Analysis
-
max time kernel
120s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
20/09/2024, 05:01
General
-
Target
165fefad7e85572095a63486918eebf427a3d9e059f242420d54449e4d1d83cbN.exe
-
Size
60KB
-
MD5
a3527ced455df6200f18dad80e36ea90
-
SHA1
81eabd8e2c27c7b1284ff6b3e40127c9b8425f20
-
SHA256
165fefad7e85572095a63486918eebf427a3d9e059f242420d54449e4d1d83cb
-
SHA512
e6c02bcba8f652abee379d9f2e158ea135d9c89619e4f5d78f3e271a05145b3662d3cffcf7881aa511c6d197e1310ef5cf3f48f2017e26c5bc3be0dbc96a36e2
-
SSDEEP
768:xzUXTQjaEyVm195IcIjNQSkwy3BEP+9XOQ69zbjlAAX5e9zj:eXTdEQcEWxTUwizbR9Xwzj
Score
10/10
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
Disables RegEdit via registry modification 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Power Settings 1 TTPs 1 IoCs
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 5 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\165fefad7e85572095a63486918eebf427a3d9e059f242420d54449e4d1d83cbN.exe"C:\Users\Admin\AppData\Local\Temp\165fefad7e85572095a63486918eebf427a3d9e059f242420d54449e4d1d83cbN.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2467538780\backup.exeC:\Users\Admin\AppData\Local\Temp\2467538780\backup.exe C:\Users\Admin\AppData\Local\Temp\2467538780\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\backup.exe\backup.exe \3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\PerfLogs\backup.exeC:\PerfLogs\backup.exe C:\PerfLogs\4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\PerfLogs\Admin\System Restore.exe"C:\PerfLogs\Admin\System Restore.exe" C:\PerfLogs\Admin\5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\backup.exe"C:\Program Files\backup.exe" C:\Program Files\4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\backup.exe"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\Lang\backup.exe"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\backup.exe"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\5⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\backup.exe"C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\7⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\7⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\8⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\update.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\update.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\8⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\8⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\8⤵
- Executes dropped EXE
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\8⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\data.exe"C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe"C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\7⤵
-
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\8⤵
- System policy modification
-
-
-
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\7⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\7⤵
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\backup.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\System Restore.exe"C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\7⤵
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\update.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\update.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\data.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\data.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\8⤵
-
-
C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\backup.exe"C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VC\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VC\7⤵
- System policy modification
-
-
C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VGX\7⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\backup.exe"C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\9⤵
-
-
-
-
-
C:\Program Files\Common Files\Services\System Restore.exe"C:\Program Files\Common Files\Services\System Restore.exe" C:\Program Files\Common Files\Services\6⤵
-
-
C:\Program Files\Common Files\SpeechEngines\backup.exe"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\6⤵
-
C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe"C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\7⤵
-
-
-
C:\Program Files\Common Files\System\backup.exe"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\6⤵
-
C:\Program Files\Common Files\System\ado\backup.exe"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\7⤵
- System Location Discovery: System Language Discovery
-
C:\Program Files\Common Files\System\ado\de-DE\backup.exe"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\ado\en-US\backup.exe"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\8⤵
-
-
C:\Program Files\Common Files\System\ado\es-ES\backup.exe"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\8⤵
-
-
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\8⤵
-
-
C:\Program Files\Common Files\System\ado\it-IT\backup.exe"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\8⤵
-
-
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\System\de-DE\backup.exe"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\7⤵
-
-
C:\Program Files\Common Files\System\en-US\backup.exe"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\es-ES\backup.exe"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\7⤵
-
-
C:\Program Files\Common Files\System\fr-FR\backup.exe"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\7⤵
-
-
C:\Program Files\Common Files\System\it-IT\backup.exe"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\7⤵
-
-
C:\Program Files\Common Files\System\ja-JP\backup.exe"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Common Files\System\msadc\backup.exe"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Common Files\System\msadc\de-DE\backup.exe"C:\Program Files\Common Files\System\msadc\de-DE\backup.exe" C:\Program Files\Common Files\System\msadc\de-DE\8⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files\Common Files\System\msadc\en-US\backup.exe"C:\Program Files\Common Files\System\msadc\en-US\backup.exe" C:\Program Files\Common Files\System\msadc\en-US\8⤵
-
-
C:\Program Files\Common Files\System\msadc\es-ES\backup.exe"C:\Program Files\Common Files\System\msadc\es-ES\backup.exe" C:\Program Files\Common Files\System\msadc\es-ES\8⤵
-
-
C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe"C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe" C:\Program Files\Common Files\System\msadc\fr-FR\8⤵
-
-
C:\Program Files\Common Files\System\msadc\it-IT\update.exe"C:\Program Files\Common Files\System\msadc\it-IT\update.exe" C:\Program Files\Common Files\System\msadc\it-IT\8⤵
-
-
C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe"C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe" C:\Program Files\Common Files\System\msadc\ja-JP\8⤵
-
-
-
C:\Program Files\Common Files\System\Ole DB\backup.exe"C:\Program Files\Common Files\System\Ole DB\backup.exe" C:\Program Files\Common Files\System\Ole DB\7⤵
- System Location Discovery: System Language Discovery
-
C:\Program Files\Common Files\System\Ole DB\de-DE\update.exe"C:\Program Files\Common Files\System\Ole DB\de-DE\update.exe" C:\Program Files\Common Files\System\Ole DB\de-DE\8⤵
-
-
C:\Program Files\Common Files\System\Ole DB\en-US\backup.exe"C:\Program Files\Common Files\System\Ole DB\en-US\backup.exe" C:\Program Files\Common Files\System\Ole DB\en-US\8⤵
-
-
C:\Program Files\Common Files\System\Ole DB\es-ES\update.exe"C:\Program Files\Common Files\System\Ole DB\es-ES\update.exe" C:\Program Files\Common Files\System\Ole DB\es-ES\8⤵
-
-
C:\Program Files\Common Files\System\Ole DB\fr-FR\backup.exe"C:\Program Files\Common Files\System\Ole DB\fr-FR\backup.exe" C:\Program Files\Common Files\System\Ole DB\fr-FR\8⤵
-
-
C:\Program Files\Common Files\System\Ole DB\it-IT\backup.exe"C:\Program Files\Common Files\System\Ole DB\it-IT\backup.exe" C:\Program Files\Common Files\System\Ole DB\it-IT\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Common Files\System\Ole DB\ja-JP\backup.exe"C:\Program Files\Common Files\System\Ole DB\ja-JP\backup.exe" C:\Program Files\Common Files\System\Ole DB\ja-JP\8⤵
-
-
-
-
-
C:\Program Files\DVD Maker\backup.exe"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\5⤵
-
C:\Program Files\DVD Maker\de-DE\backup.exe"C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\6⤵
-
-
C:\Program Files\DVD Maker\en-US\System Restore.exe"C:\Program Files\DVD Maker\en-US\System Restore.exe" C:\Program Files\DVD Maker\en-US\6⤵
- System Location Discovery: System Language Discovery
- System policy modification
-
-
C:\Program Files\DVD Maker\es-ES\backup.exe"C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\6⤵
-
-
C:\Program Files\DVD Maker\fr-FR\backup.exe"C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\6⤵
-
-
C:\Program Files\DVD Maker\it-IT\System Restore.exe"C:\Program Files\DVD Maker\it-IT\System Restore.exe" C:\Program Files\DVD Maker\it-IT\6⤵
-
-
C:\Program Files\DVD Maker\ja-JP\backup.exe"C:\Program Files\DVD Maker\ja-JP\backup.exe" C:\Program Files\DVD Maker\ja-JP\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\DVD Maker\Shared\backup.exe"C:\Program Files\DVD Maker\Shared\backup.exe" C:\Program Files\DVD Maker\Shared\6⤵
-
C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\7⤵
- Drops file in Program Files directory
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Full\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Push\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Push\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Push\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\8⤵
- System Location Discovery: System Language Discovery
- System policy modification
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\8⤵
-
-
C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\backup.exe"C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\8⤵
-
-
-
-
-
C:\Program Files\Google\backup.exe"C:\Program Files\Google\backup.exe" C:\Program Files\Google\5⤵
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\backup.exe"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\6⤵
-
C:\Program Files\Google\Chrome\Application\backup.exe"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\7⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- System policy modification
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\backup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\8⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\backup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\9⤵
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\System Restore.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\System Restore.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\9⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\backup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\9⤵
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\update.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\update.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\9⤵
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\backup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\9⤵
- System policy modification
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\backup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\9⤵
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\backup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\9⤵
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\data.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\data.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\10⤵
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\backup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\11⤵
-
-
-
-
-
C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe"C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
-
C:\Program Files\Internet Explorer\backup.exe"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\5⤵
- Drops file in Program Files directory
-
C:\Program Files\Internet Explorer\de-DE\backup.exe"C:\Program Files\Internet Explorer\de-DE\backup.exe" C:\Program Files\Internet Explorer\de-DE\6⤵
-
-
C:\Program Files\Internet Explorer\en-US\backup.exe"C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\6⤵
-
-
C:\Program Files\Internet Explorer\es-ES\backup.exe"C:\Program Files\Internet Explorer\es-ES\backup.exe" C:\Program Files\Internet Explorer\es-ES\6⤵
- System policy modification
-
-
C:\Program Files\Internet Explorer\fr-FR\backup.exe"C:\Program Files\Internet Explorer\fr-FR\backup.exe" C:\Program Files\Internet Explorer\fr-FR\6⤵
-
-
C:\Program Files\Internet Explorer\images\backup.exe"C:\Program Files\Internet Explorer\images\backup.exe" C:\Program Files\Internet Explorer\images\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Internet Explorer\it-IT\backup.exe"C:\Program Files\Internet Explorer\it-IT\backup.exe" C:\Program Files\Internet Explorer\it-IT\6⤵
-
-
C:\Program Files\Internet Explorer\ja-JP\backup.exe"C:\Program Files\Internet Explorer\ja-JP\backup.exe" C:\Program Files\Internet Explorer\ja-JP\6⤵
-
-
C:\Program Files\Internet Explorer\SIGNUP\backup.exe"C:\Program Files\Internet Explorer\SIGNUP\backup.exe" C:\Program Files\Internet Explorer\SIGNUP\6⤵
-
-
-
C:\Program Files\Java\backup.exe"C:\Program Files\Java\backup.exe" C:\Program Files\Java\5⤵
-
C:\Program Files\Java\jdk1.7.0_80\backup.exe"C:\Program Files\Java\jdk1.7.0_80\backup.exe" C:\Program Files\Java\jdk1.7.0_80\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Java\jdk1.7.0_80\bin\data.exe"C:\Program Files\Java\jdk1.7.0_80\bin\data.exe" C:\Program Files\Java\jdk1.7.0_80\bin\7⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\db\backup.exe"C:\Program Files\Java\jdk1.7.0_80\db\backup.exe" C:\Program Files\Java\jdk1.7.0_80\db\7⤵
-
C:\Program Files\Java\jdk1.7.0_80\db\bin\backup.exe"C:\Program Files\Java\jdk1.7.0_80\db\bin\backup.exe" C:\Program Files\Java\jdk1.7.0_80\db\bin\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Java\jdk1.7.0_80\db\lib\backup.exe"C:\Program Files\Java\jdk1.7.0_80\db\lib\backup.exe" C:\Program Files\Java\jdk1.7.0_80\db\lib\8⤵
- System policy modification
-
-
-
C:\Program Files\Java\jdk1.7.0_80\include\backup.exe"C:\Program Files\Java\jdk1.7.0_80\include\backup.exe" C:\Program Files\Java\jdk1.7.0_80\include\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Java\jdk1.7.0_80\include\win32\System Restore.exe"C:\Program Files\Java\jdk1.7.0_80\include\win32\System Restore.exe" C:\Program Files\Java\jdk1.7.0_80\include\win32\8⤵
-
C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\System Restore.exe"C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\System Restore.exe" C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\9⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\7⤵
- System Location Discovery: System Language Discovery
-
C:\Program Files\Java\jdk1.7.0_80\jre\bin\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\bin\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\bin\8⤵
-
C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\9⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\9⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\9⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\8⤵
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\9⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\applet\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\applet\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\applet\9⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\9⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\9⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\9⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\9⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\9⤵
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\10⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\9⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\9⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\9⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\9⤵
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\10⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\10⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\11⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\11⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\11⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\System Restore.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\System Restore.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\11⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\10⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\10⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\10⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\10⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\10⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\10⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\10⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\data.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\data.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\10⤵
- System policy modification
-
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\backup.exe"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\10⤵
-
-
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\7⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\8⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\9⤵
- System Location Discovery: System Language Discovery
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\10⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\10⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\9⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\data.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\data.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\9⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\10⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\System Restore.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\System Restore.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\10⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\10⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\10⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\10⤵
- System policy modification
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\10⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\10⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\10⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\10⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\10⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\11⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\10⤵
- System policy modification
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\System Restore.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\System Restore.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\11⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\System Restore.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\System Restore.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\10⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\11⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\10⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\11⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\10⤵
- System policy modification
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\11⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\update.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\update.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\10⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\11⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\10⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\System Restore.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\System Restore.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\11⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\10⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\11⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\10⤵
- System Location Discovery: System Language Discovery
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\11⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\10⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\11⤵
-
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\10⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\11⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\12⤵
-
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\10⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\data.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\data.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\11⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\12⤵
-
-
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\9⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\10⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\11⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\update.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\update.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\12⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\13⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\13⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\13⤵
-
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\11⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\11⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\10⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\update.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\update.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\11⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\11⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\11⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\data.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\data.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\11⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\10⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\11⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\10⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\11⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\12⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\update.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\update.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\11⤵
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\11⤵
-
-
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\8⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\9⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\9⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\10⤵
- Disables RegEdit via registry modification
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\11⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\11⤵
- Disables RegEdit via registry modification
- System Location Discovery: System Language Discovery
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\data.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\data.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\10⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\11⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\10⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\11⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\10⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\11⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\12⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\11⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\10⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\9⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\10⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\11⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\10⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\11⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\12⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\data.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\data.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\13⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\12⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\13⤵
-
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\11⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\10⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\11⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\10⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\9⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\10⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\data.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\data.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\11⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\10⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\11⤵
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\10⤵
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\backup.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\11⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\update.exe"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\update.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\10⤵
-
-
-
-
-
-
C:\Program Files\Java\jre7\backup.exe"C:\Program Files\Java\jre7\backup.exe" C:\Program Files\Java\jre7\6⤵
-
C:\Program Files\Java\jre7\bin\backup.exe"C:\Program Files\Java\jre7\bin\backup.exe" C:\Program Files\Java\jre7\bin\7⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jre7\bin\dtplugin\backup.exe"C:\Program Files\Java\jre7\bin\dtplugin\backup.exe" C:\Program Files\Java\jre7\bin\dtplugin\8⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Java\jre7\bin\plugin2\backup.exe"C:\Program Files\Java\jre7\bin\plugin2\backup.exe" C:\Program Files\Java\jre7\bin\plugin2\8⤵
- System policy modification
-
-
C:\Program Files\Java\jre7\bin\server\backup.exe"C:\Program Files\Java\jre7\bin\server\backup.exe" C:\Program Files\Java\jre7\bin\server\8⤵
-
-
-
C:\Program Files\Java\jre7\lib\backup.exe"C:\Program Files\Java\jre7\lib\backup.exe" C:\Program Files\Java\jre7\lib\7⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
-
C:\Program Files\Java\jre7\lib\amd64\backup.exe"C:\Program Files\Java\jre7\lib\amd64\backup.exe" C:\Program Files\Java\jre7\lib\amd64\8⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files\Java\jre7\lib\applet\backup.exe"C:\Program Files\Java\jre7\lib\applet\backup.exe" C:\Program Files\Java\jre7\lib\applet\8⤵
-
-
C:\Program Files\Java\jre7\lib\cmm\backup.exe"C:\Program Files\Java\jre7\lib\cmm\backup.exe" C:\Program Files\Java\jre7\lib\cmm\8⤵
-
-
C:\Program Files\Java\jre7\lib\deploy\backup.exe"C:\Program Files\Java\jre7\lib\deploy\backup.exe" C:\Program Files\Java\jre7\lib\deploy\8⤵
-
-
C:\Program Files\Java\jre7\lib\ext\backup.exe"C:\Program Files\Java\jre7\lib\ext\backup.exe" C:\Program Files\Java\jre7\lib\ext\8⤵
-
-
C:\Program Files\Java\jre7\lib\fonts\update.exe"C:\Program Files\Java\jre7\lib\fonts\update.exe" C:\Program Files\Java\jre7\lib\fonts\8⤵
-
-
C:\Program Files\Java\jre7\lib\images\backup.exe"C:\Program Files\Java\jre7\lib\images\backup.exe" C:\Program Files\Java\jre7\lib\images\8⤵
- System policy modification
-
C:\Program Files\Java\jre7\lib\images\cursors\backup.exe"C:\Program Files\Java\jre7\lib\images\cursors\backup.exe" C:\Program Files\Java\jre7\lib\images\cursors\9⤵
-
-
-
C:\Program Files\Java\jre7\lib\jfr\backup.exe"C:\Program Files\Java\jre7\lib\jfr\backup.exe" C:\Program Files\Java\jre7\lib\jfr\8⤵
-
-
C:\Program Files\Java\jre7\lib\management\backup.exe"C:\Program Files\Java\jre7\lib\management\backup.exe" C:\Program Files\Java\jre7\lib\management\8⤵
-
-
C:\Program Files\Java\jre7\lib\security\backup.exe"C:\Program Files\Java\jre7\lib\security\backup.exe" C:\Program Files\Java\jre7\lib\security\8⤵
-
-
C:\Program Files\Java\jre7\lib\zi\backup.exe"C:\Program Files\Java\jre7\lib\zi\backup.exe" C:\Program Files\Java\jre7\lib\zi\8⤵
- Drops file in Program Files directory
-
C:\Program Files\Java\jre7\lib\zi\Africa\backup.exe"C:\Program Files\Java\jre7\lib\zi\Africa\backup.exe" C:\Program Files\Java\jre7\lib\zi\Africa\9⤵
-
-
C:\Program Files\Java\jre7\lib\zi\America\backup.exe"C:\Program Files\Java\jre7\lib\zi\America\backup.exe" C:\Program Files\Java\jre7\lib\zi\America\9⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Program Files directory
-
C:\Program Files\Java\jre7\lib\zi\America\Argentina\backup.exe"C:\Program Files\Java\jre7\lib\zi\America\Argentina\backup.exe" C:\Program Files\Java\jre7\lib\zi\America\Argentina\10⤵
-
-
C:\Program Files\Java\jre7\lib\zi\America\Indiana\backup.exe"C:\Program Files\Java\jre7\lib\zi\America\Indiana\backup.exe" C:\Program Files\Java\jre7\lib\zi\America\Indiana\10⤵
-
-
C:\Program Files\Java\jre7\lib\zi\America\Kentucky\backup.exe"C:\Program Files\Java\jre7\lib\zi\America\Kentucky\backup.exe" C:\Program Files\Java\jre7\lib\zi\America\Kentucky\10⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\backup.exe"C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\backup.exe" C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\10⤵
-
-
-
C:\Program Files\Java\jre7\lib\zi\Antarctica\data.exe"C:\Program Files\Java\jre7\lib\zi\Antarctica\data.exe" C:\Program Files\Java\jre7\lib\zi\Antarctica\9⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Java\jre7\lib\zi\Asia\backup.exe"C:\Program Files\Java\jre7\lib\zi\Asia\backup.exe" C:\Program Files\Java\jre7\lib\zi\Asia\9⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files\Java\jre7\lib\zi\Atlantic\backup.exe"C:\Program Files\Java\jre7\lib\zi\Atlantic\backup.exe" C:\Program Files\Java\jre7\lib\zi\Atlantic\9⤵
-
-
C:\Program Files\Java\jre7\lib\zi\Australia\backup.exe"C:\Program Files\Java\jre7\lib\zi\Australia\backup.exe" C:\Program Files\Java\jre7\lib\zi\Australia\9⤵
-
-
C:\Program Files\Java\jre7\lib\zi\Etc\System Restore.exe"C:\Program Files\Java\jre7\lib\zi\Etc\System Restore.exe" C:\Program Files\Java\jre7\lib\zi\Etc\9⤵
-
-
C:\Program Files\Java\jre7\lib\zi\Europe\backup.exe"C:\Program Files\Java\jre7\lib\zi\Europe\backup.exe" C:\Program Files\Java\jre7\lib\zi\Europe\9⤵
-
-
C:\Program Files\Java\jre7\lib\zi\Indian\backup.exe"C:\Program Files\Java\jre7\lib\zi\Indian\backup.exe" C:\Program Files\Java\jre7\lib\zi\Indian\9⤵
-
-
C:\Program Files\Java\jre7\lib\zi\Pacific\backup.exe"C:\Program Files\Java\jre7\lib\zi\Pacific\backup.exe" C:\Program Files\Java\jre7\lib\zi\Pacific\9⤵
-
-
C:\Program Files\Java\jre7\lib\zi\SystemV\backup.exe"C:\Program Files\Java\jre7\lib\zi\SystemV\backup.exe" C:\Program Files\Java\jre7\lib\zi\SystemV\9⤵
-
-
-
-
-
-
C:\Program Files\Microsoft Games\backup.exe"C:\Program Files\Microsoft Games\backup.exe" C:\Program Files\Microsoft Games\5⤵
- Drops file in Program Files directory
-
C:\Program Files\Microsoft Games\Chess\backup.exe"C:\Program Files\Microsoft Games\Chess\backup.exe" C:\Program Files\Microsoft Games\Chess\6⤵
- System Location Discovery: System Language Discovery
-
C:\Program Files\Microsoft Games\Chess\de-DE\backup.exe"C:\Program Files\Microsoft Games\Chess\de-DE\backup.exe" C:\Program Files\Microsoft Games\Chess\de-DE\7⤵
-
-
C:\Program Files\Microsoft Games\Chess\en-US\backup.exe"C:\Program Files\Microsoft Games\Chess\en-US\backup.exe" C:\Program Files\Microsoft Games\Chess\en-US\7⤵
-
-
C:\Program Files\Microsoft Games\Chess\es-ES\backup.exe"C:\Program Files\Microsoft Games\Chess\es-ES\backup.exe" C:\Program Files\Microsoft Games\Chess\es-ES\7⤵
-
-
C:\Program Files\Microsoft Games\Chess\fr-FR\backup.exe"C:\Program Files\Microsoft Games\Chess\fr-FR\backup.exe" C:\Program Files\Microsoft Games\Chess\fr-FR\7⤵
-
-
C:\Program Files\Microsoft Games\Chess\it-IT\backup.exe"C:\Program Files\Microsoft Games\Chess\it-IT\backup.exe" C:\Program Files\Microsoft Games\Chess\it-IT\7⤵
-
-
C:\Program Files\Microsoft Games\Chess\ja-JP\data.exe"C:\Program Files\Microsoft Games\Chess\ja-JP\data.exe" C:\Program Files\Microsoft Games\Chess\ja-JP\7⤵
-
-
-
C:\Program Files\Microsoft Games\FreeCell\backup.exe"C:\Program Files\Microsoft Games\FreeCell\backup.exe" C:\Program Files\Microsoft Games\FreeCell\6⤵
- Drops file in Program Files directory
-
C:\Program Files\Microsoft Games\FreeCell\de-DE\backup.exe"C:\Program Files\Microsoft Games\FreeCell\de-DE\backup.exe" C:\Program Files\Microsoft Games\FreeCell\de-DE\7⤵
-
-
C:\Program Files\Microsoft Games\FreeCell\en-US\backup.exe"C:\Program Files\Microsoft Games\FreeCell\en-US\backup.exe" C:\Program Files\Microsoft Games\FreeCell\en-US\7⤵
-
-
C:\Program Files\Microsoft Games\FreeCell\es-ES\backup.exe"C:\Program Files\Microsoft Games\FreeCell\es-ES\backup.exe" C:\Program Files\Microsoft Games\FreeCell\es-ES\7⤵
-
-
C:\Program Files\Microsoft Games\FreeCell\fr-FR\backup.exe"C:\Program Files\Microsoft Games\FreeCell\fr-FR\backup.exe" C:\Program Files\Microsoft Games\FreeCell\fr-FR\7⤵
-
-
C:\Program Files\Microsoft Games\FreeCell\it-IT\backup.exe"C:\Program Files\Microsoft Games\FreeCell\it-IT\backup.exe" C:\Program Files\Microsoft Games\FreeCell\it-IT\7⤵
-
-
C:\Program Files\Microsoft Games\FreeCell\ja-JP\backup.exe"C:\Program Files\Microsoft Games\FreeCell\ja-JP\backup.exe" C:\Program Files\Microsoft Games\FreeCell\ja-JP\7⤵
-
-
-
C:\Program Files\Microsoft Games\Hearts\backup.exe"C:\Program Files\Microsoft Games\Hearts\backup.exe" C:\Program Files\Microsoft Games\Hearts\6⤵
- System Location Discovery: System Language Discovery
-
C:\Program Files\Microsoft Games\Hearts\de-DE\backup.exe"C:\Program Files\Microsoft Games\Hearts\de-DE\backup.exe" C:\Program Files\Microsoft Games\Hearts\de-DE\7⤵
-
-
C:\Program Files\Microsoft Games\Hearts\en-US\backup.exe"C:\Program Files\Microsoft Games\Hearts\en-US\backup.exe" C:\Program Files\Microsoft Games\Hearts\en-US\7⤵
-
-
C:\Program Files\Microsoft Games\Hearts\es-ES\backup.exe"C:\Program Files\Microsoft Games\Hearts\es-ES\backup.exe" C:\Program Files\Microsoft Games\Hearts\es-ES\7⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files\Microsoft Games\Hearts\fr-FR\data.exe"C:\Program Files\Microsoft Games\Hearts\fr-FR\data.exe" C:\Program Files\Microsoft Games\Hearts\fr-FR\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files\Microsoft Games\Hearts\it-IT\backup.exe"C:\Program Files\Microsoft Games\Hearts\it-IT\backup.exe" C:\Program Files\Microsoft Games\Hearts\it-IT\7⤵
-
-
C:\Program Files\Microsoft Games\Hearts\ja-JP\backup.exe"C:\Program Files\Microsoft Games\Hearts\ja-JP\backup.exe" C:\Program Files\Microsoft Games\Hearts\ja-JP\7⤵
-
-
-
C:\Program Files\Microsoft Games\Mahjong\backup.exe"C:\Program Files\Microsoft Games\Mahjong\backup.exe" C:\Program Files\Microsoft Games\Mahjong\6⤵
-
C:\Program Files\Microsoft Games\Mahjong\de-DE\backup.exe"C:\Program Files\Microsoft Games\Mahjong\de-DE\backup.exe" C:\Program Files\Microsoft Games\Mahjong\de-DE\7⤵
-
-
C:\Program Files\Microsoft Games\Mahjong\en-US\backup.exe"C:\Program Files\Microsoft Games\Mahjong\en-US\backup.exe" C:\Program Files\Microsoft Games\Mahjong\en-US\7⤵
-
-
C:\Program Files\Microsoft Games\Mahjong\es-ES\backup.exe"C:\Program Files\Microsoft Games\Mahjong\es-ES\backup.exe" C:\Program Files\Microsoft Games\Mahjong\es-ES\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Microsoft Games\Mahjong\fr-FR\backup.exe"C:\Program Files\Microsoft Games\Mahjong\fr-FR\backup.exe" C:\Program Files\Microsoft Games\Mahjong\fr-FR\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files\Microsoft Games\Mahjong\it-IT\backup.exe"C:\Program Files\Microsoft Games\Mahjong\it-IT\backup.exe" C:\Program Files\Microsoft Games\Mahjong\it-IT\7⤵
-
-
C:\Program Files\Microsoft Games\Mahjong\ja-JP\backup.exe"C:\Program Files\Microsoft Games\Mahjong\ja-JP\backup.exe" C:\Program Files\Microsoft Games\Mahjong\ja-JP\7⤵
-
-
-
C:\Program Files\Microsoft Games\Minesweeper\backup.exe"C:\Program Files\Microsoft Games\Minesweeper\backup.exe" C:\Program Files\Microsoft Games\Minesweeper\6⤵
-
C:\Program Files\Microsoft Games\Minesweeper\de-DE\backup.exe"C:\Program Files\Microsoft Games\Minesweeper\de-DE\backup.exe" C:\Program Files\Microsoft Games\Minesweeper\de-DE\7⤵
-
-
C:\Program Files\Microsoft Games\Minesweeper\en-US\data.exe"C:\Program Files\Microsoft Games\Minesweeper\en-US\data.exe" C:\Program Files\Microsoft Games\Minesweeper\en-US\7⤵
-
-
C:\Program Files\Microsoft Games\Minesweeper\es-ES\backup.exe"C:\Program Files\Microsoft Games\Minesweeper\es-ES\backup.exe" C:\Program Files\Microsoft Games\Minesweeper\es-ES\7⤵
-
-
C:\Program Files\Microsoft Games\Minesweeper\fr-FR\backup.exe"C:\Program Files\Microsoft Games\Minesweeper\fr-FR\backup.exe" C:\Program Files\Microsoft Games\Minesweeper\fr-FR\7⤵
-
-
C:\Program Files\Microsoft Games\Minesweeper\it-IT\System Restore.exe"C:\Program Files\Microsoft Games\Minesweeper\it-IT\System Restore.exe" C:\Program Files\Microsoft Games\Minesweeper\it-IT\7⤵
-
-
C:\Program Files\Microsoft Games\Minesweeper\ja-JP\backup.exe"C:\Program Files\Microsoft Games\Minesweeper\ja-JP\backup.exe" C:\Program Files\Microsoft Games\Minesweeper\ja-JP\7⤵
-
-
-
C:\Program Files\Microsoft Games\More Games\backup.exe"C:\Program Files\Microsoft Games\More Games\backup.exe" C:\Program Files\Microsoft Games\More Games\6⤵
-
C:\Program Files\Microsoft Games\More Games\de-DE\backup.exe"C:\Program Files\Microsoft Games\More Games\de-DE\backup.exe" C:\Program Files\Microsoft Games\More Games\de-DE\7⤵
-
-
C:\Program Files\Microsoft Games\More Games\en-US\backup.exe"C:\Program Files\Microsoft Games\More Games\en-US\backup.exe" C:\Program Files\Microsoft Games\More Games\en-US\7⤵
- System policy modification
-
-
C:\Program Files\Microsoft Games\More Games\es-ES\backup.exe"C:\Program Files\Microsoft Games\More Games\es-ES\backup.exe" C:\Program Files\Microsoft Games\More Games\es-ES\7⤵
-
-
C:\Program Files\Microsoft Games\More Games\fr-FR\backup.exe"C:\Program Files\Microsoft Games\More Games\fr-FR\backup.exe" C:\Program Files\Microsoft Games\More Games\fr-FR\7⤵
-
-
C:\Program Files\Microsoft Games\More Games\it-IT\backup.exe"C:\Program Files\Microsoft Games\More Games\it-IT\backup.exe" C:\Program Files\Microsoft Games\More Games\it-IT\7⤵
-
-
C:\Program Files\Microsoft Games\More Games\ja-JP\backup.exe"C:\Program Files\Microsoft Games\More Games\ja-JP\backup.exe" C:\Program Files\Microsoft Games\More Games\ja-JP\7⤵
-
-
-
C:\Program Files\Microsoft Games\Multiplayer\data.exe"C:\Program Files\Microsoft Games\Multiplayer\data.exe" C:\Program Files\Microsoft Games\Multiplayer\6⤵
-
C:\Program Files\Microsoft Games\Multiplayer\Backgammon\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Backgammon\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Backgammon\7⤵
-
C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\8⤵
-
-
C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\8⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\8⤵
-
-
C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\8⤵
-
-
C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\8⤵
-
-
-
C:\Program Files\Microsoft Games\Multiplayer\Checkers\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Checkers\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Checkers\7⤵
-
C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\backup.exe"C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\8⤵
- Disables RegEdit via registry modification
-
-
-
-
C:\Program Files\Microsoft Games\Purble Place\backup.exe"C:\Program Files\Microsoft Games\Purble Place\backup.exe" C:\Program Files\Microsoft Games\Purble Place\6⤵
-
C:\Program Files\Microsoft Games\Purble Place\de-DE\backup.exe"C:\Program Files\Microsoft Games\Purble Place\de-DE\backup.exe" C:\Program Files\Microsoft Games\Purble Place\de-DE\7⤵
-
-
-
-
C:\Program Files\Microsoft Office\backup.exe"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\5⤵
-
C:\Program Files\Microsoft Office\Office14\backup.exe"C:\Program Files\Microsoft Office\Office14\backup.exe" C:\Program Files\Microsoft Office\Office14\6⤵
-
C:\Program Files\Microsoft Office\Office14\1033\backup.exe"C:\Program Files\Microsoft Office\Office14\1033\backup.exe" C:\Program Files\Microsoft Office\Office14\1033\7⤵
-
-
-
-
C:\Program Files\Mozilla Firefox\backup.exe"C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\5⤵
-
C:\Program Files\Mozilla Firefox\browser\backup.exe"C:\Program Files\Mozilla Firefox\browser\backup.exe" C:\Program Files\Mozilla Firefox\browser\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files\Mozilla Firefox\browser\features\System Restore.exe"C:\Program Files\Mozilla Firefox\browser\features\System Restore.exe" C:\Program Files\Mozilla Firefox\browser\features\7⤵
-
-
C:\Program Files\Mozilla Firefox\browser\VisualElements\backup.exe"C:\Program Files\Mozilla Firefox\browser\VisualElements\backup.exe" C:\Program Files\Mozilla Firefox\browser\VisualElements\7⤵
-
-
-
C:\Program Files\Mozilla Firefox\defaults\backup.exe"C:\Program Files\Mozilla Firefox\defaults\backup.exe" C:\Program Files\Mozilla Firefox\defaults\6⤵
-
C:\Program Files\Mozilla Firefox\defaults\pref\backup.exe"C:\Program Files\Mozilla Firefox\defaults\pref\backup.exe" C:\Program Files\Mozilla Firefox\defaults\pref\7⤵
-
-
-
C:\Program Files\Mozilla Firefox\fonts\backup.exe"C:\Program Files\Mozilla Firefox\fonts\backup.exe" C:\Program Files\Mozilla Firefox\fonts\6⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files\Mozilla Firefox\gmp-clearkey\data.exe"C:\Program Files\Mozilla Firefox\gmp-clearkey\data.exe" C:\Program Files\Mozilla Firefox\gmp-clearkey\6⤵
-
C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\backup.exe"C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\backup.exe" C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\7⤵
-
-
-
C:\Program Files\Mozilla Firefox\uninstall\backup.exe"C:\Program Files\Mozilla Firefox\uninstall\backup.exe" C:\Program Files\Mozilla Firefox\uninstall\6⤵
-
-
-
C:\Program Files\MSBuild\data.exe"C:\Program Files\MSBuild\data.exe" C:\Program Files\MSBuild\5⤵
-
C:\Program Files\MSBuild\Microsoft\backup.exe"C:\Program Files\MSBuild\Microsoft\backup.exe" C:\Program Files\MSBuild\Microsoft\6⤵
-
C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\backup.exe"C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\backup.exe" C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\7⤵
- System policy modification
-
C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\update.exe"C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\update.exe" C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\8⤵
-
-
C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\backup.exe"C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\backup.exe" C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\8⤵
-
-
-
-
-
C:\Program Files\Reference Assemblies\backup.exe"C:\Program Files\Reference Assemblies\backup.exe" C:\Program Files\Reference Assemblies\5⤵
-
C:\Program Files\Reference Assemblies\Microsoft\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\6⤵
- Drops file in Program Files directory
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\7⤵
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\8⤵
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\9⤵
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\9⤵
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\9⤵
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\9⤵
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\9⤵
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\9⤵
-
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\data.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\data.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\8⤵
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\9⤵
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\9⤵
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\9⤵
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System Restore.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System Restore.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\9⤵
- System policy modification
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\9⤵
-
-
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\backup.exe"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\9⤵
- System policy modification
-
-
-
-
-
-
C:\Program Files\VideoLAN\backup.exe"C:\Program Files\VideoLAN\backup.exe" C:\Program Files\VideoLAN\5⤵
-
C:\Program Files\VideoLAN\VLC\backup.exe"C:\Program Files\VideoLAN\VLC\backup.exe" C:\Program Files\VideoLAN\VLC\6⤵
- Drops file in Program Files directory
-
C:\Program Files\VideoLAN\VLC\hrtfs\backup.exe"C:\Program Files\VideoLAN\VLC\hrtfs\backup.exe" C:\Program Files\VideoLAN\VLC\hrtfs\7⤵
-
-
C:\Program Files\VideoLAN\VLC\locale\System Restore.exe"C:\Program Files\VideoLAN\VLC\locale\System Restore.exe" C:\Program Files\VideoLAN\VLC\locale\7⤵
-
C:\Program Files\VideoLAN\VLC\locale\ach\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ach\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ach\8⤵
-
C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\9⤵
-
-
-
C:\Program Files\VideoLAN\VLC\locale\af\backup.exe"C:\Program Files\VideoLAN\VLC\locale\af\backup.exe" C:\Program Files\VideoLAN\VLC\locale\af\8⤵
- System policy modification
-
C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\9⤵
-
-
-
C:\Program Files\VideoLAN\VLC\locale\am\backup.exe"C:\Program Files\VideoLAN\VLC\locale\am\backup.exe" C:\Program Files\VideoLAN\VLC\locale\am\8⤵
-
C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\backup.exe"C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\9⤵
- System policy modification
-
-
-
-
C:\Program Files\VideoLAN\VLC\lua\backup.exe"C:\Program Files\VideoLAN\VLC\lua\backup.exe" C:\Program Files\VideoLAN\VLC\lua\7⤵
-
C:\Program Files\VideoLAN\VLC\lua\extensions\backup.exe"C:\Program Files\VideoLAN\VLC\lua\extensions\backup.exe" C:\Program Files\VideoLAN\VLC\lua\extensions\8⤵
- System Location Discovery: System Language Discovery
- System policy modification
-
-
C:\Program Files\VideoLAN\VLC\lua\http\backup.exe"C:\Program Files\VideoLAN\VLC\lua\http\backup.exe" C:\Program Files\VideoLAN\VLC\lua\http\8⤵
-
C:\Program Files\VideoLAN\VLC\lua\http\css\backup.exe"C:\Program Files\VideoLAN\VLC\lua\http\css\backup.exe" C:\Program Files\VideoLAN\VLC\lua\http\css\9⤵
-
-
-
-
-
-
C:\Program Files\Windows Defender\backup.exe"C:\Program Files\Windows Defender\backup.exe" C:\Program Files\Windows Defender\5⤵
- Drops file in Program Files directory
-
C:\Program Files\Windows Defender\de-DE\backup.exe"C:\Program Files\Windows Defender\de-DE\backup.exe" C:\Program Files\Windows Defender\de-DE\6⤵
-
-
C:\Program Files\Windows Defender\en-US\backup.exe"C:\Program Files\Windows Defender\en-US\backup.exe" C:\Program Files\Windows Defender\en-US\6⤵
-
-
C:\Program Files\Windows Defender\es-ES\backup.exe"C:\Program Files\Windows Defender\es-ES\backup.exe" C:\Program Files\Windows Defender\es-ES\6⤵
-
-
C:\Program Files\Windows Defender\fr-FR\backup.exe"C:\Program Files\Windows Defender\fr-FR\backup.exe" C:\Program Files\Windows Defender\fr-FR\6⤵
-
-
C:\Program Files\Windows Defender\it-IT\backup.exe"C:\Program Files\Windows Defender\it-IT\backup.exe" C:\Program Files\Windows Defender\it-IT\6⤵
-
-
C:\Program Files\Windows Defender\ja-JP\backup.exe"C:\Program Files\Windows Defender\ja-JP\backup.exe" C:\Program Files\Windows Defender\ja-JP\6⤵
-
-
-
C:\Program Files\Windows Journal\backup.exe"C:\Program Files\Windows Journal\backup.exe" C:\Program Files\Windows Journal\5⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
-
C:\Program Files\Windows Journal\de-DE\backup.exe"C:\Program Files\Windows Journal\de-DE\backup.exe" C:\Program Files\Windows Journal\de-DE\6⤵
-
-
-
-
C:\Program Files (x86)\backup.exe"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\4⤵
-
C:\Program Files (x86)\Adobe\backup.exe"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\5⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\6⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\System Restore.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\8⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\update.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\9⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\10⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\9⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\10⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\11⤵
-
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\9⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\10⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\9⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\10⤵
-
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\8⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\7⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\9⤵
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\8⤵
- System policy modification
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\9⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\9⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\10⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\11⤵
-
-
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\8⤵
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\8⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\9⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\10⤵
- System Location Discovery: System Language Discovery
- System policy modification
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\10⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\11⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\11⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\11⤵
- Disables RegEdit via registry modification
- System Network Configuration Discovery: Internet Connection Discovery
-
-
-
-
-
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\7⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\8⤵
-
-
-
-
-
C:\Program Files (x86)\Common Files\backup.exe"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\5⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe\backup.exe"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\6⤵
-
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\7⤵
-
-
C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\7⤵
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\8⤵
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9⤵
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\10⤵
-
-
-
-
-
C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe"C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Updater6\7⤵
-
-
-
C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\6⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\backup.exe"C:\Program Files (x86)\Common Files\Adobe AIR\Versions\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\Versions\7⤵
-
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\data.exe"C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\data.exe" C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\8⤵
-
-
-
-
C:\Program Files (x86)\Common Files\DESIGNER\backup.exe"C:\Program Files (x86)\Common Files\DESIGNER\backup.exe" C:\Program Files (x86)\Common Files\DESIGNER\6⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\6⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\microsoft shared\DAO\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\DAO\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\DAO\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files (x86)\Common Files\microsoft shared\DW\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\DW\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\DW\7⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\7⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\1033\System Restore.exe"C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\1033\System Restore.exe" C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\1033\8⤵
- Disables RegEdit via registry modification
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\EURO\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\EURO\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\EURO\7⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Filters\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Filters\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Filters\7⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\7⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\8⤵
- System policy modification
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\data.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\data.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\8⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\8⤵
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\1.0\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\1.0\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\1.0\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\8⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\8⤵
- Disables RegEdit via registry modification
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\HWRCustomization\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\HWRCustomization\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\HWRCustomization\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\it-IT\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\it-IT\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\it-IT\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\update.exe"C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\update.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\8⤵
- System policy modification
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\MSClientDataMgr\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSClientDataMgr\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSClientDataMgr\7⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\7⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\PublicAssemblies\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\PublicAssemblies\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\PublicAssemblies\8⤵
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\7⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\de-DE\update.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\de-DE\update.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\de-DE\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\en-US\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\en-US\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\en-US\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\es-ES\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\es-ES\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\es-ES\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\fr-FR\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\it-IT\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\it-IT\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\it-IT\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\ja-JP\8⤵
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\7⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\8⤵
- System policy modification
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\8⤵
- System policy modification
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\8⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Access.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Access.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Access.en-us\9⤵
- System policy modification
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Excel.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Excel.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Excel.en-us\9⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Groove.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Groove.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Groove.en-us\9⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\InfoPath.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\InfoPath.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\InfoPath.en-us\9⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\data.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\data.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\9⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.en-us\9⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.WW\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.WW\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.WW\9⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\OneNote.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\OneNote.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\OneNote.en-us\9⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Outlook.en-us\data.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Outlook.en-us\data.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Outlook.en-us\9⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\9⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.en\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.en\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.en\9⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.es\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.es\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.es\9⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.fr\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.fr\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.fr\9⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proofing.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proofing.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proofing.en-us\9⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PROPLUS\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PROPLUS\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PROPLUS\9⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Publisher.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Publisher.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Publisher.en-us\9⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Word.en-us\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Word.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Word.en-us\9⤵
-
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\7⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Portal\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Portal\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Portal\7⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\Portal\1033\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Portal\1033\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Portal\1033\8⤵
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\PROOF\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\PROOF\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\PROOF\7⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\1033\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\1033\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\1033\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\update.exe"C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\update.exe" C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\8⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\1033\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\1033\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\1033\9⤵
- Modifies visibility of file extensions in Explorer
- System Location Discovery: System Language Discovery
-
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\7⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Stationery\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Stationery\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Stationery\7⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TextConv\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TextConv\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\microsoft shared\TextConv\de-DE\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TextConv\de-DE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\de-DE\8⤵
- Disables RegEdit via registry modification
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TextConv\en-US\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TextConv\en-US\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\en-US\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TextConv\es-ES\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TextConv\es-ES\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\es-ES\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TextConv\fr-FR\data.exe"C:\Program Files (x86)\Common Files\microsoft shared\TextConv\fr-FR\data.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\fr-FR\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TextConv\it-IT\update.exe"C:\Program Files (x86)\Common Files\microsoft shared\TextConv\it-IT\update.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\it-IT\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TextConv\ja-JP\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TextConv\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\ja-JP\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\8⤵
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\7⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AFTRNOON\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AFTRNOON\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AFTRNOON\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ARCTIC\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ARCTIC\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ARCTIC\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AXIS\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AXIS\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AXIS\8⤵
- System policy modification
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLENDS\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLENDS\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLENDS\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUEPRNT\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUEPRNT\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUEPRNT\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BOLDSTRI\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BOLDSTRI\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BOLDSTRI\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BREEZE\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BREEZE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BREEZE\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CANYON\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CANYON\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CANYON\8⤵
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\7⤵
-
C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ARFR\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ARFR\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ARFR\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENES\update.exe"C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENES\update.exe" C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENES\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENFR\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENFR\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENFR\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ESEN\System Restore.exe"C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ESEN\System Restore.exe" C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ESEN\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\FRAR\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\FRAR\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\FRAR\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\FREN\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\FREN\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\FREN\8⤵
-
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Triedit\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Triedit\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Triedit\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\microsoft shared\Triedit\de-DE\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Triedit\de-DE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Triedit\de-DE\8⤵
-
-
C:\Program Files (x86)\Common Files\microsoft shared\Triedit\en-US\backup.exe"C:\Program Files (x86)\Common Files\microsoft shared\Triedit\en-US\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Triedit\en-US\8⤵
-
-
-
-
C:\Program Files (x86)\Common Files\Services\backup.exe"C:\Program Files (x86)\Common Files\Services\backup.exe" C:\Program Files (x86)\Common Files\Services\6⤵
-
-
C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe"C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe" C:\Program Files (x86)\Common Files\SpeechEngines\6⤵
-
C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\backup.exe"C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\7⤵
- System policy modification
-
-
-
C:\Program Files (x86)\Common Files\System\backup.exe"C:\Program Files (x86)\Common Files\System\backup.exe" C:\Program Files (x86)\Common Files\System\6⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Common Files\System\ado\backup.exe"C:\Program Files (x86)\Common Files\System\ado\backup.exe" C:\Program Files (x86)\Common Files\System\ado\7⤵
-
C:\Program Files (x86)\Common Files\System\ado\de-DE\backup.exe"C:\Program Files (x86)\Common Files\System\ado\de-DE\backup.exe" C:\Program Files (x86)\Common Files\System\ado\de-DE\8⤵
- System policy modification
-
-
C:\Program Files (x86)\Common Files\System\ado\en-US\backup.exe"C:\Program Files (x86)\Common Files\System\ado\en-US\backup.exe" C:\Program Files (x86)\Common Files\System\ado\en-US\8⤵
-
-
C:\Program Files (x86)\Common Files\System\ado\es-ES\backup.exe"C:\Program Files (x86)\Common Files\System\ado\es-ES\backup.exe" C:\Program Files (x86)\Common Files\System\ado\es-ES\8⤵
-
-
C:\Program Files (x86)\Common Files\System\ado\fr-FR\backup.exe"C:\Program Files (x86)\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\System\ado\fr-FR\8⤵
-
-
C:\Program Files (x86)\Common Files\System\ado\it-IT\backup.exe"C:\Program Files (x86)\Common Files\System\ado\it-IT\backup.exe" C:\Program Files (x86)\Common Files\System\ado\it-IT\8⤵
-
-
C:\Program Files (x86)\Common Files\System\ado\ja-JP\backup.exe"C:\Program Files (x86)\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\System\ado\ja-JP\8⤵
-
-
-
C:\Program Files (x86)\Common Files\System\de-DE\backup.exe"C:\Program Files (x86)\Common Files\System\de-DE\backup.exe" C:\Program Files (x86)\Common Files\System\de-DE\7⤵
-
-
C:\Program Files (x86)\Common Files\System\en-US\backup.exe"C:\Program Files (x86)\Common Files\System\en-US\backup.exe" C:\Program Files (x86)\Common Files\System\en-US\7⤵
-
-
C:\Program Files (x86)\Common Files\System\es-ES\backup.exe"C:\Program Files (x86)\Common Files\System\es-ES\backup.exe" C:\Program Files (x86)\Common Files\System\es-ES\7⤵
-
-
C:\Program Files (x86)\Common Files\System\fr-FR\backup.exe"C:\Program Files (x86)\Common Files\System\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\System\fr-FR\7⤵
-
-
C:\Program Files (x86)\Common Files\System\it-IT\backup.exe"C:\Program Files (x86)\Common Files\System\it-IT\backup.exe" C:\Program Files (x86)\Common Files\System\it-IT\7⤵
-
-
C:\Program Files (x86)\Common Files\System\ja-JP\backup.exe"C:\Program Files (x86)\Common Files\System\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\System\ja-JP\7⤵
-
-
C:\Program Files (x86)\Common Files\System\msadc\backup.exe"C:\Program Files (x86)\Common Files\System\msadc\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Program Files (x86)\Common Files\System\msadc\de-DE\System Restore.exe"C:\Program Files (x86)\Common Files\System\msadc\de-DE\System Restore.exe" C:\Program Files (x86)\Common Files\System\msadc\de-DE\8⤵
- System policy modification
-
-
C:\Program Files (x86)\Common Files\System\msadc\en-US\backup.exe"C:\Program Files (x86)\Common Files\System\msadc\en-US\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\en-US\8⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Common Files\System\msadc\es-ES\backup.exe"C:\Program Files (x86)\Common Files\System\msadc\es-ES\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\es-ES\8⤵
-
-
C:\Program Files (x86)\Common Files\System\msadc\fr-FR\backup.exe"C:\Program Files (x86)\Common Files\System\msadc\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\fr-FR\8⤵
-
-
C:\Program Files (x86)\Common Files\System\msadc\it-IT\backup.exe"C:\Program Files (x86)\Common Files\System\msadc\it-IT\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\it-IT\8⤵
-
-
C:\Program Files (x86)\Common Files\System\msadc\ja-JP\backup.exe"C:\Program Files (x86)\Common Files\System\msadc\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\ja-JP\8⤵
-
-
-
C:\Program Files (x86)\Common Files\System\MSMAPI\backup.exe"C:\Program Files (x86)\Common Files\System\MSMAPI\backup.exe" C:\Program Files (x86)\Common Files\System\MSMAPI\7⤵
- System policy modification
-
C:\Program Files (x86)\Common Files\System\MSMAPI\1033\backup.exe"C:\Program Files (x86)\Common Files\System\MSMAPI\1033\backup.exe" C:\Program Files (x86)\Common Files\System\MSMAPI\1033\8⤵
- System policy modification
-
-
-
C:\Program Files (x86)\Common Files\System\Ole DB\backup.exe"C:\Program Files (x86)\Common Files\System\Ole DB\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\7⤵
-
C:\Program Files (x86)\Common Files\System\Ole DB\de-DE\backup.exe"C:\Program Files (x86)\Common Files\System\Ole DB\de-DE\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\de-DE\8⤵
-
-
C:\Program Files (x86)\Common Files\System\Ole DB\en-US\backup.exe"C:\Program Files (x86)\Common Files\System\Ole DB\en-US\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\en-US\8⤵
-
-
C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\backup.exe"C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\8⤵
-
-
C:\Program Files (x86)\Common Files\System\Ole DB\fr-FR\backup.exe"C:\Program Files (x86)\Common Files\System\Ole DB\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\fr-FR\8⤵
-
-
C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\backup.exe"C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\8⤵
-
-
C:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\backup.exe"C:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\8⤵
- System Location Discovery: System Language Discovery
-
-
-
-
-
C:\Program Files (x86)\Google\backup.exe"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\5⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Google\CrashReports\backup.exe"C:\Program Files (x86)\Google\CrashReports\backup.exe" C:\Program Files (x86)\Google\CrashReports\6⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Program Files (x86)\Google\Temp\backup.exe"C:\Program Files (x86)\Google\Temp\backup.exe" C:\Program Files (x86)\Google\Temp\6⤵
-
-
C:\Program Files (x86)\Google\Update\backup.exe"C:\Program Files (x86)\Google\Update\backup.exe" C:\Program Files (x86)\Google\Update\6⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Google\Update\1.3.36.151\backup.exe"C:\Program Files (x86)\Google\Update\1.3.36.151\backup.exe" C:\Program Files (x86)\Google\Update\1.3.36.151\7⤵
-
-
C:\Program Files (x86)\Google\Update\Download\backup.exe"C:\Program Files (x86)\Google\Update\Download\backup.exe" C:\Program Files (x86)\Google\Update\Download\7⤵
-
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\backup.exe"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\backup.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\8⤵
-
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\backup.exe"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\backup.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\9⤵
-
-
-
-
C:\Program Files (x86)\Google\Update\Install\backup.exe"C:\Program Files (x86)\Google\Update\Install\backup.exe" C:\Program Files (x86)\Google\Update\Install\7⤵
-
C:\Program Files (x86)\Google\Update\Install\{81B62077-4199-45EB-921D-6EB76AC289EE}\backup.exe"C:\Program Files (x86)\Google\Update\Install\{81B62077-4199-45EB-921D-6EB76AC289EE}\backup.exe" C:\Program Files (x86)\Google\Update\Install\{81B62077-4199-45EB-921D-6EB76AC289EE}\8⤵
-
-
-
C:\Program Files (x86)\Google\Update\Offline\backup.exe"C:\Program Files (x86)\Google\Update\Offline\backup.exe" C:\Program Files (x86)\Google\Update\Offline\7⤵
- Disables RegEdit via registry modification
-
-
-
-
C:\Program Files (x86)\Internet Explorer\backup.exe"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\5⤵
-
C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe"C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe" C:\Program Files (x86)\Internet Explorer\de-DE\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\en-US\backup.exe"C:\Program Files (x86)\Internet Explorer\en-US\backup.exe" C:\Program Files (x86)\Internet Explorer\en-US\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Program Files (x86)\Internet Explorer\es-ES\update.exe"C:\Program Files (x86)\Internet Explorer\es-ES\update.exe" C:\Program Files (x86)\Internet Explorer\es-ES\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\fr-FR\backup.exe"C:\Program Files (x86)\Internet Explorer\fr-FR\backup.exe" C:\Program Files (x86)\Internet Explorer\fr-FR\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\it-IT\backup.exe"C:\Program Files (x86)\Internet Explorer\it-IT\backup.exe" C:\Program Files (x86)\Internet Explorer\it-IT\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\ja-JP\backup.exe"C:\Program Files (x86)\Internet Explorer\ja-JP\backup.exe" C:\Program Files (x86)\Internet Explorer\ja-JP\6⤵
-
-
C:\Program Files (x86)\Internet Explorer\SIGNUP\backup.exe"C:\Program Files (x86)\Internet Explorer\SIGNUP\backup.exe" C:\Program Files (x86)\Internet Explorer\SIGNUP\6⤵
-
-
-
C:\Program Files (x86)\Microsoft Analysis Services\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\5⤵
-
C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\6⤵
-
C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\8⤵
-
-
C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\8⤵
-
C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\backup.exe"C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\9⤵
-
-
-
-
-
-
C:\Program Files (x86)\Microsoft Office\backup.exe"C:\Program Files (x86)\Microsoft Office\backup.exe" C:\Program Files (x86)\Microsoft Office\5⤵
- Drops file in Program Files directory
- System policy modification
-
C:\Program Files (x86)\Microsoft Office\CLIPART\backup.exe"C:\Program Files (x86)\Microsoft Office\CLIPART\backup.exe" C:\Program Files (x86)\Microsoft Office\CLIPART\6⤵
-
C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\backup.exe"C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\backup.exe" C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\7⤵
-
-
C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\backup.exe"C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\backup.exe" C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\7⤵
-
C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\backup.exe"C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\backup.exe" C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\8⤵
-
-
-
-
C:\Program Files (x86)\Microsoft Office\Document Themes 14\backup.exe"C:\Program Files (x86)\Microsoft Office\Document Themes 14\backup.exe" C:\Program Files (x86)\Microsoft Office\Document Themes 14\6⤵
-
C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\backup.exe"C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\backup.exe" C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\7⤵
-
-
C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\backup.exe"C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\backup.exe" C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\7⤵
-
-
C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\backup.exe"C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\backup.exe" C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\7⤵
-
-
-
C:\Program Files (x86)\Microsoft Office\MEDIA\update.exe"C:\Program Files (x86)\Microsoft Office\MEDIA\update.exe" C:\Program Files (x86)\Microsoft Office\MEDIA\6⤵
- Modifies visibility of file extensions in Explorer
- System Location Discovery: System Language Discovery
-
C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\update.exe"C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\update.exe" C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\1033\backup.exe"C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\1033\backup.exe" C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\1033\8⤵
-
-
-
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\backup.exe"C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\backup.exe" C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\7⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\1033\backup.exe"C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\1033\backup.exe" C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\1033\8⤵
-
-
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\data.exe"C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\data.exe" C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\8⤵
-
-
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\backup.exe"C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\backup.exe" C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\8⤵
-
-
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\backup.exe"C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\backup.exe" C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\8⤵
-
-
-
-
C:\Program Files (x86)\Microsoft Office\Office14\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\6⤵
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\7⤵
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\Bibliography\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\Bibliography\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\Bibliography\8⤵
-
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\8⤵
-
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\8⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\backup.exe"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\9⤵
-
-
-
-
-
C:\Program Files (x86)\Microsoft Office\Stationery\backup.exe"C:\Program Files (x86)\Microsoft Office\Stationery\backup.exe" C:\Program Files (x86)\Microsoft Office\Stationery\6⤵
-
C:\Program Files (x86)\Microsoft Office\Stationery\1033\backup.exe"C:\Program Files (x86)\Microsoft Office\Stationery\1033\backup.exe" C:\Program Files (x86)\Microsoft Office\Stationery\1033\7⤵
- Disables RegEdit via registry modification
-
-
-
-
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe"C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe" C:\Program Files (x86)\Microsoft SQL Server Compact Edition\5⤵
-
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\backup.exe"C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\backup.exe" C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\6⤵
-
C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\Desktop\backup.exe"C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\Desktop\backup.exe" C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\Desktop\7⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
C:\Program Files (x86)\Microsoft Sync Framework\backup.exe"C:\Program Files (x86)\Microsoft Sync Framework\backup.exe" C:\Program Files (x86)\Microsoft Sync Framework\5⤵
-
C:\Program Files (x86)\Microsoft Sync Framework\v1.0\update.exe"C:\Program Files (x86)\Microsoft Sync Framework\v1.0\update.exe" C:\Program Files (x86)\Microsoft Sync Framework\v1.0\6⤵
-
C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\backup.exe"C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\backup.exe" C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\7⤵
-
C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\1033\System Restore.exe"C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\1033\System Restore.exe" C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\1033\8⤵
- System Location Discovery: System Language Discovery
-
C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\1033\License Agreements\backup.exe"C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\1033\License Agreements\backup.exe" C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\1033\License Agreements\9⤵
-
-
-
-
C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\backup.exe"C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\backup.exe" C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\7⤵
- System Location Discovery: System Language Discovery
- System policy modification
-
C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\x86\update.exe"C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\x86\update.exe" C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\x86\8⤵
- System Location Discovery: System Language Discovery
-
C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\x86\resources\backup.exe"C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\x86\resources\backup.exe" C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\x86\resources\9⤵
-
C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\x86\resources\1033\backup.exe"C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\x86\resources\1033\backup.exe" C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\x86\resources\1033\10⤵
-
-
-
-
-
-
-
C:\Program Files (x86)\Microsoft Synchronization Services\backup.exe"C:\Program Files (x86)\Microsoft Synchronization Services\backup.exe" C:\Program Files (x86)\Microsoft Synchronization Services\5⤵
-
C:\Program Files (x86)\Microsoft Synchronization Services\ADO.NET\backup.exe"C:\Program Files (x86)\Microsoft Synchronization Services\ADO.NET\backup.exe" C:\Program Files (x86)\Microsoft Synchronization Services\ADO.NET\6⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Microsoft Synchronization Services\ADO.NET\v1.0\backup.exe"C:\Program Files (x86)\Microsoft Synchronization Services\ADO.NET\v1.0\backup.exe" C:\Program Files (x86)\Microsoft Synchronization Services\ADO.NET\v1.0\7⤵
-
-
-
-
C:\Program Files (x86)\Microsoft Visual Studio 8\backup.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\backup.exe" C:\Program Files (x86)\Microsoft Visual Studio 8\5⤵
-
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\backup.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\backup.exe" C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\6⤵
-
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\backup.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\backup.exe" C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\7⤵
- Disables RegEdit via registry modification
-
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\System Restore.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\System Restore.exe" C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\8⤵
-
-
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\backup.exe"C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\backup.exe" C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\8⤵
- System policy modification
-
-
-
-
-
-
C:\Users\backup.exeC:\Users\backup.exe C:\Users\4⤵
-
C:\Users\Admin\backup.exeC:\Users\Admin\backup.exe C:\Users\Admin\5⤵
-
C:\Users\Admin\Contacts\backup.exeC:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\6⤵
-
-
C:\Users\Admin\Desktop\backup.exeC:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\6⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\Documents\System Restore.exe"C:\Users\Admin\Documents\System Restore.exe" C:\Users\Admin\Documents\6⤵
-
-
C:\Users\Admin\Downloads\backup.exeC:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\6⤵
- System policy modification
-
-
C:\Users\Admin\Favorites\backup.exeC:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\6⤵
-
-
C:\Users\Admin\Links\backup.exeC:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\6⤵
-
-
C:\Users\Admin\Music\backup.exeC:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\6⤵
-
-
C:\Users\Admin\Pictures\backup.exeC:\Users\Admin\Pictures\backup.exe C:\Users\Admin\Pictures\6⤵
-
-
C:\Users\Admin\Saved Games\backup.exe"C:\Users\Admin\Saved Games\backup.exe" C:\Users\Admin\Saved Games\6⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Admin\Searches\backup.exeC:\Users\Admin\Searches\backup.exe C:\Users\Admin\Searches\6⤵
-
-
C:\Users\Admin\Videos\System Restore.exe"C:\Users\Admin\Videos\System Restore.exe" C:\Users\Admin\Videos\6⤵
-
-
-
C:\Users\Public\backup.exeC:\Users\Public\backup.exe C:\Users\Public\5⤵
-
C:\Users\Public\Documents\backup.exeC:\Users\Public\Documents\backup.exe C:\Users\Public\Documents\6⤵
-
-
C:\Users\Public\Downloads\backup.exeC:\Users\Public\Downloads\backup.exe C:\Users\Public\Downloads\6⤵
- System policy modification
-
-
C:\Users\Public\Music\backup.exeC:\Users\Public\Music\backup.exe C:\Users\Public\Music\6⤵
-
C:\Users\Public\Music\Sample Music\backup.exe"C:\Users\Public\Music\Sample Music\backup.exe" C:\Users\Public\Music\Sample Music\7⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Users\Public\Pictures\backup.exeC:\Users\Public\Pictures\backup.exe C:\Users\Public\Pictures\6⤵
-
C:\Users\Public\Pictures\Sample Pictures\backup.exe"C:\Users\Public\Pictures\Sample Pictures\backup.exe" C:\Users\Public\Pictures\Sample Pictures\7⤵
-
-
-
C:\Users\Public\Recorded TV\backup.exe"C:\Users\Public\Recorded TV\backup.exe" C:\Users\Public\Recorded TV\6⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Public\Recorded TV\Sample Media\backup.exe"C:\Users\Public\Recorded TV\Sample Media\backup.exe" C:\Users\Public\Recorded TV\Sample Media\7⤵
-
-
-
C:\Users\Public\Videos\backup.exeC:\Users\Public\Videos\backup.exe C:\Users\Public\Videos\6⤵
- System policy modification
-
C:\Users\Public\Videos\Sample Videos\System Restore.exe"C:\Users\Public\Videos\Sample Videos\System Restore.exe" C:\Users\Public\Videos\Sample Videos\7⤵
-
-
-
-
-
C:\Windows\backup.exeC:\Windows\backup.exe C:\Windows\4⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Windows directory
-
C:\Windows\addins\backup.exeC:\Windows\addins\backup.exe C:\Windows\addins\5⤵
-
-
C:\Windows\AppCompat\backup.exeC:\Windows\AppCompat\backup.exe C:\Windows\AppCompat\5⤵
-
-
C:\Windows\AppPatch\backup.exeC:\Windows\AppPatch\backup.exe C:\Windows\AppPatch\5⤵
- Drops file in Windows directory
-
C:\Windows\AppPatch\AppPatch64\backup.exeC:\Windows\AppPatch\AppPatch64\backup.exe C:\Windows\AppPatch\AppPatch64\6⤵
- Disables RegEdit via registry modification
- System Location Discovery: System Language Discovery
-
-
C:\Windows\AppPatch\Custom\backup.exeC:\Windows\AppPatch\Custom\backup.exe C:\Windows\AppPatch\Custom\6⤵
- Drops file in Windows directory
-
C:\Windows\AppPatch\Custom\Custom64\backup.exeC:\Windows\AppPatch\Custom\Custom64\backup.exe C:\Windows\AppPatch\Custom\Custom64\7⤵
-
-
-
C:\Windows\AppPatch\de-DE\backup.exeC:\Windows\AppPatch\de-DE\backup.exe C:\Windows\AppPatch\de-DE\6⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\AppPatch\en-US\backup.exeC:\Windows\AppPatch\en-US\backup.exe C:\Windows\AppPatch\en-US\6⤵
-
-
C:\Windows\AppPatch\es-ES\backup.exeC:\Windows\AppPatch\es-ES\backup.exe C:\Windows\AppPatch\es-ES\6⤵
- Disables RegEdit via registry modification
- System policy modification
-
-
C:\Windows\AppPatch\fr-FR\backup.exeC:\Windows\AppPatch\fr-FR\backup.exe C:\Windows\AppPatch\fr-FR\6⤵
-
-
C:\Windows\AppPatch\it-IT\backup.exeC:\Windows\AppPatch\it-IT\backup.exe C:\Windows\AppPatch\it-IT\6⤵
-
-
C:\Windows\AppPatch\ja-JP\backup.exeC:\Windows\AppPatch\ja-JP\backup.exe C:\Windows\AppPatch\ja-JP\6⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Windows\assembly\System Restore.exe"C:\Windows\assembly\System Restore.exe" C:\Windows\assembly\5⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC\backup.exeC:\Windows\assembly\GAC\backup.exe C:\Windows\assembly\GAC\6⤵
-
C:\Windows\assembly\GAC\ADODB\backup.exeC:\Windows\assembly\GAC\ADODB\backup.exe C:\Windows\assembly\GAC\ADODB\7⤵
-
C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\8⤵
-
-
-
C:\Windows\assembly\GAC\Extensibility\backup.exeC:\Windows\assembly\GAC\Extensibility\backup.exe C:\Windows\assembly\GAC\Extensibility\7⤵
-
C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\8⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\assembly\GAC\Microsoft.Ink\backup.exeC:\Windows\assembly\GAC\Microsoft.Ink\backup.exe C:\Windows\assembly\GAC\Microsoft.Ink\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC\Microsoft.Ink\1.0.2201.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC\Microsoft.Ink\1.0.2201.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC\Microsoft.Ink\1.0.2201.0__31bf3856ad364e35\8⤵
-
-
C:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\8⤵
-
-
-
C:\Windows\assembly\GAC\Microsoft.mshtml\backup.exeC:\Windows\assembly\GAC\Microsoft.mshtml\backup.exe C:\Windows\assembly\GAC\Microsoft.mshtml\7⤵
-
C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\8⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\assembly\GAC\Microsoft.StdFormat\backup.exeC:\Windows\assembly\GAC\Microsoft.StdFormat\backup.exe C:\Windows\assembly\GAC\Microsoft.StdFormat\7⤵
-
C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\8⤵
-
-
-
C:\Windows\assembly\GAC\mscomctl\backup.exeC:\Windows\assembly\GAC\mscomctl\backup.exe C:\Windows\assembly\GAC\mscomctl\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\8⤵
-
-
-
C:\Windows\assembly\GAC\MSDATASRC\backup.exeC:\Windows\assembly\GAC\MSDATASRC\backup.exe C:\Windows\assembly\GAC\MSDATASRC\7⤵
- Disables RegEdit via registry modification
-
C:\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\8⤵
-
-
-
C:\Windows\assembly\GAC\stdole\backup.exeC:\Windows\assembly\GAC\stdole\backup.exe C:\Windows\assembly\GAC\stdole\7⤵
- System policy modification
-
C:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\8⤵
-
-
-
-
C:\Windows\assembly\GAC_32\backup.exeC:\Windows\assembly\GAC_32\backup.exe C:\Windows\assembly\GAC_32\6⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_32\AuditPolicyGPManagedStubs.Interop\backup.exeC:\Windows\assembly\GAC_32\AuditPolicyGPManagedStubs.Interop\backup.exe C:\Windows\assembly\GAC_32\AuditPolicyGPManagedStubs.Interop\7⤵
-
C:\Windows\assembly\GAC_32\AuditPolicyGPManagedStubs.Interop\6.1.0.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_32\AuditPolicyGPManagedStubs.Interop\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\AuditPolicyGPManagedStubs.Interop\6.1.0.0__31bf3856ad364e35\8⤵
-
-
-
C:\Windows\assembly\GAC_32\BDATunePIA\backup.exeC:\Windows\assembly\GAC_32\BDATunePIA\backup.exe C:\Windows\assembly\GAC_32\BDATunePIA\7⤵
- Disables RegEdit via registry modification
- System policy modification
-
C:\Windows\assembly\GAC_32\BDATunePIA\6.1.0.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_32\BDATunePIA\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\BDATunePIA\6.1.0.0__31bf3856ad364e35\8⤵
-
-
-
C:\Windows\assembly\GAC_32\CustomMarshalers\backup.exeC:\Windows\assembly\GAC_32\CustomMarshalers\backup.exe C:\Windows\assembly\GAC_32\CustomMarshalers\7⤵
-
C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\8⤵
-
-
-
C:\Windows\assembly\GAC_32\ehexthost32\backup.exeC:\Windows\assembly\GAC_32\ehexthost32\backup.exe C:\Windows\assembly\GAC_32\ehexthost32\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\assembly\GAC_32\ehexthost32\6.1.0.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_32\ehexthost32\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\ehexthost32\6.1.0.0__31bf3856ad364e35\8⤵
-
-
-
C:\Windows\assembly\GAC_32\ISymWrapper\backup.exeC:\Windows\assembly\GAC_32\ISymWrapper\backup.exe C:\Windows\assembly\GAC_32\ISymWrapper\7⤵
-
C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\8⤵
- Disables RegEdit via registry modification
-
-
-
C:\Windows\assembly\GAC_32\mcstoredb\backup.exeC:\Windows\assembly\GAC_32\mcstoredb\backup.exe C:\Windows\assembly\GAC_32\mcstoredb\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Windows directory
- System policy modification
-
C:\Windows\assembly\GAC_32\mcstoredb\6.1.0.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_32\mcstoredb\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\mcstoredb\6.1.0.0__31bf3856ad364e35\8⤵
-
-
-
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\backup.exeC:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\backup.exe C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\6.1.0.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\6.1.0.0__31bf3856ad364e35\8⤵
-
-
-
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\backup.exeC:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\backup.exe C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_de_31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_de_31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_de_31bf3856ad364e35\8⤵
-
-
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_en_31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_en_31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_en_31bf3856ad364e35\8⤵
-
-
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_es_31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_es_31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_es_31bf3856ad364e35\8⤵
-
-
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_fr_31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_fr_31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_fr_31bf3856ad364e35\8⤵
-
-
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_it_31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_it_31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_it_31bf3856ad364e35\8⤵
-
-
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_ja_31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_ja_31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_ja_31bf3856ad364e35\8⤵
-
-
-
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.Interop\backup.exeC:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.Interop\backup.exe C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.Interop\7⤵
-
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.Interop\2.0.0.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.Interop\2.0.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.Interop\2.0.0.0__31bf3856ad364e35\8⤵
-
-
-
C:\Windows\assembly\GAC_32\Microsoft.Ink\backup.exeC:\Windows\assembly\GAC_32\Microsoft.Ink\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Ink\7⤵
-
C:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\8⤵
-
-
-
C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\backup.exeC:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\7⤵
-
C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\System Restore.exe"C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\System Restore.exe" C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\8⤵
-
-
-
C:\Windows\assembly\GAC_32\Microsoft.Office.Access.BusinessDataCatalog\backup.exeC:\Windows\assembly\GAC_32\Microsoft.Office.Access.BusinessDataCatalog\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Office.Access.BusinessDataCatalog\7⤵
-
C:\Windows\assembly\GAC_32\Microsoft.Office.Access.BusinessDataCatalog\14.0.0.0__71e9bce111e9429c\backup.exeC:\Windows\assembly\GAC_32\Microsoft.Office.Access.BusinessDataCatalog\14.0.0.0__71e9bce111e9429c\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Office.Access.BusinessDataCatalog\14.0.0.0__71e9bce111e9429c\8⤵
-
-
-
C:\Windows\assembly\GAC_32\Microsoft.Office.BusinessData\backup.exeC:\Windows\assembly\GAC_32\Microsoft.Office.BusinessData\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Office.BusinessData\7⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\assembly\GAC_32\Microsoft.Office.BusinessData\14.0.0.0__71e9bce111e9429c\backup.exeC:\Windows\assembly\GAC_32\Microsoft.Office.BusinessData\14.0.0.0__71e9bce111e9429c\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Office.BusinessData\14.0.0.0__71e9bce111e9429c\8⤵
-
-
-
C:\Windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\data.exeC:\Windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\data.exe C:\Windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\7⤵
-
C:\Windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\14.0.0.0__71e9bce111e9429c\backup.exeC:\Windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\14.0.0.0__71e9bce111e9429c\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\14.0.0.0__71e9bce111e9429c\8⤵
-
-
-
C:\Windows\assembly\GAC_32\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\backup.exeC:\Windows\assembly\GAC_32\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\7⤵
-
C:\Windows\assembly\GAC_32\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\6.1.0.0__31bf3856ad364e35\data.exeC:\Windows\assembly\GAC_32\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\6.1.0.0__31bf3856ad364e35\data.exe C:\Windows\assembly\GAC_32\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\6.1.0.0__31bf3856ad364e35\8⤵
-
-
-
-
C:\Windows\assembly\GAC_64\backup.exeC:\Windows\assembly\GAC_64\backup.exe C:\Windows\assembly\GAC_64\6⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_64\AuditPolicyGPManagedStubs.Interop\backup.exeC:\Windows\assembly\GAC_64\AuditPolicyGPManagedStubs.Interop\backup.exe C:\Windows\assembly\GAC_64\AuditPolicyGPManagedStubs.Interop\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_64\AuditPolicyGPManagedStubs.Interop\6.1.0.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_64\AuditPolicyGPManagedStubs.Interop\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_64\AuditPolicyGPManagedStubs.Interop\6.1.0.0__31bf3856ad364e35\8⤵
-
-
-
C:\Windows\assembly\GAC_64\BDATunePIA\backup.exeC:\Windows\assembly\GAC_64\BDATunePIA\backup.exe C:\Windows\assembly\GAC_64\BDATunePIA\7⤵
-
C:\Windows\assembly\GAC_64\BDATunePIA\6.1.0.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_64\BDATunePIA\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_64\BDATunePIA\6.1.0.0__31bf3856ad364e35\8⤵
-
-
-
C:\Windows\assembly\GAC_64\CustomMarshalers\backup.exeC:\Windows\assembly\GAC_64\CustomMarshalers\backup.exe C:\Windows\assembly\GAC_64\CustomMarshalers\7⤵
-
C:\Windows\assembly\GAC_64\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC_64\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_64\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\8⤵
-
-
-
C:\Windows\assembly\GAC_64\ISymWrapper\backup.exeC:\Windows\assembly\GAC_64\ISymWrapper\backup.exe C:\Windows\assembly\GAC_64\ISymWrapper\7⤵
-
C:\Windows\assembly\GAC_64\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC_64\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_64\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Windows\assembly\GAC_64\mcstoredb\backup.exeC:\Windows\assembly\GAC_64\mcstoredb\backup.exe C:\Windows\assembly\GAC_64\mcstoredb\7⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_64\mcstoredb\6.1.0.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_64\mcstoredb\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_64\mcstoredb\6.1.0.0__31bf3856ad364e35\8⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\assembly\GAC_64\mcupdate\backup.exeC:\Windows\assembly\GAC_64\mcupdate\backup.exe C:\Windows\assembly\GAC_64\mcupdate\7⤵
- Disables RegEdit via registry modification
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_64\mcupdate\6.1.0.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_64\mcupdate\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_64\mcupdate\6.1.0.0__31bf3856ad364e35\8⤵
-
-
-
C:\Windows\assembly\GAC_64\Mcx2Dvcs\update.exeC:\Windows\assembly\GAC_64\Mcx2Dvcs\update.exe C:\Windows\assembly\GAC_64\Mcx2Dvcs\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\assembly\GAC_64\Mcx2Dvcs\6.1.0.0__31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_64\Mcx2Dvcs\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_64\Mcx2Dvcs\6.1.0.0__31bf3856ad364e35\8⤵
-
-
-
C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\backup.exeC:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\backup.exe C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\7⤵
-
C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\6.1.0.0__31bf3856ad364e35\data.exeC:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\6.1.0.0__31bf3856ad364e35\data.exe C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\6.1.0.0__31bf3856ad364e35\8⤵
-
-
-
C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\backup.exeC:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\backup.exe C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_de_31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_de_31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_de_31bf3856ad364e35\8⤵
-
-
C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_en_31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_en_31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_en_31bf3856ad364e35\8⤵
-
-
C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_es_31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_es_31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_es_31bf3856ad364e35\8⤵
-
-
C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_fr_31bf3856ad364e35\backup.exeC:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_fr_31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_fr_31bf3856ad364e35\8⤵
-
-
-
-
C:\Windows\assembly\GAC_MSIL\backup.exeC:\Windows\assembly\GAC_MSIL\backup.exe C:\Windows\assembly\GAC_MSIL\6⤵
-
C:\Windows\assembly\GAC_MSIL\Accessibility\backup.exeC:\Windows\assembly\GAC_MSIL\Accessibility\backup.exe C:\Windows\assembly\GAC_MSIL\Accessibility\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\8⤵
- System policy modification
-
-
-
C:\Windows\assembly\GAC_MSIL\ComSvcConfig\backup.exeC:\Windows\assembly\GAC_MSIL\ComSvcConfig\backup.exe C:\Windows\assembly\GAC_MSIL\ComSvcConfig\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\GAC_MSIL\ComSvcConfig\3.0.0.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC_MSIL\ComSvcConfig\3.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_MSIL\ComSvcConfig\3.0.0.0__b03f5f7f11d50a3a\8⤵
-
-
-
C:\Windows\assembly\GAC_MSIL\cscompmgd\backup.exeC:\Windows\assembly\GAC_MSIL\cscompmgd\backup.exe C:\Windows\assembly\GAC_MSIL\cscompmgd\7⤵
-
C:\Windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\8⤵
-
-
-
C:\Windows\assembly\GAC_MSIL\dfsvc\backup.exeC:\Windows\assembly\GAC_MSIL\dfsvc\backup.exe C:\Windows\assembly\GAC_MSIL\dfsvc\7⤵
-
C:\Windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\backup.exeC:\Windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\8⤵
-
-
-
C:\Windows\assembly\GAC_MSIL\ehCIR\backup.exeC:\Windows\assembly\GAC_MSIL\ehCIR\backup.exe C:\Windows\assembly\GAC_MSIL\ehCIR\7⤵
-
-
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\backup.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\backup.exe C:\Windows\assembly\NativeImages_v2.0.50727_32\6⤵
- Drops file in Windows directory
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\backup.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\backup.exe C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\7⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9859a6e0562f64eacfb8ad76f260a2d6\backup.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9859a6e0562f64eacfb8ad76f260a2d6\backup.exe C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9859a6e0562f64eacfb8ad76f260a2d6\8⤵
- System Location Discovery: System Language Discovery
- System policy modification
-
-
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\AuditPolicyGPManage#\backup.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\AuditPolicyGPManage#\backup.exe C:\Windows\assembly\NativeImages_v2.0.50727_32\AuditPolicyGPManage#\7⤵
- Disables RegEdit via registry modification
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\AuditPolicyGPManage#\a0a453714c9ec8d6954490f711f5158a\backup.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\AuditPolicyGPManage#\a0a453714c9ec8d6954490f711f5158a\backup.exe C:\Windows\assembly\NativeImages_v2.0.50727_32\AuditPolicyGPManage#\a0a453714c9ec8d6954490f711f5158a\8⤵
-
-
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\backup.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\backup.exe C:\Windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\2823d3be9334fea94dce8001b247589b\backup.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\2823d3be9334fea94dce8001b247589b\backup.exe C:\Windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\2823d3be9334fea94dce8001b247589b\8⤵
- Disables RegEdit via registry modification
-
-
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\data.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\data.exe C:\Windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\7⤵
- Disables RegEdit via registry modification
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\5f1a06c0108b2c81cde1dc491d74043d\backup.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\5f1a06c0108b2c81cde1dc491d74043d\backup.exe C:\Windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\5f1a06c0108b2c81cde1dc491d74043d\8⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\backup.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\backup.exe C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\7⤵
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\bf7e7494e75e32979c7824a07570a8a9\backup.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\bf7e7494e75e32979c7824a07570a8a9\backup.exe C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\bf7e7494e75e32979c7824a07570a8a9\8⤵
-
-
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\dfsvc\backup.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\dfsvc\backup.exe C:\Windows\assembly\NativeImages_v2.0.50727_32\dfsvc\7⤵
-
C:\Windows\assembly\NativeImages_v2.0.50727_32\dfsvc\2c3e7fda8de40e45e7f5e004094dc7c9\backup.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\dfsvc\2c3e7fda8de40e45e7f5e004094dc7c9\backup.exe C:\Windows\assembly\NativeImages_v2.0.50727_32\dfsvc\2c3e7fda8de40e45e7f5e004094dc7c9\8⤵
-
-
-
-
C:\Windows\assembly\NativeImages_v2.0.50727_64\backup.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\backup.exe C:\Windows\assembly\NativeImages_v2.0.50727_64\6⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
-
C:\Windows\assembly\NativeImages_v2.0.50727_64\Accessibility\backup.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\Accessibility\backup.exe C:\Windows\assembly\NativeImages_v2.0.50727_64\Accessibility\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\NativeImages_v2.0.50727_64\Accessibility\b03641c39929ad202f0c3a9a64b93d86\data.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\Accessibility\b03641c39929ad202f0c3a9a64b93d86\data.exe C:\Windows\assembly\NativeImages_v2.0.50727_64\Accessibility\b03641c39929ad202f0c3a9a64b93d86\8⤵
-
-
-
C:\Windows\assembly\NativeImages_v2.0.50727_64\AuditPolicyGPManage#\backup.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\AuditPolicyGPManage#\backup.exe C:\Windows\assembly\NativeImages_v2.0.50727_64\AuditPolicyGPManage#\7⤵
-
C:\Windows\assembly\NativeImages_v2.0.50727_64\AuditPolicyGPManage#\ce8c100b866ac8facc1902286aede990\backup.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\AuditPolicyGPManage#\ce8c100b866ac8facc1902286aede990\backup.exe C:\Windows\assembly\NativeImages_v2.0.50727_64\AuditPolicyGPManage#\ce8c100b866ac8facc1902286aede990\8⤵
-
-
-
C:\Windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\backup.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\backup.exe C:\Windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\7⤵
- Disables RegEdit via registry modification
-
C:\Windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\13385391832b7c36af9306baeb570e57\backup.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\13385391832b7c36af9306baeb570e57\backup.exe C:\Windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\13385391832b7c36af9306baeb570e57\8⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\backup.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\backup.exe C:\Windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\7⤵
- System policy modification
-
C:\Windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\d632b7434f821829827657e23ac98589\backup.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\d632b7434f821829827657e23ac98589\backup.exe C:\Windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\d632b7434f821829827657e23ac98589\8⤵
-
-
-
-
C:\Windows\assembly\NativeImages_v4.0.30319_32\backup.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\backup.exe C:\Windows\assembly\NativeImages_v4.0.30319_32\6⤵
-
C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\data.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\data.exe C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\7⤵
- Drops file in Windows directory
-
C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\bbbbd997a1621cf1e739f922fe653459\System Restore.exe"C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\bbbbd997a1621cf1e739f922fe653459\System Restore.exe" C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\bbbbd997a1621cf1e739f922fe653459\8⤵
-
-
-
C:\Windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\data.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\data.exe C:\Windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\7⤵
-
C:\Windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\5857dbc9f0d3cb3364728ec72497ece9\backup.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\5857dbc9f0d3cb3364728ec72497ece9\backup.exe C:\Windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\5857dbc9f0d3cb3364728ec72497ece9\8⤵
-
-
-
C:\Windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\backup.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\backup.exe C:\Windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\7⤵
-
-
-
C:\Windows\assembly\NativeImages_v4.0.30319_64\backup.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\backup.exe C:\Windows\assembly\NativeImages_v4.0.30319_64\6⤵
- Drops file in Windows directory
-
C:\Windows\assembly\NativeImages_v4.0.30319_64\Accessibility\backup.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Accessibility\backup.exe C:\Windows\assembly\NativeImages_v4.0.30319_64\Accessibility\7⤵
- Drops file in Windows directory
-
-
-
-
C:\Windows\Branding\backup.exeC:\Windows\Branding\backup.exe C:\Windows\Branding\5⤵
-
C:\Windows\Branding\Basebrd\backup.exeC:\Windows\Branding\Basebrd\backup.exe C:\Windows\Branding\Basebrd\6⤵
- Modifies visibility of file extensions in Explorer
- Drops file in Windows directory
-
C:\Windows\Branding\Basebrd\de-DE\backup.exeC:\Windows\Branding\Basebrd\de-DE\backup.exe C:\Windows\Branding\Basebrd\de-DE\7⤵
-
-
C:\Windows\Branding\Basebrd\en-US\backup.exeC:\Windows\Branding\Basebrd\en-US\backup.exe C:\Windows\Branding\Basebrd\en-US\7⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\Branding\Basebrd\es-ES\backup.exeC:\Windows\Branding\Basebrd\es-ES\backup.exe C:\Windows\Branding\Basebrd\es-ES\7⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\Branding\Basebrd\fr-FR\update.exeC:\Windows\Branding\Basebrd\fr-FR\update.exe C:\Windows\Branding\Basebrd\fr-FR\7⤵
-
-
C:\Windows\Branding\Basebrd\it-IT\backup.exeC:\Windows\Branding\Basebrd\it-IT\backup.exe C:\Windows\Branding\Basebrd\it-IT\7⤵
-
-
C:\Windows\Branding\Basebrd\ja-JP\backup.exeC:\Windows\Branding\Basebrd\ja-JP\backup.exe C:\Windows\Branding\Basebrd\ja-JP\7⤵
-
-
-
C:\Windows\Branding\ShellBrd\backup.exeC:\Windows\Branding\ShellBrd\backup.exe C:\Windows\Branding\ShellBrd\6⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Windows\CSC\backup.exeC:\Windows\CSC\backup.exe C:\Windows\CSC\5⤵
-
-
C:\Windows\Cursors\backup.exeC:\Windows\Cursors\backup.exe C:\Windows\Cursors\5⤵
-
-
C:\Windows\debug\backup.exeC:\Windows\debug\backup.exe C:\Windows\debug\5⤵
- Drops file in Windows directory
-
C:\Windows\debug\WIA\backup.exeC:\Windows\debug\WIA\backup.exe C:\Windows\debug\WIA\6⤵
-
-
-
C:\Windows\de-DE\backup.exeC:\Windows\de-DE\backup.exe C:\Windows\de-DE\5⤵
-
-
C:\Windows\DigitalLocker\backup.exeC:\Windows\DigitalLocker\backup.exe C:\Windows\DigitalLocker\5⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
-
C:\Windows\DigitalLocker\de-DE\backup.exeC:\Windows\DigitalLocker\de-DE\backup.exe C:\Windows\DigitalLocker\de-DE\6⤵
-
-
C:\Windows\DigitalLocker\en-US\backup.exeC:\Windows\DigitalLocker\en-US\backup.exe C:\Windows\DigitalLocker\en-US\6⤵
-
-
C:\Windows\DigitalLocker\es-ES\backup.exeC:\Windows\DigitalLocker\es-ES\backup.exe C:\Windows\DigitalLocker\es-ES\6⤵
-
-
C:\Windows\DigitalLocker\fr-FR\backup.exeC:\Windows\DigitalLocker\fr-FR\backup.exe C:\Windows\DigitalLocker\fr-FR\6⤵
-
-
C:\Windows\DigitalLocker\it-IT\backup.exeC:\Windows\DigitalLocker\it-IT\backup.exe C:\Windows\DigitalLocker\it-IT\6⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\DigitalLocker\ja-JP\backup.exeC:\Windows\DigitalLocker\ja-JP\backup.exe C:\Windows\DigitalLocker\ja-JP\6⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Windows\Downloaded Program Files\backup.exe"C:\Windows\Downloaded Program Files\backup.exe" C:\Windows\Downloaded Program Files\5⤵
-
-
C:\Windows\ehome\backup.exeC:\Windows\ehome\backup.exe C:\Windows\ehome\5⤵
- Drops file in Windows directory
-
C:\Windows\ehome\CreateDisc\backup.exeC:\Windows\ehome\CreateDisc\backup.exe C:\Windows\ehome\CreateDisc\6⤵
- Drops file in Windows directory
-
C:\Windows\ehome\CreateDisc\Components\backup.exeC:\Windows\ehome\CreateDisc\Components\backup.exe C:\Windows\ehome\CreateDisc\Components\7⤵
-
C:\Windows\ehome\CreateDisc\Components\tables\backup.exeC:\Windows\ehome\CreateDisc\Components\tables\backup.exe C:\Windows\ehome\CreateDisc\Components\tables\8⤵
-
-
-
C:\Windows\ehome\CreateDisc\Filters\backup.exeC:\Windows\ehome\CreateDisc\Filters\backup.exe C:\Windows\ehome\CreateDisc\Filters\7⤵
-
-
C:\Windows\ehome\CreateDisc\SFXPlugins\backup.exeC:\Windows\ehome\CreateDisc\SFXPlugins\backup.exe C:\Windows\ehome\CreateDisc\SFXPlugins\7⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Windows\ehome\CreateDisc\SonicResources\backup.exeC:\Windows\ehome\CreateDisc\SonicResources\backup.exe C:\Windows\ehome\CreateDisc\SonicResources\7⤵
-
-
C:\Windows\ehome\CreateDisc\style\backup.exeC:\Windows\ehome\CreateDisc\style\backup.exe C:\Windows\ehome\CreateDisc\style\7⤵
-
-
C:\Windows\ehome\CreateDisc\Styles\backup.exeC:\Windows\ehome\CreateDisc\Styles\backup.exe C:\Windows\ehome\CreateDisc\Styles\7⤵
- Drops file in Windows directory
-
C:\Windows\ehome\CreateDisc\Styles\NTSC\System Restore.exe"C:\Windows\ehome\CreateDisc\Styles\NTSC\System Restore.exe" C:\Windows\ehome\CreateDisc\Styles\NTSC\8⤵
-
C:\Windows\ehome\CreateDisc\Styles\NTSC\Symphony\backup.exeC:\Windows\ehome\CreateDisc\Styles\NTSC\Symphony\backup.exe C:\Windows\ehome\CreateDisc\Styles\NTSC\Symphony\9⤵
-
-
-
-
-
C:\Windows\ehome\de-DE\System Restore.exe"C:\Windows\ehome\de-DE\System Restore.exe" C:\Windows\ehome\de-DE\6⤵
-
-
C:\Windows\ehome\en-US\backup.exeC:\Windows\ehome\en-US\backup.exe C:\Windows\ehome\en-US\6⤵
-
-
C:\Windows\ehome\es-ES\backup.exeC:\Windows\ehome\es-ES\backup.exe C:\Windows\ehome\es-ES\6⤵
- System policy modification
-
-
C:\Windows\ehome\fr-FR\backup.exeC:\Windows\ehome\fr-FR\backup.exe C:\Windows\ehome\fr-FR\6⤵
-
-
C:\Windows\ehome\it-IT\backup.exeC:\Windows\ehome\it-IT\backup.exe C:\Windows\ehome\it-IT\6⤵
-
-
-
C:\Windows\en-US\System Restore.exe"C:\Windows\en-US\System Restore.exe" C:\Windows\en-US\5⤵
-
-
C:\Windows\es-ES\data.exeC:\Windows\es-ES\data.exe C:\Windows\es-ES\5⤵
-
-
C:\Windows\Fonts\backup.exeC:\Windows\Fonts\backup.exe C:\Windows\Fonts\5⤵
- Disables RegEdit via registry modification
-
-
C:\Windows\fr-FR\backup.exeC:\Windows\fr-FR\backup.exe C:\Windows\fr-FR\5⤵
-
-
C:\Windows\Globalization\backup.exeC:\Windows\Globalization\backup.exe C:\Windows\Globalization\5⤵
- Drops file in Windows directory
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exeC:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\Low\backup.exeC:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.activedir..anagement.resources_31bf3856ad364e35_6.1.7601.17514_es-es_5d22d1b0b459e72e\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.activedir..anagement.resources_31bf3856ad364e35_6.1.7601.17514_es-es_5d22d1b0b459e72e\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.activedir..anagement.resources_31bf3856ad364e35_6.1.7601.17514_es-es_5d22d1b0b459e72e\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.activedir..bservices.resources_31bf3856ad364e35_6.1.7601.17514_es-es_87fa7a898fe0796f\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.activedir..bservices.resources_31bf3856ad364e35_6.1.7601.17514_es-es_87fa7a898fe0796f\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.activedir..bservices.resources_31bf3856ad364e35_6.1.7601.17514_es-es_87fa7a898fe0796f\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.activedir..es.shared.resources_31bf3856ad364e35_6.1.7601.17514_es-es_31dc778ed7dbadb0\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.activedir..es.shared.resources_31bf3856ad364e35_6.1.7601.17514_es-es_31dc778ed7dbadb0\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.activedir..es.shared.resources_31bf3856ad364e35_6.1.7601.17514_es-es_31dc778ed7dbadb0\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.backgroun..nt.module.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e0b30dfb1f99fa95\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.backgroun..nt.module.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e0b30dfb1f99fa95\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.backgroun..nt.module.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e0b30dfb1f99fa95\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.grouppoli..mpleditor.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e893ac674fdb5847\update.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.grouppoli..mpleditor.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e893ac674fdb5847\update.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.grouppoli..mpleditor.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e893ac674fdb5847\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.grouppoli..mpleditor.resources_31bf3856ad364e35_6.1.7601.17514_es-es_eac4c02f4cc9dbe1\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.grouppoli..mpleditor.resources_31bf3856ad364e35_6.1.7601.17514_es-es_eac4c02f4cc9dbe1\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.grouppoli..mpleditor.resources_31bf3856ad364e35_6.1.7601.17514_es-es_eac4c02f4cc9dbe1\4⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.grouppoli..t.interop.resources_31bf3856ad364e35_6.1.7601.17514_es-es_e23875de650486d3\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.grouppoli..t.interop.resources_31bf3856ad364e35_6.1.7601.17514_es-es_e23875de650486d3\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.grouppoli..t.interop.resources_31bf3856ad364e35_6.1.7601.17514_es-es_e23875de650486d3\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.security...icyengine.resources_31bf3856ad364e35_6.1.7600.16385_es-es_03e774f8a3cfd864\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.security...icyengine.resources_31bf3856ad364e35_6.1.7600.16385_es-es_03e774f8a3cfd864\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.security...icyengine.resources_31bf3856ad364e35_6.1.7600.16385_es-es_03e774f8a3cfd864\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_es-es_ba219eb584c68561\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_es-es_ba219eb584c68561\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_es-es_ba219eb584c68561\4⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_es-es_103af8cc43d0a688\data.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_es-es_103af8cc43d0a688\data.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_es-es_103af8cc43d0a688\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.d..ackmodule.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b65fadb214ac7473\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.d..ackmodule.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b65fadb214ac7473\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.d..ackmodule.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b65fadb214ac7473\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_03780b3ea2ede9ef\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_03780b3ea2ede9ef\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_03780b3ea2ede9ef\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_07e11d96b1593625\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_07e11d96b1593625\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_07e11d96b1593625\4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_2bdf2a1139ce5a7d\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_2bdf2a1139ce5a7d\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_2bdf2a1139ce5a7d\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7f9b0c391f93b6e6\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7f9b0c391f93b6e6\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7f9b0c391f93b6e6\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a35c4d2dad059433\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a35c4d2dad059433\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a35c4d2dad059433\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_bde555fd45a79eb9\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_bde555fd45a79eb9\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_bde555fd45a79eb9\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c94ff0f7345728e3\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c94ff0f7345728e3\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c94ff0f7345728e3\4⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d621267d77d470ce\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d621267d77d470ce\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.h..iverclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d621267d77d470ce\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.s..ermanager.resources_31bf3856ad364e35_6.1.7601.17514_es-es_acc778d1ef5e3ee3\data.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.s..ermanager.resources_31bf3856ad364e35_6.1.7601.17514_es-es_acc778d1ef5e3ee3\data.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.s..ermanager.resources_31bf3856ad364e35_6.1.7601.17514_es-es_acc778d1ef5e3ee3\4⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.s..rt_driver.resources_31bf3856ad364e35_6.1.7600.16385_es-es_acbf87420a757a33\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.s..rt_driver.resources_31bf3856ad364e35_6.1.7600.16385_es-es_acbf87420a757a33\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.s..rt_driver.resources_31bf3856ad364e35_6.1.7600.16385_es-es_acbf87420a757a33\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.winhttp.resources_31bf3856ad364e35_6.0.7600.16385_es-es_992b92a25f851dba\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.winhttp.resources_31bf3856ad364e35_6.0.7600.16385_es-es_992b92a25f851dba\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft.windows.winhttp.resources_31bf3856ad364e35_6.0.7600.16385_es-es_992b92a25f851dba\4⤵
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windowsdx..xperience.resources_31bf3856ad364e35_6.1.7600.16385_es-es_47ba3aee382d34b3\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windowsdx..xperience.resources_31bf3856ad364e35_6.1.7600.16385_es-es_47ba3aee382d34b3\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windowsdx..xperience.resources_31bf3856ad364e35_6.1.7600.16385_es-es_47ba3aee382d34b3\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6a6dae8166284ac8\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6a6dae8166284ac8\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6a6dae8166284ac8\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..leshooter.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e0b202a4da037729\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..leshooter.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e0b202a4da037729\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..leshooter.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e0b202a4da037729\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..l-helpchm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_06e8222b977ee0d6\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..l-helpchm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_06e8222b977ee0d6\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..l-helpchm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_06e8222b977ee0d6\4⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..ll-events.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3ea9498b74297fac\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..ll-events.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3ea9498b74297fac\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..ll-events.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3ea9498b74297fac\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\update.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\update.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..l-message.resources_31bf3856ad364e35_6.1.7600.16385_es-es_9c2c816edcf094ba\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..l-message.resources_31bf3856ad364e35_6.1.7600.16385_es-es_9c2c816edcf094ba\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..l-message.resources_31bf3856ad364e35_6.1.7600.16385_es-es_9c2c816edcf094ba\4⤵
- Disables RegEdit via registry modification
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6e64e1c333d9a87d\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6e64e1c333d9a87d\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6e64e1c333d9a87d\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..lprinting.resources_31bf3856ad364e35_6.1.7600.16385_es-es_cbac995d886cf4fd\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..lprinting.resources_31bf3856ad364e35_6.1.7600.16385_es-es_cbac995d886cf4fd\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..lprinting.resources_31bf3856ad364e35_6.1.7600.16385_es-es_cbac995d886cf4fd\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..lsservice.resources_31bf3856ad364e35_6.1.7600.16385_es-es_333aedcfb7a0ebd7\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..lsservice.resources_31bf3856ad364e35_6.1.7600.16385_es-es_333aedcfb7a0ebd7\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..lsservice.resources_31bf3856ad364e35_6.1.7600.16385_es-es_333aedcfb7a0ebd7\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..migration.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d60900fa278f838a\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..migration.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d60900fa278f838a\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..migration.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d60900fa278f838a\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..mmandline.resources_31bf3856ad364e35_6.1.7600.16385_es-es_4a38206629c26305\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..mmandline.resources_31bf3856ad364e35_6.1.7600.16385_es-es_4a38206629c26305\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..mmandline.resources_31bf3856ad364e35_6.1.7600.16385_es-es_4a38206629c26305\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..n-cmdline.resources_31bf3856ad364e35_6.1.7600.16385_es-es_922ed88ee5a660d1\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..n-cmdline.resources_31bf3856ad364e35_6.1.7600.16385_es-es_922ed88ee5a660d1\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..n-cmdline.resources_31bf3856ad364e35_6.1.7600.16385_es-es_922ed88ee5a660d1\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..ndprintui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_2eb2f4087360ed21\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..ndprintui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_2eb2f4087360ed21\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..ndprintui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_2eb2f4087360ed21\4⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..ndservice.resources_31bf3856ad364e35_6.1.7600.16385_es-es_32a449fa7cd9b107\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..ndservice.resources_31bf3856ad364e35_6.1.7600.16385_es-es_32a449fa7cd9b107\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..ndservice.resources_31bf3856ad364e35_6.1.7600.16385_es-es_32a449fa7cd9b107\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..ndservice.resources_31bf3856ad364e35_6.1.7601.17514_es-es_34d55dc279c834a1\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..ndservice.resources_31bf3856ad364e35_6.1.7601.17514_es-es_34d55dc279c834a1\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..ndservice.resources_31bf3856ad364e35_6.1.7601.17514_es-es_34d55dc279c834a1\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..ng-client.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0b32e1cbabdc002d\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..ng-client.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0b32e1cbabdc002d\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..ng-client.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0b32e1cbabdc002d\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..ng-oleprn.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ea53b341a53f805\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..ng-oleprn.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ea53b341a53f805\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..ng-oleprn.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ea53b341a53f805\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..ng-wizard.resources_31bf3856ad364e35_6.1.7600.16385_es-es_95954cff3f008af1\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..ng-wizard.resources_31bf3856ad364e35_6.1.7600.16385_es-es_95954cff3f008af1\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..ng-wizard.resources_31bf3856ad364e35_6.1.7600.16385_es-es_95954cff3f008af1\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..noverride.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f23478cc4df1394f\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..noverride.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f23478cc4df1394f\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..noverride.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f23478cc4df1394f\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..ntservice.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6c223ab5542ecf69\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..ntservice.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6c223ab5542ecf69\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..ntservice.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6c223ab5542ecf69\4⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..oler-core.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8397ae911b4db071\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..oler-core.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8397ae911b4db071\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..oler-core.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8397ae911b4db071\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..onhandler.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3debeaf9d96546f3\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..onhandler.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3debeaf9d96546f3\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..onhandler.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3debeaf9d96546f3\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..onmanager.resources_31bf3856ad364e35_6.1.7600.16385_es-es_59ec142e647e499e\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..onmanager.resources_31bf3856ad364e35_6.1.7600.16385_es-es_59ec142e647e499e\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..onmanager.resources_31bf3856ad364e35_6.1.7600.16385_es-es_59ec142e647e499e\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..ooler-ppc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_568a3676e9cb435f\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..ooler-ppc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_568a3676e9cb435f\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..ooler-ppc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_568a3676e9cb435f\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..opeerbase.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d703ce9992bb9de9\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..opeerbase.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d703ce9992bb9de9\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..opeerbase.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d703ce9992bb9de9\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..opeerpnrp.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f6bb96a7ba15910c\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..opeerpnrp.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f6bb96a7ba15910c\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..opeerpnrp.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f6bb96a7ba15910c\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..orkclient.resources_31bf3856ad364e35_6.1.7600.16385_es-es_154d6207d08820df\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..orkclient.resources_31bf3856ad364e35_6.1.7600.16385_es-es_154d6207d08820df\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..orkclient.resources_31bf3856ad364e35_6.1.7600.16385_es-es_154d6207d08820df\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..peeradmin.resources_31bf3856ad364e35_6.1.7600.16385_es-es_71694d3c0758d05f\System Restore.exe"C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..peeradmin.resources_31bf3856ad364e35_6.1.7600.16385_es-es_71694d3c0758d05f\System Restore.exe" C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..peeradmin.resources_31bf3856ad364e35_6.1.7600.16385_es-es_71694d3c0758d05f\4⤵
- Disables RegEdit via registry modification
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..reensaver.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6c9761ceea1e3388\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..reensaver.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6c9761ceea1e3388\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..reensaver.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6c9761ceea1e3388\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..rgraphing.resources_31bf3856ad364e35_6.1.7600.16385_es-es_72a54dc2d9272600\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..rgraphing.resources_31bf3856ad364e35_6.1.7600.16385_es-es_72a54dc2d9272600\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..rgraphing.resources_31bf3856ad364e35_6.1.7600.16385_es-es_72a54dc2d9272600\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..rgrouping.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ea5bc8b4d8e6a4d7\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..rgrouping.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ea5bc8b4d8e6a4d7\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..rgrouping.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ea5bc8b4d8e6a4d7\4⤵
- Modifies visibility of file extensions in Explorer
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..rolspanel.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c6eafc8ed3c38ab2\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..rolspanel.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c6eafc8ed3c38ab2\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..rolspanel.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c6eafc8ed3c38ab2\4⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..rpautoreg.resources_31bf3856ad364e35_6.1.7600.16385_es-es_da4c7c5db0e22add\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..rpautoreg.resources_31bf3856ad364e35_6.1.7600.16385_es-es_da4c7c5db0e22add\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..rpautoreg.resources_31bf3856ad364e35_6.1.7600.16385_es-es_da4c7c5db0e22add\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..rtmonitor.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a2e2a10f9181ebc6\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..rtmonitor.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a2e2a10f9181ebc6\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..rtmonitor.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a2e2a10f9181ebc6\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..rtmonitor.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b0fb0851370c0513\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..rtmonitor.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b0fb0851370c0513\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..rtmonitor.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b0fb0851370c0513\4⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..rtmonitor.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d64324541520a364\System Restore.exe"C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..rtmonitor.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d64324541520a364\System Restore.exe" C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..rtmonitor.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d64324541520a364\4⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..shell-mui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_9ca9b40f90079c50\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..shell-mui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_9ca9b40f90079c50\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..shell-mui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_9ca9b40f90079c50\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..sions-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_194039000e7ad3f0\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..sions-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_194039000e7ad3f0\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..sions-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_194039000e7ad3f0\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..snonwinpe.resources_31bf3856ad364e35_6.1.7600.16385_es-es_9f3fa15008a01dc3\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..snonwinpe.resources_31bf3856ad364e35_6.1.7600.16385_es-es_9f3fa15008a01dc3\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..snonwinpe.resources_31bf3856ad364e35_6.1.7600.16385_es-es_9f3fa15008a01dc3\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..ssettings.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a4ec92544ecf016d\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..ssettings.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a4ec92544ecf016d\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..ssettings.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a4ec92544ecf016d\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..st-common.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c651f525f5764e2f\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..st-common.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c651f525f5764e2f\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..st-common.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c651f525f5764e2f\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..stics-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_28f920d2b604bbde\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..stics-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_28f920d2b604bbde\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..stics-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_28f920d2b604bbde\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..structure.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c0dcaa2ad5c24a80\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..structure.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c0dcaa2ad5c24a80\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..structure.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c0dcaa2ad5c24a80\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..tcpmondll.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7ad25ea6a3f9f793\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..tcpmondll.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7ad25ea6a3f9f793\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..tcpmondll.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7ad25ea6a3f9f793\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..topeerdrt.resources_31bf3856ad364e35_6.1.7600.16385_es-es_81aff0275b7ad50e\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..topeerdrt.resources_31bf3856ad364e35_6.1.7600.16385_es-es_81aff0275b7ad50e\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..topeerdrt.resources_31bf3856ad364e35_6.1.7600.16385_es-es_81aff0275b7ad50e\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..track-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c108b5c831ff8a60\System Restore.exe"C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..track-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c108b5c831ff8a60\System Restore.exe" C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..track-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c108b5c831ff8a60\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..trols-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_eccc1389986bccf5\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..trols-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_eccc1389986bccf5\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..trols-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_eccc1389986bccf5\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..ui-pmcppc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ac6ed8cbdf793fd9\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..ui-pmcppc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ac6ed8cbdf793fd9\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..ui-pmcppc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ac6ed8cbdf793fd9\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..utilities.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e7fc600777ea8426\data.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..utilities.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e7fc600777ea8426\data.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..utilities.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e7fc600777ea8426\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..ystem-web.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0c773247e275eda3\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..ystem-web.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0c773247e275eda3\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p..ystem-web.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0c773247e275eda3\4⤵
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-packager.resources_31bf3856ad364e35_6.1.7600.16385_es-es_411aa9f4b09eb749\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-packager.resources_31bf3856ad364e35_6.1.7600.16385_es-es_411aa9f4b09eb749\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-packager.resources_31bf3856ad364e35_6.1.7600.16385_es-es_411aa9f4b09eb749\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-pcw.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f229efa5217029d5\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-pcw.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f229efa5217029d5\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-pcw.resources_31bf3856ad364e35_6.1.7600.16385_es-es_f229efa5217029d5\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-peerdist.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6c850f9f4dfcf38d\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-peerdist.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6c850f9f4dfcf38d\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-peerdist.resources_31bf3856ad364e35_6.1.7600.16385_es-es_6c850f9f4dfcf38d\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-peerdist-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_cf2b4ab65354aace\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-peerdist-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_cf2b4ab65354aace\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-peerdist-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_cf2b4ab65354aace\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-performance.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a273bea4319a4a31\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-performance.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a273bea4319a4a31\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-performance.resources_31bf3856ad364e35_6.1.7600.16385_es-es_a273bea4319a4a31\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-photoacquire.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3df9b05c2118c9ff\System Restore.exe"C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-photoacquire.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3df9b05c2118c9ff\System Restore.exe" C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-photoacquire.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3df9b05c2118c9ff\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-photosamples.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e21c565bbeaf3080\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-photosamples.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e21c565bbeaf3080\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-photosamples.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e21c565bbeaf3080\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-photoviewer.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7b1f128950226b23\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-photoviewer.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7b1f128950226b23\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-photoviewer.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7b1f128950226b23\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-pnphotplugui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8ee675112ba74f3a\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-pnphotplugui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8ee675112ba74f3a\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-pnphotplugui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8ee675112ba74f3a\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-pnphotplugui.resources_31bf3856ad364e35_6.1.7601.17514_es-es_911788d92895d2d4\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-pnphotplugui.resources_31bf3856ad364e35_6.1.7601.17514_es-es_911788d92895d2d4\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-pnphotplugui.resources_31bf3856ad364e35_6.1.7601.17514_es-es_911788d92895d2d4\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-pnpibs.resources_31bf3856ad364e35_6.1.7600.16385_es-es_574d9547b649a60b\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-pnpibs.resources_31bf3856ad364e35_6.1.7600.16385_es-es_574d9547b649a60b\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-pnpibs.resources_31bf3856ad364e35_6.1.7600.16385_es-es_574d9547b649a60b\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-pnpsysprep.resources_31bf3856ad364e35_6.1.7600.16385_es-es_2cde09294fddea9b\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-pnpsysprep.resources_31bf3856ad364e35_6.1.7600.16385_es-es_2cde09294fddea9b\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-pnpsysprep.resources_31bf3856ad364e35_6.1.7600.16385_es-es_2cde09294fddea9b\4⤵
- Disables RegEdit via registry modification
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-pnpui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_24bc52f18237beed\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-pnpui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_24bc52f18237beed\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-pnpui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_24bc52f18237beed\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-pnputil.resources_31bf3856ad364e35_6.1.7600.16385_es-es_386df6d3cff9c365\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-pnputil.resources_31bf3856ad364e35_6.1.7600.16385_es-es_386df6d3cff9c365\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-pnputil.resources_31bf3856ad364e35_6.1.7600.16385_es-es_386df6d3cff9c365\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-power-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c4ca151a686554f1\data.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-power-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c4ca151a686554f1\data.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-power-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c4ca151a686554f1\4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-powercfg.resources_31bf3856ad364e35_6.1.7600.16385_es-es_84baad62842af330\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-powercfg.resources_31bf3856ad364e35_6.1.7600.16385_es-es_84baad62842af330\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-powercfg.resources_31bf3856ad364e35_6.1.7600.16385_es-es_84baad62842af330\4⤵
- Power Settings
-
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000007\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000007\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000007\3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000008\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000008\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000008\3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000009\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000009\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000009\3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-0000000a\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-0000000a\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-0000000a\3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-0000000b\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-0000000b\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-0000000b\3⤵
- Modifies visibility of file extensions in Explorer
- System policy modification
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-0000000c\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-0000000c\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-0000000c\3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-0000000d\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-0000000d\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-0000000d\3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-0000000e\backup.exeC:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-0000000e\backup.exe C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-0000000e\3⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exeC:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\VBE\backup.exeC:\Users\Admin\AppData\Local\Temp\VBE\backup.exe C:\Users\Admin\AppData\Local\Temp\VBE\2⤵
- Disables RegEdit via registry modification
-
-
C:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exeC:\Users\Admin\AppData\Local\Temp\WPDNSE\backup.exe C:\Users\Admin\AppData\Local\Temp\WPDNSE\2⤵
-
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}1⤵
Network
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
60KB
MD502df822efa40bf03b0dbe52b225febca
SHA15574e46486e6e09690bee8f90e65459619719133
SHA256f64f22e3dd4a6839fd0330758e7d10bb1dece8e7da18b87e706080d03b5755f8
SHA51295ea5a5191a0bc924643c3828a5d148718608ba4e454e78fb435af53b120735d9279c696488017e5ac6a6498bfaa45b1427fd63bb660430bda3ca9e291cc51d6
-
Filesize
34KB
MD5ea2f6bbc2b69a3e26a5750a7bbec13e7
SHA12da8a4dfcff9d8653513cbe5774588b5d0a4f123
SHA2564b19d57c97d0992aca4e9b9aefa3a485c6e0f40197d15b98ceab929d3e6e1698
SHA512b181b972fe81d32a5a4be922f4d29082778d9c9b8ae4b5a048aea1c38c4ebfe3942d94d7fac8e06e599c0688b5c925430fec53b1c35462d2e75bd1b57522e4c7
-
Filesize
22B
MD576cdb2bad9582d23c1f6f4d868218d6c
SHA1b04f3ee8f5e43fa3b162981b50bb72fe1acabb33
SHA2568739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85
SHA5125e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f
-
Filesize
60KB
MD573e7e99c05ea9822d04cec4a19c25724
SHA100c671ee559e7d7d8e8f860d53ea220e1fb291a1
SHA25661658936ba0d8b3d23dc42c0184f91a30b90c169a9df247b6533e9607697a2e0
SHA5120cf29b044446b4c971dd28c633540f9cce1f6ca53a4fdb8aff3d3728a1162a4eebb6db76cc14ab817642b6ad610e7ca5082a36a866fc0322c5e9e805b56d7dc9
-
Filesize
60KB
MD569028eabe843ce063de5b40867652c07
SHA13c1fa13dadd3446e4564e142c3e04b457b7a9112
SHA256e44156ab14e03387c63ad04719cce5ab39ce2c6f267d7800e002c2f43fac1bd9
SHA5127a5f107c90049ebc9c6283f242ce1219f2b975cf784053123f092fdd7abcf303beb198ac4258b79e1cd9f4411207f8f41d3210468b8bbcd5c90412597f85381b
-
Filesize
60KB
MD52d179968582ac511adc520cc77158b36
SHA17918737db6e4c38afd7cb98f41ba21380edae34e
SHA2561aea5174881766f4731a900edc315dbdcf5285e3a8611bd7a178f06e38176272
SHA5128535671d56770f6b2f281dfa17c4d5d2dcc8746d94a2d7e1930a9602a3cfd0142c51ccbd5465482f8e492fb8b525cfc3fbea29c4fc3e210840fcdd4d56c89152
-
Filesize
60KB
MD522fc88df7ef16f17e158378c2bd738c7
SHA19c20cb1c9db1f02838d18cfc519fe514e21792dc
SHA25627e3b784469d4d97de01e84500e7daa95f07f5cbdedabe14e55fd63f4f0afe0c
SHA512f00a5096b4966afb41f9e9d4c4e0707572b1abff6768bf3fa8d6ed6b7f82644a5a6fc6f8b198ef4a3ce09861e6436ce9fc880d57422abb8e445b6545f8799342
-
Filesize
60KB
MD5eb64efce3d60b3793c8f77ea7515d1ca
SHA1438fe2c6c2b133cfc4bd3d2d284352c4df9b25e4
SHA25611bb9eb4ee7c5053887de479f6e5c19b04a311f3d648f336346fc08ac7b2b573
SHA512a137fa99230b950ec63a7e251a398b487310e7dde854b007b1fae88a09e8900f513ad42a07586b429dec20f8a93634c9e5a654aef0110ce5346a1896727c0fa1
-
Filesize
60KB
MD598c8263c3bad5906e0799f63247057bb
SHA13bcec58af82df14cd4f243793246ed7ba9995281
SHA256701e571b3f514e06163f3f7249e3b335ddfd3f2ad316cc77a38497b01f6516d0
SHA512010df4a7fcb753d54ae1582bc01506364267358827c980fe10c6ce5bd617d355bf6957b54d0e731d802b132fd18b88597388890807411392723b64bf9c6a2da5
-
Filesize
60KB
MD5dbf4eee3372da214cbbea6edeb4abf58
SHA1df1ffa1f3b12ba79a0b79fd5428b7b921157aec3
SHA2563b96ff05ca4e14c2574b29a11c7646e1c0035024c8df737ee2f4ef212b230220
SHA5122f39820f835229053a9a8326c300ef8dd37cdbee0c97136e2e681467f26be0ef1e6b2c78390de058aa70676a1cebfbf359f88aeaa2a60b4a3950b08ef39b0b7e
-
Filesize
60KB
MD569eba74b2e06a760cc4b6e790754e754
SHA18c4ede4b88ebbb72b84a388de9d31bd6bcf532d6
SHA25637dc877b92062438202421e3b6b1e093e5d119d46d28a1d3534f60431b146bfe
SHA512bee4c7daf708310f7c53b69a9d41376fa546ef84eff70a03ce91f78967d36f140dba379411c5984d94017547543dbced0c6379ce18e03b73760f5ad80169f522
-
Filesize
60KB
MD5b24a32150ca29e4245169613cd33b446
SHA124082cd375d69ab1d9e25b1e4fb1cfadeaa2cbfb
SHA25696559dfed853a64392011db5338325a829b76f9cc4fde287faee0be02010b541
SHA51245f325e39cf2d93dfddf2b0224562f3c55b149cb5b6193fccfa021a7084a06fdbc91f82f5eccf0965c4099cdebfd3c8daa231c0ba158932c1fe6d60e915d18bb
-
Filesize
60KB
MD50f2db1826e7ea0ab00fdd71f89cc7d61
SHA14695452fffa3868ad8a4103acd26d435f1cc4acf
SHA25615a4c5d1f5bdce18ecabea29ebd142d0a9fe0f73efaeb9cff4c114bfec3fe468
SHA512d8e8fac37f2f94c987f60dc02d2ad651185994768bbfc9460a10f538b14749de2fb187f8582f0a8b0c3ff30d6552056ac22f7a42df1aed941565c51654e549c4
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB