsoft Office\Templates\1033\FAX\backup.exe" C:\Program Files (x86)\Microsoft Office\Templates\1033\FAX\8⤵
-
-
C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\backup.exe"C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\backup.exe" C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\8⤵
-
C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\backup.exe"C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\backup.exe" C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\9⤵
-
C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\backup.exe"C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\backup.exe" C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\10⤵
-
-
C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\backup.exe"C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\backup.exe" C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\10⤵
-
-
-
-
-
C:\Program Files (x86)\Microsoft Office\Templates\Presentation Designs\backup.exe"C:\Program Files (x86)\Microsoft Office\Templates\Presentation Designs\backup.exe" C:\Program Files (x86)\Microsoft Office\Templates\Presentation Designs\7⤵
- System Location Discovery: System Language Discovery
-
-
-
-
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe"C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe" C:\Program Files (x86)\Microsoft SQL Server Compact Edition\5⤵
- System Location Discovery: System Language Discovery
-
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\backup.exe"C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\backup.exe" C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\6⤵
-
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\Desktop\backup.exe"C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\Desktop\backup.exe" C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\Desktop\7⤵
-
-
-
-
C:\Program Files (x86)\Microsoft Sync Framework\backup.exe"C:\Program Files (x86)\Microsoft Sync Framework\backup.exe" C:\Program Files (x86)\Microsoft Sync Framework\5⤵
-
C:\Program Files (x86)\Microsoft Sync Framework\v1.0\backup.exe"C:\Program Files (x86)\Microsoft Sync Framework\v1.0\backup.exe" C:\Program Files (x86)\Microsoft Sync Framework\v1.0\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\backup.exe"C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\backup.exe" C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\7⤵
-
C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\1033\backup.exe"C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\1033\backup.exe" C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\1033\8⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\1033\License Agreements\backup.exe"C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\1033\License Agreements\backup.exe" C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\1033\License Agreements\9⤵
-
-
-
-
C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\backup.exe"C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\backup.exe" C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\7⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
-
C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\x86\backup.exe"C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\x86\backup.exe" C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\x86\8⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\x86\resources\backup.exe"C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\x86\resources\backup.exe" C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\x86\resources\9⤵
-
C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\x86\resources\1033\backup.exe"C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\x86\resources\1033\backup.exe" C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\x86\resources\1033\10⤵
-
-
-
-
-
-
-
C:\Program Files (x86)\Microsoft Synchronization Services\data.exe"C:\Program Files (x86)\Microsoft Synchronization Services\data.exe" C:\Program Files (x86)\Microsoft Synchronization Services\5⤵
-
C:\Program Files (x86)\Microsoft Synchronization Services\ADO.NET\backup.exe"C:\Program Files (x86)\Microsoft Synchronization Services\ADO.NET\backup.exe" C:\Program Files (x86)\Microsoft Synchronization Services\ADO.NET\6⤵
-
C:\Program Files (x86)\Microsoft Synchronization Services\ADO.NET\v1.0\backup.exe"C:\Program Files (x86)\Microsoft Synchronization Services\ADO.NET\v1.0\backup.exe" C:\Program Files (x86)\Microsoft Synchronization Services\ADO.NET\v1.0\7⤵
-
-
-
-
C:\Program Files (x86)\Microsoft Visual Studio 8\backup.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\backup.exe" C:\Program Files (x86)\Microsoft Visual Studio 8\5⤵
-
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\backup.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\backup.exe" C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\6⤵
-
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\backup.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\backup.exe" C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\7⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\backup.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\backup.exe" C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\8⤵
-
-
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\backup.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\backup.exe" C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\8⤵
-
-
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\backup.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\backup.exe" C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\8⤵
-
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\backup.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\backup.exe" C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\9⤵
-
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\backup.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\backup.exe" C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\10⤵
-
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\backup.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\backup.exe" C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\11⤵
-
-
-
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\backup.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\backup.exe" C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\10⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
-
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\Packages\backup.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\Packages\backup.exe" C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\Packages\7⤵
-
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\Packages\Debugger\backup.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\Packages\Debugger\backup.exe" C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\Packages\Debugger\8⤵
- System policy modification
-
-
-
-
C:\Program Files (x86)\Microsoft Visual Studio 8\SDK\System Restore.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\SDK\System Restore.exe" C:\Program Files (x86)\Microsoft Visual Studio 8\SDK\6⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\backup.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\backup.exe" C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\backup.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\backup.exe" C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\7⤵
- System Location Discovery: System Language Discovery
-
C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\backup.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\backup.exe" C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\8⤵
-
-
-
-
-
C:\Program Files (x86)\Microsoft.NET\backup.exe"C:\Program Files (x86)\Microsoft.NET\backup.exe" C:\Program Files (x86)\Microsoft.NET\5⤵
-
C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\backup.exe"C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\backup.exe" C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\6⤵
-
-
C:\Program Files (x86)\Microsoft.NET\RedistList\backup.exe"C:\Program Files (x86)\Microsoft.NET\RedistList\backup.exe" C:\Program Files (x86)\Microsoft.NET\RedistList\6⤵
-
-
-
C:\Program Files (x86)\Mozilla Maintenance Service\backup.exe"C:\Program Files (x86)\Mozilla Maintenance Service\backup.exe" C:\Program Files (x86)\Mozilla Maintenance Service\5⤵
-
C:\Program Files (x86)\Mozilla Maintenance Service\logs\backup.exe"C:\Program Files (x86)\Mozilla Maintenance Service\logs\backup.exe" C:\Program Files (x86)\Mozilla Maintenance Service\logs\6⤵
-
-
-
C:\Program Files (x86)\MSBuild\backup.exe"C:\Program Files (x86)\MSBuild\backup.exe" C:\Program Files (x86)\MSBuild\5⤵
- Drops file in Program Files directory
-
-
-
C:\Users\update.exeC:\Users\update.exe C:\Users\4⤵
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\6⤵
-
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
-
-
C:\Users\Admin\Documents\backup.exeC:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\6⤵
-
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
-
-
C:\Users\Admin\Favorites\backup.exeC:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\6⤵
-
-
C:\Users\Admin\Links\System Restore.exe"C:\Users\Admin\Links\System Restore.exe" C:\Users\Admin\Links\6⤵
-
-
C:\Users\Admin\Music\backup.exeC:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\6⤵
-
-
C:\Users\Admin\Pictures\System Restore.exe"C:\Users\Admin\Pictures\System Restore.exe" C:\Users\Admin\Pictures\6⤵
-
-
C:\Users\Admin\Saved Games\backup.exe"C:\Users\Admin\Saved Games\backup.exe" C:\Users\Admin\Saved Games\6⤵
- System policy modification
-
-
C:\Users\Admin\Searches\backup.exeC:\Users\Admin\Searches\backup.exe C:\Users\Admin\Searches\6⤵
-
-
C:\Users\Admin\Videos\backup.exeC:\Users\Admin\Videos\backup.exe C:\Users\Admin\Videos\6⤵
-
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
-
C:\Users\Public\Documents\backup.exeC:\Users\Public\Documents\backup.exe C:\Users\Public\Documents\6⤵
-
-
C:\Users\Public\Downloads\System Restore.exe"C:\Users\Public\Downloads\System Restore.exe" C:\Users\Public\Downloads\6⤵
-
-
C:\Users\Public\Music\backup.exeC:\Users\Public\Music\backup.exe C:\Users\Public\Music\6⤵
-
C:\Users\Public\Music\Sample Music\backup.exe"C:\Users\Public\Music\Sample Music\backup.exe" C:\Users\Public\Music\Sample Music\7⤵
-
-
-
C:\Users\Public\Pictures\backup.exeC:\Users\Public\Pictures\backup.exe C:\Users\Public\Pictures\6⤵
-
C:\Users\Public\Pictures\Sample Pictures\backup.exe"C:\Users\Public\Pictures\Sample Pictures\backup.exe" C:\Users\Public\Pictures\Sample Pictures\7⤵
-
-
-
C:\Users\Public\Recorded TV\backup.exe"C:\Users\Public\Recorded TV\backup.exe" C:\Users\Public\Recorded TV\6⤵
-
C:\Users\Public\Recorded TV\Sample Media\backup.exe"C:\Users\Public\Recorded TV\Sample Media\backup.exe" C:\Users\Public\Recorded TV\Sample Media\7⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Users\Public\Videos\backup.exeC:\Users\Public\Videos\backup.exe C:\Users\Public\Videos\6⤵
-
C:\Users\Public\Videos\Sample Videos\backup.exe"C:\Users\Public\Videos\Sample Videos\backup.exe" C:\Users\Public\Videos\Sample Videos\7⤵
-
-
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
- Drops file in Windows directory
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
-
-
C:\Windows\AppCompat\backup.exeC:\Windows\AppCompat\backup.exe C:\Windows\AppCompat\5⤵
-
-
C:\Windows\AppPatch\System Restore.exe"C:\Windows\AppPatch\System Restore.exe" C:\Windows\AppPatch\5⤵
- Drops file in Windows directory
-
C:\Windows\AppPatch\AppPatch64\backup.exeC:\Windows\AppPatch\AppPatch64\backup.exe C:\Windows\AppPatch\AppPatch64\6⤵
-
-
C:\Windows\AppPatch\Custom\backup.exeC:\Windows\AppPatch\Custom\backup.exe C:\Windows\AppPatch\Custom\6⤵
- Drops file in Windows directory
-
C:\Windows\AppPatch\Custom\Custom64\backup.exeC:\Windows\AppPatch\Custom\Custom64\backup.exe C:\Windows\AppPatch\Custom\Custom64\7⤵
-
-
-
C:\Windows\AppPatch\de-DE\backup.exeC:\Windows\AppPatch\de-DE\backup.exe C:\Windows\AppPatch\de-DE\6⤵
-
-
C:\Windows\AppPatch\en-US\backup.exeC:\Windows\AppPatch\en-US\backup.exe C:\Windows\AppPatch\en-US\6⤵
-
-
C:\Windows\AppPatch\es-ES\backup.exeC:\Windows\AppPatch\es-ES\backup.exe C:\Windows\AppPatch\es-ES\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\AppPatch\fr-FR\backup.exeC:\Windows\AppPatch\fr-FR\backup.exe C:\Windows\AppPatch\fr-FR\6⤵
-
-
C:\Windows\AppPatch\it-IT\backup.exeC:\Windows\AppPatch\it-IT\backup.exe C:\Windows\AppPatch\it-IT\6⤵
-
-
C:\Windows\AppPatch\ja-JP\backup.exeC:\Windows\AppPatch\ja-JP\backup.exe C:\Windows\AppPatch\ja-JP\6⤵
-
-
-
C:\Windows\assembly\backup.exeC:\Windows\assembly\backup.exe C:\Windows\assembly\5⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC\backup.exeC:\Windows\assembly\GAC\backup.exe C:\Windows\assembly\GAC\6⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC\ADODB\backup.exeC:\Windows\assembly\GAC\ADODB\backup.exe C:\Windows\assembly\GAC\ADODB\7⤵
-
C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\update.exeC:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\update.exe C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\8⤵
-
-
-
C:\Windows\assembly\GAC\Extensibility\backup.exeC:\Windows\assembly\GAC\Extensibility\backup.exe C:\Windows\assembly\GAC\Extensibility\7⤵
- Drops file in Windows directory
- System policy modification
-
C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\8⤵
-
-
-
C:\Windows\assembly\GAC\Microsoft.Ink\backup.exeC:\Windows\assembly\GAC\Microsoft.Ink\backup.exe C:\Windows\assembly\GAC\Microsoft.Ink\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\assembly\GAC\Microsoft.Ink\1.0.2201.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC\Microsoft.Ink\1.0.2201.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC\Microsoft.Ink\1.0.2201.0__31bf3856ad364e35\8⤵
-
-
C:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\8⤵
-
-
-
C:\Windows\assembly\GAC\Microsoft.mshtml\backup.exeC:\Windows\assembly\GAC\Microsoft.mshtml\backup.exe C:\Windows\assembly\GAC\Microsoft.mshtml\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\8⤵
-
-
-
C:\Windows\assembly\GAC\Microsoft.StdFormat\backup.exeC:\Windows\assembly\GAC\Microsoft.StdFormat\backup.exe C:\Windows\assembly\GAC\Microsoft.StdFormat\7⤵
-
C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\8⤵
-
-
-
C:\Windows\assembly\GAC\mscomctl\backup.exeC:\Windows\assembly\GAC\mscomctl\backup.exe C:\Windows\assembly\GAC\mscomctl\7⤵
-
C:\Windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\8⤵
-
-
-
C:\Windows\assembly\GAC\MSDATASRC\backup.exeC:\Windows\assembly\GAC\MSDATASRC\backup.exe C:\Windows\assembly\GAC\MSDATASRC\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Windows directory
-
C:\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\8⤵
-
-
-
C:\Windows\assembly\GAC\stdole\backup.exeC:\Windows\assembly\GAC\stdole\backup.exe C:\Windows\assembly\GAC\stdole\7⤵
-
C:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\System Restore.exe"C:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\System Restore.exe" C:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\8⤵
-
-
-
-
C:\Windows\assembly\GAC_32\backup.exeC:\Windows\assembly\GAC_32\backup.exe C:\Windows\assembly\GAC_32\6⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_32\AuditPolicyGPManagedStubs.Interop\backup.exeC:\Windows\assembly\GAC_32\AuditPolicyGPManagedStubs.Interop\backup.exe C:\Windows\assembly\GAC_32\AuditPolicyGPManagedStubs.Interop\7⤵
-
C:\Windows\assembly\GAC_32\AuditPolicyGPManagedStubs.Interop\6.1.0.0__31bf3856ad364e35\System Restore.exe"C:\Windows\assembly\GAC_32\AuditPolicyGPManagedStubs.Interop\6.1.0.0__31bf3856ad364e35\System Restore.exe" C:\Windows\assembly\GAC_32\AuditPolicyGPManagedStubs.Interop\6.1.0.0__31bf3856ad364e35\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Windows\assembly\GAC_32\BDATunePIA\backup.exeC:\Windows\assembly\GAC_32\BDATunePIA\backup.exe C:\Windows\assembly\GAC_32\BDATunePIA\7⤵
-
C:\Windows\assembly\GAC_32\BDATunePIA\6.1.0.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_32\BDATunePIA\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\BDATunePIA\6.1.0.0__31bf3856ad364e35\8⤵
-
-
-
C:\Windows\assembly\GAC_32\CustomMarshalers\backup.exeC:\Windows\assembly\GAC_32\CustomMarshalers\backup.exe C:\Windows\assembly\GAC_32\CustomMarshalers\7⤵
-
C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\8⤵
-
-
-
C:\Windows\assembly\GAC_32\ehexthost32\backup.exeC:\Windows\assembly\GAC_32\ehexthost32\backup.exe C:\Windows\assembly\GAC_32\ehexthost32\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_32\ehexthost32\6.1.0.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_32\ehexthost32\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\ehexthost32\6.1.0.0__31bf3856ad364e35\8⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\assembly\GAC_32\ISymWrapper\backup.exeC:\Windows\assembly\GAC_32\ISymWrapper\backup.exe C:\Windows\assembly\GAC_32\ISymWrapper\7⤵
-
C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\data.exeC:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\data.exe C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\8⤵
-
-
-
C:\Windows\assembly\GAC_32\mcstoredb\backup.exeC:\Windows\assembly\GAC_32\mcstoredb\backup.exe C:\Windows\assembly\GAC_32\mcstoredb\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_32\mcstoredb\6.1.0.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_32\mcstoredb\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\mcstoredb\6.1.0.0__31bf3856ad364e35\8⤵
-
-
-
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\backup.exeC:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\backup.exe C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\7⤵
-
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\6.1.0.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\6.1.0.0__31bf3856ad364e35\8⤵
-
-
-
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\backup.exeC:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\backup.exe C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_de_31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_de_31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_de_31bf3856ad364e35\8⤵
-
-
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_en_31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_en_31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_en_31bf3856ad364e35\8⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_es_31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_es_31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_es_31bf3856ad364e35\8⤵
-
-
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_fr_31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_fr_31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_fr_31bf3856ad364e35\8⤵
-
-
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_it_31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_it_31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_it_31bf3856ad364e35\8⤵
-
-
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_ja_31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_ja_31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_ja_31bf3856ad364e35\8⤵
-
-
-
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.Interop\backup.exeC:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.Interop\backup.exe C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.Interop\7⤵
-
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.Interop\2.0.0.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.Interop\2.0.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.Interop\2.0.0.0__31bf3856ad364e35\8⤵
-
-
-
C:\Windows\assembly\GAC_32\Microsoft.Ink\backup.exeC:\Windows\assembly\GAC_32\Microsoft.Ink\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Ink\7⤵
-
C:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\8⤵
-
-
-
C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\backup.exeC:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\7⤵
-
C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Windows\assembly\GAC_32\Microsoft.Office.Access.BusinessDataCatalog\backup.exeC:\Windows\assembly\GAC_32\Microsoft.Office.Access.BusinessDataCatalog\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Office.Access.BusinessDataCatalog\7⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\assembly\GAC_32\Microsoft.Office.Access.BusinessDataCatalog\14.0.0.0__71e9bce111e9429c\backup.exeC:\Windows\assembly\GAC_32\Microsoft.Office.Access.BusinessDataCatalog\14.0.0.0__71e9bce111e9429c\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Office.Access.BusinessDataCatalog\14.0.0.0__71e9bce111e9429c\8⤵
-
-
-
C:\Windows\assembly\GAC_32\Microsoft.Office.BusinessData\backup.exeC:\Windows\assembly\GAC_32\Microsoft.Office.BusinessData\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Office.BusinessData\7⤵
-
C:\Windows\assembly\GAC_32\Microsoft.Office.BusinessData\14.0.0.0__71e9bce111e9429c\backup.exeC:\Windows\assembly\GAC_32\Microsoft.Office.BusinessData\14.0.0.0__71e9bce111e9429c\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Office.BusinessData\14.0.0.0__71e9bce111e9429c\8⤵
-
-
-
-
C:\Windows\assembly\GAC_64\backup.exeC:\Windows\assembly\GAC_64\backup.exe C:\Windows\assembly\GAC_64\6⤵
- Drops file in Windows directory
- System policy modification
-
C:\Windows\assembly\GAC_64\AuditPolicyGPManagedStubs.Interop\backup.exeC:\Windows\assembly\GAC_64\AuditPolicyGPManagedStubs.Interop\backup.exe C:\Windows\assembly\GAC_64\AuditPolicyGPManagedStubs.Interop\7⤵
-
C:\Windows\assembly\GAC_64\AuditPolicyGPManagedStubs.Interop\6.1.0.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_64\AuditPolicyGPManagedStubs.Interop\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_64\AuditPolicyGPManagedStubs.Interop\6.1.0.0__31bf3856ad364e35\8⤵
-
-
-
C:\Windows\assembly\GAC_64\BDATunePIA\backup.exeC:\Windows\assembly\GAC_64\BDATunePIA\backup.exe C:\Windows\assembly\GAC_64\BDATunePIA\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_64\BDATunePIA\6.1.0.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_64\BDATunePIA\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_64\BDATunePIA\6.1.0.0__31bf3856ad364e35\8⤵
-
-
-
C:\Windows\assembly\GAC_64\CustomMarshalers\backup.exeC:\Windows\assembly\GAC_64\CustomMarshalers\backup.exe C:\Windows\assembly\GAC_64\CustomMarshalers\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\assembly\GAC_64\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC_64\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_64\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\8⤵
-
-
-
C:\Windows\assembly\GAC_64\ISymWrapper\backup.exeC:\Windows\assembly\GAC_64\ISymWrapper\backup.exe C:\Windows\assembly\GAC_64\ISymWrapper\7⤵
-
C:\Windows\assembly\GAC_64\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC_64\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_64\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\8⤵
-
-
-
C:\Windows\assembly\GAC_64\mcstoredb\backup.exeC:\Windows\assembly\GAC_64\mcstoredb\backup.exe C:\Windows\assembly\GAC_64\mcstoredb\7⤵
- Drops file in Windows directory
- System policy modification
-
C:\Windows\assembly\GAC_64\mcstoredb\6.1.0.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_64\mcstoredb\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_64\mcstoredb\6.1.0.0__31bf3856ad364e35\8⤵
-
-
-
C:\Windows\assembly\GAC_64\mcupdate\backup.exeC:\Windows\assembly\GAC_64\mcupdate\backup.exe C:\Windows\assembly\GAC_64\mcupdate\7⤵
-
C:\Windows\assembly\GAC_64\mcupdate\6.1.0.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_64\mcupdate\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_64\mcupdate\6.1.0.0__31bf3856ad364e35\8⤵
-
-
-
C:\Windows\assembly\GAC_64\Mcx2Dvcs\backup.exeC:\Windows\assembly\GAC_64\Mcx2Dvcs\backup.exe C:\Windows\assembly\GAC_64\Mcx2Dvcs\7⤵
-
C:\Windows\assembly\GAC_64\Mcx2Dvcs\6.1.0.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_64\Mcx2Dvcs\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_64\Mcx2Dvcs\6.1.0.0__31bf3856ad364e35\8⤵
-
-
-
C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\data.exeC:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\data.exe C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\6.1.0.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\6.1.0.0__31bf3856ad364e35\8⤵
-
-
-
C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\backup.exeC:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\backup.exe C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_de_31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_de_31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_de_31bf3856ad364e35\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_en_31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_en_31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_en_31bf3856ad364e35\8⤵
- System Location Discovery: System Language Discovery
-
-
-
-
C:\Windows\assembly\GAC_MSIL\data.exeC:\Windows\assembly\GAC_MSIL\data.exe C:\Windows\assembly\GAC_MSIL\6⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_MSIL\Accessibility\backup.exeC:\Windows\assembly\GAC_MSIL\Accessibility\backup.exe C:\Windows\assembly\GAC_MSIL\Accessibility\7⤵
-
C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\data.exeC:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\data.exe C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\8⤵
-
-
-
C:\Windows\assembly\GAC_MSIL\ComSvcConfig\backup.exeC:\Windows\assembly\GAC_MSIL\ComSvcConfig\backup.exe C:\Windows\assembly\GAC_MSIL\ComSvcConfig\7⤵
-
C:\Windows\assembly\GAC_MSIL\ComSvcConfig\3.0.0.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC_MSIL\ComSvcConfig\3.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_MSIL\ComSvcConfig\3.0.0.0__b03f5f7f11d50a3a\8⤵
-
-
-
C:\Windows\assembly\GAC_MSIL\cscompmgd\backup.exeC:\Windows\assembly\GAC_MSIL\cscompmgd\backup.exe C:\Windows\assembly\GAC_MSIL\cscompmgd\7⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
-
C:\Windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\8⤵
-
-
-
C:\Windows\assembly\GAC_MSIL\dfsvc\backup.exeC:\Windows\assembly\GAC_MSIL\dfsvc\backup.exe C:\Windows\assembly\GAC_MSIL\dfsvc\7⤵
- System policy modification
-
C:\Windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\8⤵
-
-
-
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\update.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\update.exe C:\Windows\assembly\NativeImages_v2.0.50727_32\6⤵
- Drops file in Windows directory
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\backup.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\backup.exe C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\7⤵
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9859a6e0562f64eacfb8ad76f260a2d6\backup.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9859a6e0562f64eacfb8ad76f260a2d6\backup.exe C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9859a6e0562f64eacfb8ad76f260a2d6\8⤵
-
-
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\AuditPolicyGPManage#\backup.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\AuditPolicyGPManage#\backup.exe C:\Windows\assembly\NativeImages_v2.0.50727_32\AuditPolicyGPManage#\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\AuditPolicyGPManage#\a0a453714c9ec8d6954490f711f5158a\backup.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\AuditPolicyGPManage#\a0a453714c9ec8d6954490f711f5158a\backup.exe C:\Windows\assembly\NativeImages_v2.0.50727_32\AuditPolicyGPManage#\a0a453714c9ec8d6954490f711f5158a\8⤵
-
-
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\backup.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\backup.exe C:\Windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\2823d3be9334fea94dce8001b247589b\backup.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\2823d3be9334fea94dce8001b247589b\backup.exe C:\Windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\2823d3be9334fea94dce8001b247589b\8⤵
-
-
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\backup.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\backup.exe C:\Windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\7⤵
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\5f1a06c0108b2c81cde1dc491d74043d\backup.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\5f1a06c0108b2c81cde1dc491d74043d\backup.exe C:\Windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\5f1a06c0108b2c81cde1dc491d74043d\8⤵
- Modifies visibility of file extensions in Explorer
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\backup.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\backup.exe C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\7⤵
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\bf7e7494e75e32979c7824a07570a8a9\backup.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\bf7e7494e75e32979c7824a07570a8a9\backup.exe C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\bf7e7494e75e32979c7824a07570a8a9\8⤵
-
-
-
-
C:\Windows\assembly\NativeImages_v2.0.50727_64\backup.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\backup.exe C:\Windows\assembly\NativeImages_v2.0.50727_64\6⤵
- Drops file in Windows directory
-
C:\Windows\assembly\NativeImages_v2.0.50727_64\Accessibility\backup.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\Accessibility\backup.exe C:\Windows\assembly\NativeImages_v2.0.50727_64\Accessibility\7⤵
- System policy modification
-
C:\Windows\assembly\NativeImages_v2.0.50727_64\Accessibility\b03641c39929ad202f0c3a9a64b93d86\System Restore.exe"C:\Windows\assembly\NativeImages_v2.0.50727_64\Accessibility\b03641c39929ad202f0c3a9a64b93d86\System Restore.exe" C:\Windows\assembly\NativeImages_v2.0.50727_64\Accessibility\b03641c39929ad202f0c3a9a64b93d86\8⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\assembly\NativeImages_v2.0.50727_64\AuditPolicyGPManage#\backup.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\AuditPolicyGPManage#\backup.exe C:\Windows\assembly\NativeImages_v2.0.50727_64\AuditPolicyGPManage#\7⤵
-
C:\Windows\assembly\NativeImages_v2.0.50727_64\AuditPolicyGPManage#\ce8c100b866ac8facc1902286aede990\backup.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\AuditPolicyGPManage#\ce8c100b866ac8facc1902286aede990\backup.exe C:\Windows\assembly\NativeImages_v2.0.50727_64\AuditPolicyGPManage#\ce8c100b866ac8facc1902286aede990\8⤵
-
-
-
C:\Windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\backup.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\backup.exe C:\Windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\13385391832b7c36af9306baeb570e57\System Restore.exe"C:\Windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\13385391832b7c36af9306baeb570e57\System Restore.exe" C:\Windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\13385391832b7c36af9306baeb570e57\8⤵
-
-
-
C:\Windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\backup.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\backup.exe C:\Windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\7⤵
-
-
-
C:\Windows\assembly\NativeImages_v4.0.30319_32\backup.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\backup.exe C:\Windows\assembly\NativeImages_v4.0.30319_32\6⤵
- Drops file in Windows directory
- System policy modification
-
C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\backup.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\backup.exe C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\bbbbd997a1621cf1e739f922fe653459\backup.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\bbbbd997a1621cf1e739f922fe653459\backup.exe C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\bbbbd997a1621cf1e739f922fe653459\8⤵
-
-
-
C:\Windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\backup.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\backup.exe C:\Windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\5857dbc9f0d3cb3364728ec72497ece9\backup.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\5857dbc9f0d3cb3364728ec72497ece9\backup.exe C:\Windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\5857dbc9f0d3cb3364728ec72497ece9\8⤵
- System Location Discovery: System Language Discovery
-
-
-
-
C:\Windows\assembly\NativeImages_v4.0.30319_64\backup.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\backup.exe C:\Windows\assembly\NativeImages_v4.0.30319_64\6⤵
- Drops file in Windows directory
-
C:\Windows\assembly\NativeImages_v4.0.30319_64\Accessibility\backup.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Accessibility\backup.exe C:\Windows\assembly\NativeImages_v4.0.30319_64\Accessibility\7⤵
-
-
-
-
C:\Windows\Branding\backup.exeC:\Windows\Branding\backup.exe C:\Windows\Branding\5⤵
-
C:\Windows\Branding\Basebrd\backup.exeC:\Windows\Branding\Basebrd\backup.exe C:\Windows\Branding\Basebrd\6⤵
- Drops file in Windows directory
-
C:\Windows\Branding\Basebrd\de-DE\backup.exeC:\Windows\Branding\Basebrd\de-DE\backup.exe C:\Windows\Branding\Basebrd\de-DE\7⤵
-
-
C:\Windows\Branding\Basebrd\en-US\backup.exeC:\Windows\Branding\Basebrd\en-US\backup.exe C:\Windows\Branding\Basebrd\en-US\7⤵
-
-
C:\Windows\Branding\Basebrd\es-ES\backup.exeC:\Windows\Branding\Basebrd\es-ES\backup.exe C:\Windows\Branding\Basebrd\es-ES\7⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\Branding\Basebrd\fr-FR\backup.exeC:\Windows\Branding\Basebrd\fr-FR\backup.exe C:\Windows\Branding\Basebrd\fr-FR\7⤵
-
-
C:\Windows\Branding\Basebrd\it-IT\backup.exeC:\Windows\Branding\Basebrd\it-IT\backup.exe C:\Windows\Branding\Basebrd\it-IT\7⤵
-
-
C:\Windows\Branding\Basebrd\ja-JP\backup.exeC:\Windows\Branding\Basebrd\ja-JP\backup.exe C:\Windows\Branding\Basebrd\ja-JP\7⤵
-
-
-
C:\Windows\Branding\ShellBrd\backup.exeC:\Windows\Branding\ShellBrd\backup.exe C:\Windows\Branding\ShellBrd\6⤵
-
-
-
C:\Windows\CSC\backup.exeC:\Windows\CSC\backup.exe C:\Windows\CSC\5⤵
-
-
C:\Windows\Cursors\backup.exeC:\Windows\Cursors\backup.exe C:\Windows\Cursors\5⤵
-
-
C:\Windows\debug\backup.exeC:\Windows\debug\backup.exe C:\Windows\debug\5⤵
- Drops file in Windows directory
-
C:\Windows\debug\WIA\data.exeC:\Windows\debug\WIA\data.exe C:\Windows\debug\WIA\6⤵
-
-
-
C:\Windows\de-DE\backup.exeC:\Windows\de-DE\backup.exe C:\Windows\de-DE\5⤵
-
-
C:\Windows\DigitalLocker\backup.exeC:\Windows\DigitalLocker\backup.exe C:\Windows\DigitalLocker\5⤵
- Drops file in Windows directory
-
C:\Windows\DigitalLocker\de-DE\backup.exeC:\Windows\DigitalLocker\de-DE\backup.exe C:\Windows\DigitalLocker\de-DE\6⤵
-
-
C:\Windows\DigitalLocker\en-US\System Restore.exe"C:\Windows\DigitalLocker\en-US\System Restore.exe" C:\Windows\DigitalLocker\en-US\6⤵
-
-
C:\Windows\DigitalLocker\es-ES\backup.exeC:\Windows\DigitalLocker\es-ES\backup.exe C:\Windows\DigitalLocker\es-ES\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\DigitalLocker\fr-FR\backup.exeC:\Windows\DigitalLocker\fr-FR\backup.exe C:\Windows\DigitalLocker\fr-FR\6⤵
-
-
C:\Windows\DigitalLocker\it-IT\backup.exeC:\Windows\DigitalLocker\it-IT\backup.exe C:\Windows\DigitalLocker\it-IT\6⤵
- System policy modification
-
-
C:\Windows\DigitalLocker\ja-JP\backup.exeC:\Windows\DigitalLocker\ja-JP\backup.exe C:\Windows\DigitalLocker\ja-JP\6⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Windows\Downloaded Program Files\backup.exe"C:\Windows\Downloaded Program Files\backup.exe" C:\Windows\Downloaded Program Files\5⤵
-
-
C:\Windows\ehome\backup.exeC:\Windows\ehome\backup.exe C:\Windows\ehome\5⤵
- Drops file in Windows directory
-
C:\Windows\ehome\CreateDisc\backup.exeC:\Windows\ehome\CreateDisc\backup.exe C:\Windows\ehome\CreateDisc\6⤵
-
C:\Windows\ehome\CreateDisc\Components\backup.exeC:\Windows\ehome\CreateDisc\Components\backup.exe C:\Windows\ehome\CreateDisc\Components\7⤵
- Drops file in Windows directory
-
C:\Windows\ehome\CreateDisc\Components\tables\backup.exeC:\Windows\ehome\CreateDisc\Components\tables\backup.exe C:\Windows\ehome\CreateDisc\Components\tables\8⤵
-
-
-
C:\Windows\ehome\CreateDisc\Filters\backup.exeC:\Windows\ehome\CreateDisc\Filters\backup.exe C:\Windows\ehome\CreateDisc\Filters\7⤵
-
-
C:\Windows\ehome\CreateDisc\SFXPlugins\backup.exeC:\Windows\ehome\CreateDisc\SFXPlugins\backup.exe C:\Windows\ehome\CreateDisc\SFXPlugins\7⤵
-
-
C:\Windows\ehome\CreateDisc\SonicResources\backup.exeC:\Windows\ehome\CreateDisc\SonicResources\backup.exe C:\Windows\ehome\CreateDisc\SonicResources\7⤵
-
-
C:\Windows\ehome\CreateDisc\style\backup.exeC:\Windows\ehome\CreateDisc\style\backup.exe C:\Windows\ehome\CreateDisc\style\7⤵
-
-
-
C:\Windows\ehome\de-DE\backup.exeC:\Windows\ehome\de-DE\backup.exe C:\Windows\ehome\de-DE\6⤵
-
-
C:\Windows\ehome\en-US\backup.exeC:\Windows\ehome\en-US\backup.exe C:\Windows\ehome\en-US\6⤵
-
-
C:\Windows\ehome\es-ES\backup.exeC:\Windows\ehome\es-ES\backup.exe C:\Windows\ehome\es-ES\6⤵
-
-
-
C:\Windows\en-US\backup.exeC:\Windows\en-US\backup.exe C:\Windows\en-US\5⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\es-ES\backup.exeC:\Windows\es-ES\backup.exe C:\Windows\es-ES\5⤵
-
-
C:\Windows\Fonts\backup.exeC:\Windows\Fonts\backup.exe C:\Windows\Fonts\5⤵
-
-
C:\Windows\fr-FR\backup.exeC:\Windows\fr-FR\backup.exe C:\Windows\fr-FR\5⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft.backgroun..nt.module.resources_31bf3856ad364e35_6.1.7600.16385_es-es_eb07b84d53fabc90\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft.backgroun..nt.module.resources_31bf3856ad364e35_6.1.7600.16385_es-es_eb07b84d53fabc90\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft.backgroun..nt.module.resources_31bf3856ad364e35_6.1.7600.16385_es-es_eb07b84d53fabc90\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft.windows.d..ackmodule.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c0b45804490d366e\data.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft.windows.d..ackmodule.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c0b45804490d366e\data.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft.windows.d..ackmodule.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c0b45804490d366e\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6997af2ce08929c3\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6997af2ce08929c3\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6997af2ce08929c3\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_es-es_6bc8c2f4dd77ad5d\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_es-es_6bc8c2f4dd77ad5d\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_es-es_6bc8c2f4dd77ad5d\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-ntdll.resources_31bf3856ad364e35_6.1.7600.16385_es-es_cea9abf2aa5aade0\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-ntdll.resources_31bf3856ad364e35_6.1.7600.16385_es-es_cea9abf2aa5aade0\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-ntdll.resources_31bf3856ad364e35_6.1.7600.16385_es-es_cea9abf2aa5aade0\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-ntshrui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5e647d3561f1a23f\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-ntshrui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5e647d3561f1a23f\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-ntshrui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5e647d3561f1a23f\4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_666db9f744c2fe32\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_666db9f744c2fe32\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_666db9f744c2fe32\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..an-plugin.resources_31bf3856ad364e35_6.1.7600.16385_es-es_752d0cbaec4d2602\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..an-plugin.resources_31bf3856ad364e35_6.1.7600.16385_es-es_752d0cbaec4d2602\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..an-plugin.resources_31bf3856ad364e35_6.1.7600.16385_es-es_752d0cbaec4d2602\4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..econsumer.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1bd08351e8ce9b27\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..econsumer.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1bd08351e8ce9b27\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..econsumer.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1bd08351e8ce9b27\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..ecounters.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8ba94e0c25823534\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..ecounters.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8ba94e0c25823534\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..ecounters.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8ba94e0c25823534\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..eercollab.resources_31bf3856ad364e35_6.1.7600.16385_es-es_82946e72e9a0f858\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..eercollab.resources_31bf3856ad364e35_6.1.7600.16385_es-es_82946e72e9a0f858\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..eercollab.resources_31bf3856ad364e35_6.1.7600.16385_es-es_82946e72e9a0f858\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..etoolsgui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_bb9e8ac791f378c2\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..etoolsgui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_bb9e8ac791f378c2\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..etoolsgui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_bb9e8ac791f378c2\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..ginworker.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b8528f348e3c62c8\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..ginworker.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b8528f348e3c62c8\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..ginworker.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b8528f348e3c62c8\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..gssystems.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c216849e273364de\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..gssystems.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c216849e273364de\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..gssystems.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c216849e273364de\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..ll-events.resources_31bf3856ad364e35_6.1.7600.16385_es-es_48fdf3dda88a41a7\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..ll-events.resources_31bf3856ad364e35_6.1.7600.16385_es-es_48fdf3dda88a41a7\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..ll-events.resources_31bf3856ad364e35_6.1.7600.16385_es-es_48fdf3dda88a41a7\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27c74b34efa6572d\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..l-message.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a6812bc1115156b5\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..l-message.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a6812bc1115156b5\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..l-message.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a6812bc1115156b5\4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..lsservice.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3d8f9821ec01add2\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..lsservice.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3d8f9821ec01add2\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..lsservice.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3d8f9821ec01add2\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..noverride.resources_31bf3856ad364e35_6.1.7600.16385_es-es_fc89231e8251fb4a\System Restore.exe"C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..noverride.resources_31bf3856ad364e35_6.1.7600.16385_es-es_fc89231e8251fb4a\System Restore.exe" C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..noverride.resources_31bf3856ad364e35_6.1.7600.16385_es-es_fc89231e8251fb4a\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..opeerbase.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e15878ebc71c5fe4\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..opeerbase.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e15878ebc71c5fe4\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..opeerbase.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e15878ebc71c5fe4\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..opeerpnrp.resources_31bf3856ad364e35_6.1.7600.16385_es-es_011040f9ee765307\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..opeerpnrp.resources_31bf3856ad364e35_6.1.7600.16385_es-es_011040f9ee765307\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..opeerpnrp.resources_31bf3856ad364e35_6.1.7600.16385_es-es_011040f9ee765307\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..shell-mui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a6fe5e61c4685e4b\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..shell-mui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a6fe5e61c4685e4b\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..shell-mui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a6fe5e61c4685e4b\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..ssettings.resources_31bf3856ad364e35_6.1.7600.16385_es-es_af413ca6832fc368\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..ssettings.resources_31bf3856ad364e35_6.1.7600.16385_es-es_af413ca6832fc368\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..ssettings.resources_31bf3856ad364e35_6.1.7600.16385_es-es_af413ca6832fc368\4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..st-common.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d0a69f7829d7102a\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..st-common.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d0a69f7829d7102a\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..st-common.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d0a69f7829d7102a\4⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..structure.resources_31bf3856ad364e35_6.1.7600.16385_es-es_cb31547d0a230c7b\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..structure.resources_31bf3856ad364e35_6.1.7600.16385_es-es_cb31547d0a230c7b\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..structure.resources_31bf3856ad364e35_6.1.7600.16385_es-es_cb31547d0a230c7b\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..ystem-web.resources_31bf3856ad364e35_6.1.7600.16385_es-es_16cbdc9a16d6af9e\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..ystem-web.resources_31bf3856ad364e35_6.1.7600.16385_es-es_16cbdc9a16d6af9e\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-p..ystem-web.resources_31bf3856ad364e35_6.1.7600.16385_es-es_16cbdc9a16d6af9e\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-pcw.resources_31bf3856ad364e35_6.1.7600.16385_es-es_fc7e99f755d0ebd0\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-pcw.resources_31bf3856ad364e35_6.1.7600.16385_es-es_fc7e99f755d0ebd0\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-pcw.resources_31bf3856ad364e35_6.1.7600.16385_es-es_fc7e99f755d0ebd0\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-peerdist.resources_31bf3856ad364e35_6.1.7600.16385_es-es_76d9b9f1825db588\System Restore.exe"C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-peerdist.resources_31bf3856ad364e35_6.1.7600.16385_es-es_76d9b9f1825db588\System Restore.exe" C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-peerdist.resources_31bf3856ad364e35_6.1.7600.16385_es-es_76d9b9f1825db588\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-processmodel.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ab6e7d35d9d73cda\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-processmodel.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ab6e7d35d9d73cda\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-processmodel.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ab6e7d35d9d73cda\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-qos.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a177a4cbfc90dfaf\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-qos.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a177a4cbfc90dfaf\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-qos.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a177a4cbfc90dfaf\4⤵
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-r..comserver.resources_31bf3856ad364e35_6.1.7600.16385_es-es_40087fef6e827989\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-r..comserver.resources_31bf3856ad364e35_6.1.7600.16385_es-es_40087fef6e827989\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-r..comserver.resources_31bf3856ad364e35_6.1.7600.16385_es-es_40087fef6e827989\4⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-r..ry-editor.resources_31bf3856ad364e35_6.1.7600.16385_es-es_60e635d950f7faef\data.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-r..ry-editor.resources_31bf3856ad364e35_6.1.7600.16385_es-es_60e635d950f7faef\data.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-r..ry-editor.resources_31bf3856ad364e35_6.1.7600.16385_es-es_60e635d950f7faef\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-r..tance-exe.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f253f179ff19dda1\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-r..tance-exe.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f253f179ff19dda1\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-r..tance-exe.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f253f179ff19dda1\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-rasbase.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c42c8a2303da16f1\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-rasbase.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c42c8a2303da16f1\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-rasbase.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c42c8a2303da16f1\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-rasctrs.resources_31bf3856ad364e35_6.1.7600.16385_es-es_264375172c48afbe\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-rasctrs.resources_31bf3856ad364e35_6.1.7600.16385_es-es_264375172c48afbe\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-rasctrs.resources_31bf3856ad364e35_6.1.7600.16385_es-es_264375172c48afbe\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-s..ativehost.resources_31bf3856ad364e35_6.1.7600.16385_es-es_97f172a850c09f2e\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-s..ativehost.resources_31bf3856ad364e35_6.1.7600.16385_es-es_97f172a850c09f2e\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-s..ativehost.resources_31bf3856ad364e35_6.1.7600.16385_es-es_97f172a850c09f2e\4⤵
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-s..iveengine.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ad19eb071e62d0c6\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-s..iveengine.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ad19eb071e62d0c6\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-s..iveengine.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ad19eb071e62d0c6\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-s..ty-spp-ux.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5efaea1b49bb296e\data.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-s..ty-spp-ux.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5efaea1b49bb296e\data.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-s..ty-spp-ux.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5efaea1b49bb296e\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-shsvcs.resources_31bf3856ad364e35_6.1.7600.16385_es-es_fe014b662e811c50\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-shsvcs.resources_31bf3856ad364e35_6.1.7600.16385_es-es_fe014b662e811c50\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-shsvcs.resources_31bf3856ad364e35_6.1.7600.16385_es-es_fe014b662e811c50\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-storprop.resources_31bf3856ad364e35_6.1.7600.16385_es-es_2eb7cd094ac29a2f\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-storprop.resources_31bf3856ad364e35_6.1.7600.16385_es-es_2eb7cd094ac29a2f\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-storprop.resources_31bf3856ad364e35_6.1.7600.16385_es-es_2eb7cd094ac29a2f\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-t..nputpanel.resources_31bf3856ad364e35_6.1.7600.16385_es-es_66e35691216ba50e\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-t..nputpanel.resources_31bf3856ad364e35_6.1.7600.16385_es-es_66e35691216ba50e\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-t..nputpanel.resources_31bf3856ad364e35_6.1.7600.16385_es-es_66e35691216ba50e\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-t..onmanager.resources_31bf3856ad364e35_6.1.7600.16385_es-es_02b70f499390d53a\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-t..onmanager.resources_31bf3856ad364e35_6.1.7600.16385_es-es_02b70f499390d53a\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-t..onmanager.resources_31bf3856ad364e35_6.1.7600.16385_es-es_02b70f499390d53a\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-t..onmanager.resources_31bf3856ad364e35_6.1.7601.17514_es-es_04e82311907f58d4\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-t..onmanager.resources_31bf3856ad364e35_6.1.7601.17514_es-es_04e82311907f58d4\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-t..onmanager.resources_31bf3856ad364e35_6.1.7601.17514_es-es_04e82311907f58d4\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-t..tservices.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7776eb9a9675ceba\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-t..tservices.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7776eb9a9675ceba\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-t..tservices.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7776eb9a9675ceba\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-t..utcontrol.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5e2636f1c14c7eed\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-t..utcontrol.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5e2636f1c14c7eed\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-t..utcontrol.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5e2636f1c14c7eed\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-tapicore.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5ffd1c0faa410a61\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-tapicore.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5ffd1c0faa410a61\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-tapicore.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5ffd1c0faa410a61\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-u..ationcore.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7096e79d772dfa5e\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-u..ationcore.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7096e79d772dfa5e\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-u..ationcore.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7096e79d772dfa5e\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-uianimation.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3d9d287e296ac760\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-uianimation.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3d9d287e296ac760\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-uianimation.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3d9d287e296ac760\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-uiribbon.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3395ad7f386e0060\update.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-uiribbon.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3395ad7f386e0060\update.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-uiribbon.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3395ad7f386e0060\4⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-usbperf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3fcf8d6d6ee35afb\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-usbperf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3fcf8d6d6ee35afb\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-usbperf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3fcf8d6d6ee35afb\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a412f0a77955f454\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a412f0a77955f454\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a412f0a77955f454\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7601.17514_es-es_a644046f764477ee\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7601.17514_es-es_a644046f764477ee\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7601.17514_es-es_a644046f764477ee\4⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-v..eocontrol.resources_31bf3856ad364e35_6.1.7600.16385_es-es_286cc39e0155cd8e\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-v..eocontrol.resources_31bf3856ad364e35_6.1.7600.16385_es-es_286cc39e0155cd8e\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-v..eocontrol.resources_31bf3856ad364e35_6.1.7600.16385_es-es_286cc39e0155cd8e\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-v..lpc-vmsal.resources_31bf3856ad364e35_7.1.7601.17514_es-es_d44d8fd5b93ba0a5\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-v..lpc-vmsal.resources_31bf3856ad364e35_7.1.7601.17514_es-es_d44d8fd5b93ba0a5\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-v..lpc-vmsal.resources_31bf3856ad364e35_7.1.7601.17514_es-es_d44d8fd5b93ba0a5\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-w..lient-aux.resources_31bf3856ad364e35_7.3.7600.16385_es-es_966739ca6f90f755\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-w..lient-aux.resources_31bf3856ad364e35_7.3.7600.16385_es-es_966739ca6f90f755\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-w..lient-aux.resources_31bf3856ad364e35_7.3.7600.16385_es-es_966739ca6f90f755\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-w..lient-aux.resources_31bf3856ad364e35_7.5.7601.17514_es-es_28f5e81baa162d31\update.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-w..lient-aux.resources_31bf3856ad364e35_7.5.7601.17514_es-es_28f5e81baa162d31\update.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-w..lient-aux.resources_31bf3856ad364e35_7.5.7601.17514_es-es_28f5e81baa162d31\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-w..publicapi.resources_31bf3856ad364e35_6.1.7600.16385_es-es_dbeb18096188fc4e\data.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-w..publicapi.resources_31bf3856ad364e35_6.1.7600.16385_es-es_dbeb18096188fc4e\data.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-w..publicapi.resources_31bf3856ad364e35_6.1.7600.16385_es-es_dbeb18096188fc4e\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-win32k.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b379b64eac772036\System Restore.exe"C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-win32k.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b379b64eac772036\System Restore.exe" C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-win32k.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b379b64eac772036\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-winsrv.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a3de389e52a4b2f3\System Restore.exe"C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-winsrv.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a3de389e52a4b2f3\System Restore.exe" C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-winsrv.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a3de389e52a4b2f3\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-wlansvc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a3da82d7e4539cf8\System Restore.exe"C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-wlansvc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a3da82d7e4539cf8\System Restore.exe" C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-wlansvc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a3da82d7e4539cf8\4⤵
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-wmi-core.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3adc871815e17973\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-wmi-core.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3adc871815e17973\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-wmi-core.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3adc871815e17973\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-wmi-core.resources_31bf3856ad364e35_6.1.7601.17514_es-es_3d0d9ae012cffd0d\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-wmi-core.resources_31bf3856ad364e35_6.1.7601.17514_es-es_3d0d9ae012cffd0d\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-wmi-core.resources_31bf3856ad364e35_6.1.7601.17514_es-es_3d0d9ae012cffd0d\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-wmi-core-svc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f2bd40f77a8b614c\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-wmi-core-svc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f2bd40f77a8b614c\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-wmi-core-svc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f2bd40f77a8b614c\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-wmpnss-api.resources_31bf3856ad364e35_6.1.7600.16385_es-es_cadf6c686ed8facd\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-wmpnss-api.resources_31bf3856ad364e35_6.1.7600.16385_es-es_cadf6c686ed8facd\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-wmpnss-api.resources_31bf3856ad364e35_6.1.7600.16385_es-es_cadf6c686ed8facd\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-wow64.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e3dbfce67c50e1d5\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-wow64.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e3dbfce67c50e1d5\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-wow64.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e3dbfce67c50e1d5\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_security-malware-wi..-defender.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f76b1c91df26b7b5\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_security-malware-wi..-defender.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f76b1c91df26b7b5\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_security-malware-wi..-defender.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f76b1c91df26b7b5\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_security-malware-wi..er-events.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e4d31740567f07db\System Restore.exe"C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_security-malware-wi..er-events.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e4d31740567f07db\System Restore.exe" C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_security-malware-wi..er-events.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e4d31740567f07db\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_subsystem-for-unix-..lications.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8a2303b71b4db415\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_subsystem-for-unix-..lications.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8a2303b71b4db415\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_subsystem-for-unix-..lications.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8a2303b71b4db415\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_windowssearchengine.resources_31bf3856ad364e35_7.0.7600.16385_es-es_1e7ba14b6256e51c\update.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_windowssearchengine.resources_31bf3856ad364e35_7.0.7600.16385_es-es_1e7ba14b6256e51c\update.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_windowssearchengine.resources_31bf3856ad364e35_7.0.7600.16385_es-es_1e7ba14b6256e51c\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_ddores.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5c0da4d2d25e737f\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_ddores.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5c0da4d2d25e737f\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_ddores.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5c0da4d2d25e737f\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_desktop_shell-gettingstarted.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3c084c8b3b53ea89\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_desktop_shell-gettingstarted.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3c084c8b3b53ea89\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_desktop_shell-gettingstarted.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3c084c8b3b53ea89\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_desktop_shell-search-srchadmin.resources_31bf3856ad364e35_7.0.7600.16385_es-es_24075b280aaf0844\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_desktop_shell-search-srchadmin.resources_31bf3856ad364e35_7.0.7600.16385_es-es_24075b280aaf0844\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_desktop_shell-search-srchadmin.resources_31bf3856ad364e35_7.0.7600.16385_es-es_24075b280aaf0844\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_devicepairingproxy.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8078f29b7712beb8\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_devicepairingproxy.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8078f29b7712beb8\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_devicepairingproxy.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8078f29b7712beb8\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_ds-ui-ext.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1dd7c4f15bba462e\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_ds-ui-ext.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1dd7c4f15bba462e\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_ds-ui-ext.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1dd7c4f15bba462e\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_eventviewersettings.resources_31bf3856ad364e35_6.1.7600.16385_es-es_96d3a57ef55ee681\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_eventviewersettings.resources_31bf3856ad364e35_6.1.7600.16385_es-es_96d3a57ef55ee681\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_eventviewersettings.resources_31bf3856ad364e35_6.1.7600.16385_es-es_96d3a57ef55ee681\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_fundisc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ddd9269e1e33a4d0\data.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_fundisc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ddd9269e1e33a4d0\data.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_fundisc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ddd9269e1e33a4d0\4⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_hid-user.resources_31bf3856ad364e35_6.1.7600.16385_es-es_654443034cacf513\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_hid-user.resources_31bf3856ad364e35_6.1.7600.16385_es-es_654443034cacf513\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_hid-user.resources_31bf3856ad364e35_6.1.7600.16385_es-es_654443034cacf513\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_infocard.resources_b77a5c561934e089_6.1.7600.16385_es-es_64111c685385404d\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_infocard.resources_b77a5c561934e089_6.1.7600.16385_es-es_64111c685385404d\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_infocard.resources_b77a5c561934e089_6.1.7600.16385_es-es_64111c685385404d\4⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft.activedir..anagement.resources_31bf3856ad364e35_6.1.7601.17514_es-es_0104362cfbfc75f8\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft.activedir..anagement.resources_31bf3856ad364e35_6.1.7601.17514_es-es_0104362cfbfc75f8\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft.activedir..anagement.resources_31bf3856ad364e35_6.1.7601.17514_es-es_0104362cfbfc75f8\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft.grouppoli..commands2.resources_31bf3856ad364e35_6.1.7601.17514_es-es_06b0aff4812e0713\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft.grouppoli..commands2.resources_31bf3856ad364e35_6.1.7601.17514_es-es_06b0aff4812e0713\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft.grouppoli..commands2.resources_31bf3856ad364e35_6.1.7601.17514_es-es_06b0aff4812e0713\4⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft.grouppoli..mpleditor.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8c7510e3977de711\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft.grouppoli..mpleditor.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8c7510e3977de711\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft.grouppoli..mpleditor.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8c7510e3977de711\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft.grouppoli..t.interop.resources_31bf3856ad364e35_6.1.7601.17514_es-es_8619da5aaca7159d\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft.grouppoli..t.interop.resources_31bf3856ad364e35_6.1.7601.17514_es-es_8619da5aaca7159d\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft.grouppoli..t.interop.resources_31bf3856ad364e35_6.1.7601.17514_es-es_8619da5aaca7159d\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft.remotefil..dfsresmui.resources_31bf3856ad364e35_6.1.7601.17514_es-es_bafec12d4851775e\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft.remotefil..dfsresmui.resources_31bf3856ad364e35_6.1.7601.17514_es-es_bafec12d4851775e\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft.remotefil..dfsresmui.resources_31bf3856ad364e35_6.1.7601.17514_es-es_bafec12d4851775e\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft.remotefil..fsrhelper.resources_31bf3856ad364e35_6.1.7601.17514_es-es_ddfd2b152f222a41\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft.remotefil..fsrhelper.resources_31bf3856ad364e35_6.1.7601.17514_es-es_ddfd2b152f222a41\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft.remotefil..fsrhelper.resources_31bf3856ad364e35_6.1.7601.17514_es-es_ddfd2b152f222a41\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft.remotefil..rshostmui.resources_31bf3856ad364e35_6.1.7601.17514_es-es_7c172be2434c60cd\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft.remotefil..rshostmui.resources_31bf3856ad364e35_6.1.7601.17514_es-es_7c172be2434c60cd\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft.remotefil..rshostmui.resources_31bf3856ad364e35_6.1.7601.17514_es-es_7c172be2434c60cd\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft.remotefil..t-console.resources_31bf3856ad364e35_6.1.7601.17514_es-es_85ea0e242131cffe\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft.remotefil..t-console.resources_31bf3856ad364e35_6.1.7601.17514_es-es_85ea0e242131cffe\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft.remotefil..t-console.resources_31bf3856ad364e35_6.1.7601.17514_es-es_85ea0e242131cffe\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft.security...icyengine.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a7c8d974eb72672e\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft.security...icyengine.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a7c8d974eb72672e\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft.security...icyengine.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a7c8d974eb72672e\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_es-es_01ced58c9942ae67\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_es-es_01ced58c9942ae67\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_es-es_01ced58c9942ae67\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_es-es_57e82fa3584ccf8e\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_es-es_57e82fa3584ccf8e\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_es-es_57e82fa3584ccf8e\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft.windows.winhttp.resources_31bf3856ad364e35_6.0.7600.16385_es-es_3d0cf71ea727ac84\data.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft.windows.winhttp.resources_31bf3856ad364e35_6.0.7600.16385_es-es_3d0cf71ea727ac84\data.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft.windows.winhttp.resources_31bf3856ad364e35_6.0.7600.16385_es-es_3d0cf71ea727ac84\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-activedir..helpfiles.resources_31bf3856ad364e35_6.1.7601.17514_es-es_200065a48bacaab1\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-activedir..helpfiles.resources_31bf3856ad364e35_6.1.7601.17514_es-es_200065a48bacaab1\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-activedir..helpfiles.resources_31bf3856ad364e35_6.1.7601.17514_es-es_200065a48bacaab1\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-hyper-v-g..installer.resources_31bf3856ad364e35_6.1.7601.17514_es-es_69aacb97cf225f70\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-hyper-v-g..installer.resources_31bf3856ad364e35_6.1.7601.17514_es-es_69aacb97cf225f70\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-hyper-v-g..installer.resources_31bf3856ad364e35_6.1.7601.17514_es-es_69aacb97cf225f70\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-storage-s..mc-native.resources_31bf3856ad364e35_6.1.7601.17514_es-es_c6e0a84c2b680eec\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-storage-s..mc-native.resources_31bf3856ad364e35_6.1.7601.17514_es-es_c6e0a84c2b680eec\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-storage-s..mc-native.resources_31bf3856ad364e35_6.1.7601.17514_es-es_c6e0a84c2b680eec\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..apc-layer.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c5984b52a377588d\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..apc-layer.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c5984b52a377588d\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..apc-layer.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c5984b52a377588d\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..audiocore.resources_31bf3856ad364e35_6.1.7600.16385_es-es_243046817bd81e3d\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..audiocore.resources_31bf3856ad364e35_6.1.7600.16385_es-es_243046817bd81e3d\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..audiocore.resources_31bf3856ad364e35_6.1.7600.16385_es-es_243046817bd81e3d\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..bilitycpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_696e13bb3ff14528\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..bilitycpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_696e13bb3ff14528\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..bilitycpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_696e13bb3ff14528\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..ce-router.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c7e524572c62fe1c\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..ce-router.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c7e524572c62fe1c\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..ce-router.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c7e524572c62fe1c\4⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..core-base.resources_31bf3856ad364e35_6.1.7600.16385_es-es_69cd279a554d50be\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..core-base.resources_31bf3856ad364e35_6.1.7600.16385_es-es_69cd279a554d50be\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..core-base.resources_31bf3856ad364e35_6.1.7600.16385_es-es_69cd279a554d50be\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..e-apphelp.resources_31bf3856ad364e35_6.1.7600.16385_es-es_85bfe66ff35583fd\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..e-apphelp.resources_31bf3856ad364e35_6.1.7600.16385_es-es_85bfe66ff35583fd\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..e-apphelp.resources_31bf3856ad364e35_6.1.7600.16385_es-es_85bfe66ff35583fd\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..ecore-acm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_59509e966577143c\data.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..ecore-acm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_59509e966577143c\data.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..ecore-acm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_59509e966577143c\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..ercomtool.resources_31bf3856ad364e35_6.1.7600.16385_es-es_4b365269fbcf9352\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..ercomtool.resources_31bf3856ad364e35_6.1.7600.16385_es-es_4b365269fbcf9352\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..ercomtool.resources_31bf3856ad364e35_6.1.7600.16385_es-es_4b365269fbcf9352\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..ertypages.resources_31bf3856ad364e35_6.1.7601.17514_es-es_d26355d57f8e1b0a\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..ertypages.resources_31bf3856ad364e35_6.1.7601.17514_es-es_d26355d57f8e1b0a\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..ertypages.resources_31bf3856ad364e35_6.1.7601.17514_es-es_d26355d57f8e1b0a\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..figurator.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c06fbf9ac6a4a757\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..figurator.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c06fbf9ac6a4a757\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..figurator.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c06fbf9ac6a4a757\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..in-native.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1e7241a35d49e972\data.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..in-native.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1e7241a35d49e972\data.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..in-native.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1e7241a35d49e972\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..ionrecord.resources_31bf3856ad364e35_6.1.7600.16385_es-es_12bda33d235e4447\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..ionrecord.resources_31bf3856ad364e35_6.1.7600.16385_es-es_12bda33d235e4447\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..ionrecord.resources_31bf3856ad364e35_6.1.7600.16385_es-es_12bda33d235e4447\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..istant-ui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3569ec57357011d4\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..istant-ui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3569ec57357011d4\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..istant-ui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3569ec57357011d4\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..leshooter.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0a4b94dce75e4f0d\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..leshooter.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0a4b94dce75e4f0d\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..leshooter.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0a4b94dce75e4f0d\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..lprovider.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e4c4f869097f6d0f\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..lprovider.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e4c4f869097f6d0f\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..lprovider.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e4c4f869097f6d0f\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..managerui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_4409124876a0c647\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..managerui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_4409124876a0c647\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\x86_microsoft-windows-a..managerui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_4409124876a0c647\4⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000007\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000007\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000007\3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000008\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000008\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000008\3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000009\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000009\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000009\3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-0000000a\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-0000000a\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-0000000a\3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-0000000b\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-0000000b\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-0000000b\3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-0000000c\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-0000000c\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-0000000c\3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-0000000d\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-0000000d\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-0000000d\3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-0000000e\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-0000000e\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-0000000e\3⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\VBE\update.exeC:\Users\Admin\AppData\Local\Temp\VBE\update.exe C:\Users\Admin\AppData\Local\Temp\VBE\2⤵
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeC:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
-
Network
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
122KB
MD511c68db2b6f9a41b0c2223ccb1553b2f
SHA19da6b0efe5e0dc15d1fb59b97e966742ed8dec1f
SHA25685562df1eaa654209c6e23af698d601a75ee1bd0e47b48581ff85164c58b2853
SHA51281f414412b2dd92c681278e8c9f7873c1c8d3445aa312492e0219861eab8387b90a5731505b88fd58a4b724b063102dfa20465010f57568a2a6440e2becd43b7
-
Filesize
122KB
MD51d7473e706e4695cc0e423a269efc1dc
SHA18e2e3a85dde80d279e9e06ee834477782a1ba4e2
SHA256bea17ebb6ab5b9d324b40d60f6ca16997c6711566364517afd415cf17aad12a4
SHA512b27adcde9757a24150b2f20d73a4314aac1b34a86731b8998e05b7a895c5a8dda6c1d6dba1e34f78704c2f4c93ee6efeda78a93a8648127c948bf6f7e8b092ef
-
Filesize
122KB
MD5c643d000c1efd22bafd1496f479417ca
SHA152e0d32684d80d3abb80e331201b89b0a9f0ff0d
SHA256d0fdd946e412b61304f9da060e32e7a1117e847115c0bab86e12ea0960e78392
SHA512e5e1252e11b5b273c6c8ab23ac6599c748bd2d5a1bf0e79b04e295bd2558cf0377ff87a7ad306176b7973690fb3f03d1f15b54c2ba6a9c18f2e2b3dd21a06640
-
Filesize
122KB
MD5455e2119eb60ca342b9adc05b2e227cc
SHA1d21eadb7b91aaff028f91c9e4e4d13884e498aff
SHA2567462017a84bc3d50636d82d389cf87259b6e22f8351e4bdc6633ecf892694369
SHA5124bf26ac371d943191d8db8641d6b41bb1478dd3880a5c8382594e8687de3ec3a262f90fceb6b8e43d1bc263a2ebc0fd41bdc31be8f0fd35cd752baf7331e03c0
-
Filesize
41KB
MD501cc342b42257b959a0e65b87c153e8a
SHA1f6f6932db2b852bb3573022af4d5206534594054
SHA256b2d24af64920d1ccf59e60970aec539f765ad41ca08866a7898cb24fec5fa0f6
SHA512e0ef5f40d285d6d0ebb4f780667e47ddc404ac14ddef94ef6fbd5a614a5c6391bcf0a42e795e48e389c3ac6b7732f87fade0212c311c1a648aa4d6898e3a59f5
-
Filesize
22B
MD576cdb2bad9582d23c1f6f4d868218d6c
SHA1b04f3ee8f5e43fa3b162981b50bb72fe1acabb33
SHA2568739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85
SHA5125e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f
-
Filesize
122KB
MD54d7870a48e9d14bb882688cbab3df826
SHA167e35c57920c3d49cc902811cc33f64f013d8646
SHA2563c428a3f0393b73e98f9089392e705d18c08be95e69206caa686a45ddd886900
SHA5123aacfe5416e5ca7836bdd5ff1b8666364da9692ebf69a89ef137ea043e7c0ac1b8203557e731cefacacf42ec8974087b056f2cfb23b97e853769e6d2519667be
-
Filesize
122KB
MD5c0328ec401a84c3348af1cceefed42bc
SHA12a1f679f9a02e9bf1ce3bf85fdafd560d5675c61
SHA25692585345294f203787669f86590ae5e4a967523335ba22fd5d32dce9f13daf21
SHA51231ec05e6c0ab9905f538a5f5cf1899ce876b2670d652418276fdcc775801e8c039637a50f44bf3c30992122b61a53fb86b06e55507b840ddcbf48c68a11dc65e
-
Filesize
122KB
MD51e02d28a447a0d8a0a571a1f106602d6
SHA192bbfa80d90c4aef56cd6d51efc29a2df3f01cab
SHA256fa4113895d76095dba37a87a40d9d4c08e747d9b59b872f928724a69af7facd7
SHA5120aed343ee289b441b68120461cefa2b8c5f1a64a8aadbb6c2e8f97c72a3443657c2e928d2c58784add2d0557c0b7d6e2abe7a89353b6f8f7e1332dfeada28cc9
-
Filesize
122KB
MD5e78d1a6cf2be435f4fdf8a96040eb420
SHA1009f76db0196cdeafa4a833c3972b22376d4cc99
SHA256b1c13b3f04e88973cb53041e5b5639b8bb87453192217359baccdea798da1221
SHA5120f64b11e68961de816fff50d965e8485cc62b1eb09a5a4e903910a9992f7ac2f4dccb52934cf97147501c4b71b41617544a1fdda3083ca19d465a29c14fe5493
-
Filesize
122KB
MD550cf5d1ed102306f08c50c32d61a1af7
SHA1ff9d10185cdd6555bab1f3c70e3f3cfac29ee857
SHA25698db5fcc6b0a44ce0f21df238570a73e898d15a46b03cede26e2b641df7ed602
SHA512a2db11ecef398fccdb801a5a6b869c60b654daea229f7a7b0a7a1003b1bfc0a56bf54b7be98e1c8d5f0482bfc4a0d925d115754b6c2df816a17272ebb2f73cff
-
Filesize
122KB
MD5993541aeff9eaccf88dd729717014b84
SHA1125bed89107d9fbc7dd4887a0613a4825f449fb0
SHA256cbdc13dcabe19ab25a72790d09b80e07ac2a1c36cc78425ace331edf1a69bf08
SHA512eb5d649a0e292639cd9767e06f9c0d4abb98fafbb1cc23c978e2e82a6a874a729cc123ae1e48912298fb3cfd778decf13ae90628f70c610f0c49e324d28e4310
-
Filesize
122KB
MD57b45fdcdc6b3e19d9ca1f9e5169b0d37
SHA1d843a2104b13335ee473e8accd62374c42135f08
SHA256173a3ac8ebc53a3d055332f249ee471d33754e29dc50a5d93928227f87da1592
SHA512b616370125704299723178b5a5676826c989d74f29aa93626d914c5e3be6ed3652e5a4a0fce30ff733a8fdab7b006e8ec4fa5139aed5532e56e995b875c35f62
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
144KB