Analysis Overview
SHA256
2e402d9779e3b3399479a69016a0912d2b5f705f33c2aa98dd2c819ac0829e28
Threat Level: Known bad
The file 17-10-2024__20.rar was found to be: Known bad.
Malicious Activity Summary
Modifies visibility of file extensions in Explorer
MyDoom
Mydoom family
Detects MyDoom family
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Executes dropped EXE
Loads dropped DLL
Checks computer location settings
Deletes itself
Checks installed software on the system
Adds Run key to start application
Maps connected drives based on registry
Network Share Discovery
UPX packed file
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Event Triggered Execution: Accessibility Features
System Network Configuration Discovery: Internet Connection Discovery
Enumerates physical storage devices
Program crash
Unsigned PE
System Location Discovery: System Language Discovery
NSIS installer
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of UnmapMainImage
Suspicious behavior: MapViewOfSection
Modifies system certificate store
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
System policy modification
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-16 22:34
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral32
Detonation Overview
Submitted
2024-11-16 22:34
Reported
2024-11-16 22:37
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
153s
Command Line
Signatures
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{f4t8gf8r786tv76y6-45850o-eg8t4r98f7r8188} = "C:\\Users\\Admin\\AppData\\Local\\Temp\\17-10-2024 #20\\assemblychange.exe" | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\assemblychange.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\assemblychange.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\assemblychange.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\assemblychange.exe
"C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\assemblychange.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.49.80.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.gunnylaumienphi2017.com | udp |
| VN | 103.92.25.194:443 | www.gunnylaumienphi2017.com | tcp |
| US | 8.8.8.8:53 | 194.25.92.103.in-addr.arpa | udp |
| VN | 103.92.25.194:443 | www.gunnylaumienphi2017.com | tcp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.130.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.49.80.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
Files
memory/3016-0-0x0000000074D72000-0x0000000074D73000-memory.dmp
memory/3016-1-0x0000000074D70000-0x0000000075321000-memory.dmp
memory/3016-2-0x0000000074D70000-0x0000000075321000-memory.dmp
memory/3016-3-0x0000000074D72000-0x0000000074D73000-memory.dmp
memory/3016-4-0x0000000074D70000-0x0000000075321000-memory.dmp
memory/3016-5-0x0000000074D70000-0x0000000075321000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-16 22:34
Reported
2024-11-16 22:34
Platform
win10v2004-20241007-en
Max time kernel
0s
Max time network
1s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 52.191.219.104:443 | tcp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-11-16 22:34
Reported
2024-11-16 22:37
Platform
win10v2004-20241007-en
Max time kernel
134s
Max time network
140s
Command Line
Signatures
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Barys.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks installed software on the system
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Barys.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Barys.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Barys.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Barys.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Barys.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Barys.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Barys.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Barys.exe | N/A |
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Barys.exe
"C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Barys.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3228 -ip 3228
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 636
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.130.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.49.80.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
Files
memory/3228-0-0x0000000002150000-0x00000000021EB000-memory.dmp
memory/3228-1-0x0000000000400000-0x000000000049A000-memory.dmp
memory/3228-2-0x0000000000400000-0x000000000049A000-memory.dmp
memory/3228-3-0x0000000000400000-0x000000000049A000-memory.dmp
memory/3228-7-0x0000000000400000-0x000000000049A000-memory.dmp
memory/3228-6-0x0000000000400000-0x000000000049A000-memory.dmp
memory/3228-5-0x0000000000400000-0x000000000049A000-memory.dmp
memory/3228-4-0x0000000000400000-0x000000000049A000-memory.dmp
memory/3228-8-0x0000000000400000-0x000000000049A000-memory.dmp
memory/3228-9-0x0000000000400000-0x000000000049A000-memory.dmp
memory/3228-12-0x0000000000400000-0x000000000049A000-memory.dmp
memory/3228-13-0x0000000000400000-0x000000000049A000-memory.dmp
memory/3228-14-0x0000000002150000-0x00000000021EB000-memory.dmp
memory/3228-15-0x0000000000400000-0x000000000049A000-memory.dmp
memory/3228-11-0x0000000000400000-0x000000000049A000-memory.dmp
memory/3228-10-0x0000000000400000-0x000000000049A000-memory.dmp
memory/3228-16-0x0000000000400000-0x000000000049A000-memory.dmp
memory/3228-18-0x0000000000400000-0x000000000049A000-memory.dmp
memory/3228-17-0x0000000000400000-0x000000000049A000-memory.dmp
memory/3228-19-0x0000000000400000-0x000000000049A000-memory.dmp
memory/3228-20-0x0000000000400000-0x000000000049A000-memory.dmp
memory/3424-23-0x0000000002600000-0x0000000002602000-memory.dmp
memory/3424-24-0x0000000002600000-0x0000000002602000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\c4cfbe60
| MD5 | c0022e058e3944aecadabafd07ee0e69 |
| SHA1 | 60ea6b17ee1185f20ccd4e61ff65991b343c0722 |
| SHA256 | 54694c14dd11001c69c546124173393a1e9ae235309afcbe44ae357064345aaa |
| SHA512 | b128bf855392e30162d35952e28dbd240cb9bb121c920f310cbb2329a3ae5e21be3ee4fef9e4ea6dd2e8e0ff2b709c96ed32558db89b086e60d84be2d4520bff |
memory/3228-29-0x0000000000400000-0x000000000049A000-memory.dmp
memory/3228-30-0x0000000000400000-0x000000000049A000-memory.dmp
memory/3228-31-0x0000000000400000-0x000000000049A000-memory.dmp
Analysis: behavioral23
Detonation Overview
Submitted
2024-11-16 22:34
Reported
2024-11-16 22:37
Platform
win7-20240903-en
Max time kernel
122s
Max time network
124s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\TSULoader.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\TSULoader.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\TSULoader.exe | N/A |
Checks installed software on the system
Maps connected drives based on registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\TSULoader.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\TSULoader.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\TSULoader.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\TSULoader.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\TSULoader.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\TSULoader.exe
"C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\TSULoader.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | r1.stylezip.info | udp |
| US | 8.8.8.8:53 | c1.stylezip.info | udp |
| US | 8.8.8.8:53 | c2.stylemy.info | udp |
| US | 8.8.8.8:53 | r2.stylemy.info | udp |
Files
\Users\Admin\AppData\Local\Temp\Tsu4ECCFB23.dll
| MD5 | af7ce801c8471c5cd19b366333c153c4 |
| SHA1 | 4267749d020a362edbd25434ad65f98b073581f1 |
| SHA256 | cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e |
| SHA512 | 88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c |
\Users\Admin\AppData\Local\Temp\{5F19B156-FDA4-430D-A1E6-B58684FA93A0}\_Setup.dll
| MD5 | 03c0118365077ca9ab839b7fa3d961fe |
| SHA1 | d201e52c3e25bda0e7cde1371527f3f24b365b2c |
| SHA256 | 9b7f1db242c5377628c02229acf7f930b53848aba9fb5e6b03bd9846d493bb4e |
| SHA512 | 9625c2e172705e582b6f54c336ff7245cd60e71b9ada6f2370fb3932d218c95411970a18d198b0a64b8c41dc7bb723ab007503d817a9794e88d9a0f063e1f9be |
\Users\Admin\AppData\Local\Temp\{5F19B156-FDA4-430D-A1E6-B58684FA93A0}\Custom.dll
| MD5 | 0edf27eff845a13f2202d3a9052e754b |
| SHA1 | 5a80cc0c2fb645817da0b18df5444d634c31667a |
| SHA256 | b5aa66dba46922adfebc057650f8df0bb6dc8b6048f6d86be7cf0a55722b4054 |
| SHA512 | 653fa430bb81d067be71aa8a846265b75aa63d88cfe08c2c174168f9dd99d9dd835384bf0b6afb836247bd91c0cffd1364f78241934d090a04f9f3469a6939b2 |
Analysis: behavioral26
Detonation Overview
Submitted
2024-11-16 22:34
Reported
2024-11-16 22:37
Platform
win10v2004-20241007-en
Max time kernel
93s
Max time network
142s
Command Line
Signatures
Event Triggered Execution: Accessibility Features
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\UtilMan.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\UtilMan.exe
"C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\UtilMan.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.129.81.91.in-addr.arpa | udp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-11-16 22:34
Reported
2024-11-16 22:37
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
152s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Butcher Crypter.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Butcher Crypter.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Butcher Crypter.exe
"C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Butcher Crypter.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.130.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-11-16 22:34
Reported
2024-11-16 22:37
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Dynamer.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Dynamer.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Dynamer.exe
"C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Dynamer.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 552 -ip 552
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 1116
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.49.80.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.179.89.13.in-addr.arpa | udp |
Files
Analysis: behavioral31
Detonation Overview
Submitted
2024-11-16 22:34
Reported
2024-11-16 22:37
Platform
win7-20240903-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Run\{f4t8gf8r786tv76y6-45850o-eg8t4r98f7r8188} = "C:\\Users\\Admin\\AppData\\Local\\Temp\\17-10-2024 #20\\assemblychange.exe" | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\assemblychange.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\assemblychange.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\assemblychange.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\assemblychange.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\assemblychange.exe
"C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\assemblychange.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.gunnylaumienphi2017.com | udp |
| VN | 103.92.25.194:443 | www.gunnylaumienphi2017.com | tcp |
| VN | 103.92.25.194:443 | www.gunnylaumienphi2017.com | tcp |
Files
memory/2120-0-0x00000000748D1000-0x00000000748D2000-memory.dmp
memory/2120-1-0x00000000748D0000-0x0000000074E7B000-memory.dmp
memory/2120-2-0x00000000748D0000-0x0000000074E7B000-memory.dmp
memory/2120-3-0x00000000748D0000-0x0000000074E7B000-memory.dmp
memory/2120-4-0x00000000748D0000-0x0000000074E7B000-memory.dmp
Analysis: behavioral24
Detonation Overview
Submitted
2024-11-16 22:34
Reported
2024-11-16 22:37
Platform
win10v2004-20241007-en
Max time kernel
135s
Max time network
140s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\TSULoader.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\TSULoader.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\TSULoader.exe | N/A |
Checks installed software on the system
Maps connected drives based on registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\TSULoader.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\TSULoader.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\TSULoader.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\TSULoader.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\TSULoader.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\TSULoader.exe
"C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\TSULoader.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | r1.stylezip.info | udp |
| US | 8.8.8.8:53 | c1.stylezip.info | udp |
| US | 8.8.8.8:53 | r2.stylemy.info | udp |
| US | 8.8.8.8:53 | c2.stylemy.info | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.49.80.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c1.stylezip.info | udp |
| US | 8.8.8.8:53 | c2.stylemy.info | udp |
| US | 8.8.8.8:53 | c1.stylezip.info | udp |
| US | 8.8.8.8:53 | c2.stylemy.info | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.130.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\Tsu304972CA.dll
| MD5 | af7ce801c8471c5cd19b366333c153c4 |
| SHA1 | 4267749d020a362edbd25434ad65f98b073581f1 |
| SHA256 | cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e |
| SHA512 | 88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c |
C:\Users\Admin\AppData\Local\Temp\{DF77DE3F-0809-45F3-A718-402B0494FCC9}\_Setup.dll
| MD5 | 03c0118365077ca9ab839b7fa3d961fe |
| SHA1 | d201e52c3e25bda0e7cde1371527f3f24b365b2c |
| SHA256 | 9b7f1db242c5377628c02229acf7f930b53848aba9fb5e6b03bd9846d493bb4e |
| SHA512 | 9625c2e172705e582b6f54c336ff7245cd60e71b9ada6f2370fb3932d218c95411970a18d198b0a64b8c41dc7bb723ab007503d817a9794e88d9a0f063e1f9be |
C:\Users\Admin\AppData\Local\Temp\{DF77DE3F-0809-45F3-A718-402B0494FCC9}\Custom.dll
| MD5 | 0edf27eff845a13f2202d3a9052e754b |
| SHA1 | 5a80cc0c2fb645817da0b18df5444d634c31667a |
| SHA256 | b5aa66dba46922adfebc057650f8df0bb6dc8b6048f6d86be7cf0a55722b4054 |
| SHA512 | 653fa430bb81d067be71aa8a846265b75aa63d88cfe08c2c174168f9dd99d9dd835384bf0b6afb836247bd91c0cffd1364f78241934d090a04f9f3469a6939b2 |
Analysis: behavioral25
Detonation Overview
Submitted
2024-11-16 22:34
Reported
2024-11-16 22:37
Platform
win7-20240903-en
Max time kernel
118s
Max time network
121s
Command Line
Signatures
Event Triggered Execution: Accessibility Features
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\UtilMan.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\UtilMan.exe
"C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\UtilMan.exe"
Network
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-11-16 22:34
Reported
2024-11-16 22:37
Platform
win7-20240903-en
Max time kernel
144s
Max time network
146s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\InstallCore.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\InstallCore.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\InstallCore.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\InstallCore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\InstallCore.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\InstallCore.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\InstallCore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\InstallCore.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\InstallCore.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\InstallCore.exe
"C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\InstallCore.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | os.baixakialtcdn.com | udp |
| US | 8.8.8.8:53 | dl.cdn.baixaki.com.br | udp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| US | 8.8.8.8:53 | www.baixaki.com.br | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| GB | 216.58.201.98:80 | www.googletagservices.com | tcp |
| GB | 142.250.180.2:80 | partner.googleadservices.com | tcp |
| GB | 216.58.201.98:443 | www.googletagservices.com | tcp |
| GB | 179.191.165.65:80 | www.baixaki.com.br | tcp |
| GB | 179.191.165.65:80 | www.baixaki.com.br | tcp |
| GB | 179.191.165.65:443 | www.baixaki.com.br | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 216.58.201.99:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 216.58.201.99:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | os2.baixakialtcdn.com | udp |
| US | 8.8.8.8:53 | rp.baixakialtcdn.com | udp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.71:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 23.192.22.93:80 | www.microsoft.com | tcp |
Files
memory/2356-0-0x0000000001D10000-0x0000000001E56000-memory.dmp
memory/2356-5-0x0000000001D10000-0x0000000001E56000-memory.dmp
memory/2356-6-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2356-3-0x0000000001D10000-0x0000000001E56000-memory.dmp
memory/2356-4-0x0000000000401000-0x000000000040A000-memory.dmp
memory/2356-106-0x0000000001D10000-0x0000000001E56000-memory.dmp
memory/2356-107-0x0000000001D10000-0x0000000001E56000-memory.dmp
memory/2356-109-0x0000000001D10000-0x0000000001E56000-memory.dmp
memory/2356-108-0x0000000001D10000-0x0000000001E56000-memory.dmp
memory/2356-110-0x0000000001D10000-0x0000000001E56000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ish259442595\bootstrap_21045.html
| MD5 | 1ea9e5b417811379e874ad4870d5c51a |
| SHA1 | a4bd01f828454f3619a815dbe5423b181ec4051c |
| SHA256 | f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a |
| SHA512 | 965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa |
C:\Users\Admin\AppData\Local\Temp\ish259442595\css\sdk-ui\progress-bar.css
| MD5 | 5335f1c12201b5f7cf5f8b4f5692e3d1 |
| SHA1 | 13807a10369f7ff9ab3f9aba18135bccb98bec2d |
| SHA256 | 974cd89e64bdaa85bf36ed2a50af266d245d781a8139f5b45d7c55a0b0841dda |
| SHA512 | 0d4e54d2ffe96ccf548097f7812e3608537b4dae9687816983fddfb73223c196159cc6a39fcdc000784c79b2ced878efbc7a5b5f6e057973bf25b128124510df |
C:\Users\Admin\AppData\Local\Temp\ish259442595\css\main.css
| MD5 | 0860a940abec13648eec1333b3c3f786 |
| SHA1 | 42395eda7237e488e1103ff3eb87dc0ff0ca09fc |
| SHA256 | 0a19ecb9efd9e6f3488171620dabb9a14a19995b662afba81b432338c6e2b503 |
| SHA512 | f7ed99b99af1e0e6a71d09af6fc5136ac5180a3edbc52bcceb25864247cb86a19868c4452ff0481a2624142c6af9d8cd64dba85ebc67258e7885c4e95780d344 |
memory/2356-136-0x0000000001D10000-0x0000000001E56000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ish259442595\images\bg_new.png
| MD5 | d2db1177cee2d41ac3cd41fee6c3ece8 |
| SHA1 | e48ed73c184e23e5bda2ab5938a821134b538972 |
| SHA256 | df04b7308a83b09f4ed58b0696aa0e12995924696d8e8b79736e781198e971cd |
| SHA512 | d19ace601b6f2a6b8d34588b293705462ecab656a99c578c3561f19e94ce46d3fd78ce947e3656cff6cf75c69e98ad511cf2b51ffc8687083b172a879ff6265d |
C:\Users\Admin\AppData\Local\Temp\ish259442595\images\close.png
| MD5 | 11145975e3e0e33c7ddf3fd28edbd3f8 |
| SHA1 | fe1fbfd9ffe72637c87f07bb46e75956309fdf20 |
| SHA256 | 8caba3304d24488a8d88ee9b1aee3fcafd409bdfedf075b66abd66a55d38ab43 |
| SHA512 | f6d74a61eb788fc9c65c20b94a80dc810bb3270cd4919193086644a97ad17824cae97d4c1d7a9a080445dea09d4a7ad30a529d9905cee51710f41f0f5bef7458 |
memory/2356-141-0x0000000001D10000-0x0000000001E56000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ish259442595\images\color_btn.png
| MD5 | ccfbcbb51598a1946b19ff56c4ae9bd1 |
| SHA1 | 83c5a77c766253d2c22e3b893408fe60acb46113 |
| SHA256 | 7ec494b43d8c70c338929fd88af752e117bb924a4284b93567e7b8c9cb79be9f |
| SHA512 | 4a7b08a008350460beeb60e9473e497ab1c67d5ef60e927bb35a8cae574fd177b2c1a8e2df26d655e28b4ec4726d5616938ed4a612cbfcfa8f52f82d0de94426 |
C:\Users\Admin\AppData\Local\Temp\ish259442595\images\resume_btn.png
| MD5 | 5f8dcbf4ebc42ad95cfc4d9401283972 |
| SHA1 | e4060ea37daa2953bfdf8a773e447143f6365e75 |
| SHA256 | 931193720d26f0007ad223fca1a440f4866047a0ca96f5d29de3e62e7ba6a731 |
| SHA512 | f918c4b834dff01c82f4b0063708d9155aef87b40fa3ae101d5d0a761ed17a348ff6ba4fb5f1e6ba4921698dcbb3e8291a25e48d180092107cb05660d948a61d |
C:\Users\Admin\AppData\Local\Temp\ish259442595\images\pause_btn.png
| MD5 | 818b8908ace0ccc5fecbca20f2919587 |
| SHA1 | e599b4229d622c36bc6cd5b155c94c50d1a68b86 |
| SHA256 | ad2ec992fc336af09f7be4a652d240936a08bf522d10ff7fbec5dbfe0c4d332d |
| SHA512 | 7d63287a12f519524146f7ed620aee6724489fa351752e7eb64e99fae098e524e744e570d2b7abc21f89064cff2bdaa9864f7f0cda9fb9ca861d1df9a45bcd9f |
C:\Users\Admin\AppData\Local\Temp\ish259442595\images\progress.png
| MD5 | 35a600a752d3074501de31a516860499 |
| SHA1 | 51eac62cf77a0b88a3e9cb9ee6f85def21fd4bcf |
| SHA256 | 14e064857751b23da7bbe40861ef4caf99b2496227507b8e3108fbac6d901f75 |
| SHA512 | 046ec179571d239bfb2d51be9837f96d9afebf2e5db77bba0f4a25ce8716d37581a3f9753bd2dbb04c47711699a9d93987bceb71df0b8becf8c577d660320069 |
C:\Users\Admin\AppData\Local\Temp\ish259442595\images\progress_bar.png
| MD5 | eabb61abba55f80af418fa1128d1548d |
| SHA1 | a5ee1d55de2cc60966039120c830fc19cefb0351 |
| SHA256 | 717f3f02f5d5fd1478b6d2ec44acef6e70bb8f1adcf2dc030c08b92e851737e1 |
| SHA512 | d232072c9540bf0e2fd56f353c2cc83518eabf8282cc02d9f8bec81c0341287ada29ba79f2a515d68722658686b6cce97be138a48f44409562d9a567af200bd6 |
C:\Users\Admin\AppData\Local\Temp\ish259442595\images\loader.gif
| MD5 | 57ca1a2085d82f0574e3ef740b9a5ead |
| SHA1 | 2974f4bf37231205a256f2648189a461e74869c0 |
| SHA256 | 476a7b1085cc64de1c0eb74a6776fa8385d57eb18774f199df83fc4d7bbcc24e |
| SHA512 | 2d50b9095d06ffd15eeeccf0eb438026ca8d09ba57141fed87a60edd2384e2139320fb5539144a2f16de885c49b0919a93690974f32b73654debca01d9d7d55c |
C:\Users\Admin\AppData\Local\Temp\ish259442595\images\grey_btn.png
| MD5 | 124bc01ea52af57ca245837d87460f4b |
| SHA1 | d2726285b847e7d43c937f304b16b2cbce059662 |
| SHA256 | f12fd05169348634a4fead731020fea3b9db80a1b1738b5db8488b45ef480475 |
| SHA512 | e2f9006f8a0126ef9927a502dc1088a60af1fd36bd64deb5193e5abe2beaaeeb3c0bc47135070d7aa949205df592221e7b0bc62c3b5c420b59778b0dafa498ee |
C:\Users\Admin\AppData\Local\Temp\ish259442595\images\sheild.png
| MD5 | 85fc7769fe307fc06b911ca91ca6c67a |
| SHA1 | 30dbf2c943538c8fcffe54a8b4e93c325d39c76a |
| SHA256 | a4eacd03722984aaf404ac709b767bec7acd47f0f4dd1bc9b4f2615aaa0e1420 |
| SHA512 | 31c60db83b2b93b716b6c5270f8304692bc405a94df414017c6be8c231aca1d8f01bcf013a94ff2894afae7c8a1248c56579e5199acad60c09a33b300d24a5ba |
C:\Users\Admin\AppData\Local\Temp\ish259442595\images\welcome_prod_box.png
| MD5 | 07cd59b954e8495ad6cd6a7c11d2de86 |
| SHA1 | 787aeda3eee8053705fb208a6b399b8340820b82 |
| SHA256 | 6e6b964fd79b4a3461f128e2ed145b9b641d108b8616695f36387661cae995bb |
| SHA512 | 0159aca0c2a49393fd91acd4b6819217e67f8fd01e220297eb3e0fdd8132fad794fc317f5cc5e2b761d4123da71478b97df776908de6740eb6d54187c6c00754 |
C:\Users\Admin\AppData\Local\Temp\ish259442595\locale\ES.locale
| MD5 | 2fdabf60db133e5a35b708ae152ab377 |
| SHA1 | c1052419d3f7640d6f800b470190df29c79aff4a |
| SHA256 | 1142c1bb69d221869bb3a04fc19f86e6a5b4b6ffafcbe2224aac5705a9492ce2 |
| SHA512 | b47339a11abc18aea7bc5eb3d80ea055702464f1cdbfeb16459134824f7423b91bb994d93ac85a1f8a5dcaa6c965227a808f08ee10031c337337e2bc291b58b7 |
memory/2356-154-0x0000000001D10000-0x0000000001E56000-memory.dmp
memory/2356-166-0x0000000001D10000-0x0000000001E56000-memory.dmp
memory/2356-167-0x0000000001D10000-0x0000000001E56000-memory.dmp
memory/2356-168-0x0000000001D10000-0x0000000001E56000-memory.dmp
memory/2356-169-0x0000000001D10000-0x0000000001E56000-memory.dmp
memory/2356-171-0x0000000001D10000-0x0000000001E56000-memory.dmp
memory/2356-178-0x0000000001D10000-0x0000000001E56000-memory.dmp
memory/2356-180-0x0000000001D10000-0x0000000001E56000-memory.dmp
memory/2356-181-0x0000000001D10000-0x0000000001E56000-memory.dmp
memory/2356-182-0x0000000001D10000-0x0000000001E56000-memory.dmp
memory/2356-186-0x0000000001D10000-0x0000000001E56000-memory.dmp
memory/2356-200-0x0000000001D10000-0x0000000001E56000-memory.dmp
memory/2356-201-0x0000000001D10000-0x0000000001E56000-memory.dmp
memory/2356-205-0x0000000001D10000-0x0000000001E56000-memory.dmp
memory/2356-207-0x0000000001D10000-0x0000000001E56000-memory.dmp
memory/2356-209-0x0000000001D10000-0x0000000001E56000-memory.dmp
memory/2356-211-0x0000000001D10000-0x0000000001E56000-memory.dmp
memory/2356-212-0x0000000001D10000-0x0000000001E56000-memory.dmp
memory/2356-213-0x0000000001D10000-0x0000000001E56000-memory.dmp
memory/2356-214-0x0000000001D10000-0x0000000001E56000-memory.dmp
memory/2356-215-0x0000000001D10000-0x0000000001E56000-memory.dmp
memory/2356-216-0x0000000001D10000-0x0000000001E56000-memory.dmp
memory/2356-218-0x0000000001D10000-0x0000000001E56000-memory.dmp
memory/2356-219-0x0000000001D10000-0x0000000001E56000-memory.dmp
memory/2356-217-0x0000000001D10000-0x0000000001E56000-memory.dmp
memory/2356-221-0x0000000001D10000-0x0000000001E56000-memory.dmp
memory/2356-223-0x0000000001D10000-0x0000000001E56000-memory.dmp
memory/2356-222-0x0000000001D10000-0x0000000001E56000-memory.dmp
Analysis: behavioral19
Detonation Overview
Submitted
2024-11-16 22:34
Reported
2024-11-16 22:37
Platform
win7-20240903-en
Max time kernel
117s
Max time network
121s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3012 wrote to memory of 2996 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3012 wrote to memory of 2996 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3012 wrote to memory of 2996 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3012 wrote to memory of 2996 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3012 wrote to memory of 2996 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3012 wrote to memory of 2996 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3012 wrote to memory of 2996 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
Network
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-11-16 22:34
Reported
2024-11-16 22:37
Platform
win10v2004-20241007-en
Max time kernel
94s
Max time network
147s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\sfx1\_bbg.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MulDrop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\sfx1\_bbg.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\sfx1\_bbg.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3900 wrote to memory of 2652 | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MulDrop.exe | C:\Users\Admin\AppData\Local\Temp\sfx1\_bbg.exe |
| PID 3900 wrote to memory of 2652 | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MulDrop.exe | C:\Users\Admin\AppData\Local\Temp\sfx1\_bbg.exe |
| PID 3900 wrote to memory of 2652 | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MulDrop.exe | C:\Users\Admin\AppData\Local\Temp\sfx1\_bbg.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MulDrop.exe
"C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MulDrop.exe"
C:\Users\Admin\AppData\Local\Temp\sfx1\_bbg.exe
C:\Users\Admin\AppData\Local\Temp\sfx1\_bbg.exe /sfxv:3.1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.130.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.129.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\sfx1\_bbg.exe
| MD5 | f7a897d1732db96df3339644257ffdf5 |
| SHA1 | ff844b877dea6f74978067c606c6ef4b161e9afc |
| SHA256 | 7761b022a2f03d7965c189d28a7c5cfc773e691a4dd20af23ed8ec2b73c9e199 |
| SHA512 | 0958e6ad3925178a5ff67f174b1f29f510c84a99840b8d97f0538f625666baa6363bfdedc66f2d2d8b566c36b192cd39d5984738675a59ad153db5871789f8d9 |
\??\c:\Users\Admin\AppData\Local\Temp\sfx1\BB40eng.dix
| MD5 | a8ffd569876199f144568bb7767d2b6f |
| SHA1 | 517dc551ba76d5565a4b2dac49951073553af265 |
| SHA256 | 845bdef261b041fddd45a44b3b05b52bd16d4b9f423b5e52654a168452ec2930 |
| SHA512 | 5abd433d8f97ce5a3686333ced77c0e5cc02147874fdecb08c3b2352b9840b3ac4dccfae242fdf0f8a5e5a41c4ba64f9dd9c840b9fd4a2607e656d6f60fbc473 |
\??\c:\Users\Admin\AppData\Local\Temp\sfx1\tex_def.jpg
| MD5 | 8a8fa3d4bcbaa146d6d992cb41a17cb6 |
| SHA1 | ba029352f097f5091cbe7edd16f596f0e648472d |
| SHA256 | 03a9b3d2b445a8e4aeae2076c550d6acff401cbc331d29928ab4a33e0e7fda0a |
| SHA512 | c776834e5613a62a3361a82c9c5cf1bef8e6c1f774a696315c05c2f17e13a3cc30db167b7696f57c134a232efc7e0feb2f8dc9a91522b4aee9b6417acba8dc80 |
\??\c:\users\admin\appdata\local\temp\sfx1\bbgift.puz
| MD5 | 200648833c230b76686bda1c0df905e5 |
| SHA1 | 85f83493ecdd04dcce193f710b39a8475474e084 |
| SHA256 | a6e044bf66f82c2f2e669f7402704a16a35e5703c25fc2deafb077976e677934 |
| SHA512 | d61808f1c408a047646ed9fd49785f99dead9a601b28df17fb72c79ffb468d3898c4176364dd46b0b825415406271269fb49afd0d4bbc2993c349a4e78d5e68c |
Analysis: behavioral28
Detonation Overview
Submitted
2024-11-16 22:34
Reported
2024-11-16 22:37
Platform
win10v2004-20241007-en
Max time kernel
93s
Max time network
146s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Zombie.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Zombie.exe
"C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Zombie.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.130.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
Files
memory/2988-0-0x0000000000400000-0x000000000040A000-memory.dmp
memory/2988-1-0x0000000000400000-0x000000000040A000-memory.dmp
Analysis: behavioral12
Detonation Overview
Submitted
2024-11-16 22:34
Reported
2024-11-16 22:37
Platform
win10v2004-20241007-en
Max time kernel
34s
Max time network
158s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\Internet Explorer\ja-JP\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\zh-cn\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files (x86)\Common Files\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\Common Files\microsoft shared\ink\hu-HU\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\Common Files\microsoft shared\ink\th-TH\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\hu-hu\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\Common Files\microsoft shared\VSTO\10.0\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\dotnet\host\fxr\7.0.16\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\Google\Chrome\Application\123.0.6312.123\default_apps\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\it-it\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\nl-nl\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\Common Files\System\de-DE\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\update.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\Google\Chrome\Application\123.0.6312.123\WidevineCdm\_platform_specific\win_x64\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\appcompat\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fi-fi\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\Java\jdk-1.8\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ru-ru\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\Common Files\microsoft shared\Triedit\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\Internet Explorer\uk-UA\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\apppatch\fr-FR\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\update.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\Common Files\microsoft shared\ink\zh-TW\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\Java\jre-1.8\lib\cmm\System Restore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\Java\jdk-1.8\jre\lib\amd64\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\Common Files\System\es-ES\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\root\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\eu-es\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app-api\dev\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fr-ma\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\Common Files\microsoft shared\ink\it-IT\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\Java\jdk-1.8\jre\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ja-jp\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\Common Files\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\dotnet\host\data.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ro-ro\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\Common Files\microsoft shared\ink\he-IL\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\hr-hr\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files (x86)\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files (x86)\Common Files\Microsoft Shared\VC\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\dev\libs\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\backup.exe | N/A |
Executes dropped EXE
Network Share Discovery
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sv-se\backup.exe | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\backup.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\backup.exe | C:\Program Files\Common Files\microsoft shared\ink\backup.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\backup.exe | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\backup.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\123.0.6312.123\WidevineCdm\_platform_specific\backup.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\WidevineCdm\data.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\lib\amd64\backup.exe | C:\Program Files\Java\jdk-1.8\jre\lib\backup.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\pl-PL\backup.exe | C:\Program Files\Common Files\microsoft shared\ink\backup.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\backup.exe | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\backup.exe | C:\Program Files (x86)\Common Files\Microsoft Shared\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\eu-es\backup.exe | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\he-il\backup.exe | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ru-ru\backup.exe | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\backup.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\da-DK\data.exe | C:\Program Files\Common Files\microsoft shared\ink\backup.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\es-MX\backup.exe | C:\Program Files\Common Files\microsoft shared\ink\backup.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\nb-NO\backup.exe | C:\Program Files\Common Files\microsoft shared\ink\backup.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\backup.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fi-fi\backup.exe | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\backup.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System Restore.exe | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\backup.exe | C:\Program Files (x86)\Common Files\Microsoft Shared\ink\backup.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe | C:\Program Files\Common Files\microsoft shared\backup.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\Ole DB\backup.exe | C:\Program Files\Common Files\System\backup.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\Ole DB\it-IT\update.exe | C:\Program Files\Common Files\System\Ole DB\backup.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\Ole DB\ja-JP\backup.exe | C:\Program Files\Common Files\System\Ole DB\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-il\backup.exe | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_GB\backup.exe | C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\backup.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\backup.exe | C:\Program Files\Common Files\backup.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Services\System Restore.exe | C:\Program Files\Common Files\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\backup.exe | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\themes\backup.exe | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\backup.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\backup.exe | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\update.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\hr-HR\backup.exe | C:\Program Files\Common Files\microsoft shared\ink\backup.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\update.exe | C:\Program Files\Common Files\microsoft shared\MSInfo\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\backup.exe | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\backup.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\de-DE\data.exe | C:\Program Files\Internet Explorer\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe\Acrobat\data.exe | C:\Program Files (x86)\Common Files\Adobe\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\backup.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\backup.exe | C:\Program Files\Common Files\microsoft shared\backup.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\backup.exe | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\backup.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\ja-JP\backup.exe | C:\Program Files\Common Files\microsoft shared\ink\backup.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\backup.exe | C:\Program Files\Common Files\microsoft shared\ink\backup.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\ado\fr-FR\backup.exe | C:\Program Files\Common Files\System\ado\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_US\backup.exe | C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\backup.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\legal\jdk\backup.exe | C:\Program Files\Java\jre-1.8\legal\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\backup.exe | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fi-fi\backup.exe | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\backup.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\legal\backup.exe | C:\Program Files\Java\jdk-1.8\backup.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\backup.exe | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\root\System Restore.exe | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\backup.exe | C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fr-fr\backup.exe | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\hu-hu\backup.exe | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\nb-no\backup.exe | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ko-kr\backup.exe | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\backup.exe | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\backup.exe | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\hr-hr\backup.exe | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\backup.exe | C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\backup.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\backup.exe | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\update.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\hu-HU\backup.exe | C:\Program Files\Common Files\microsoft shared\ink\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ru-ru\backup.exe | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\backup.exe | C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\System Restore.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Microsoft Shared\Triedit\en-US\backup.exe | C:\Program Files (x86)\Common Files\Microsoft Shared\Triedit\data.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\backup.exe | C:\Program Files\7-Zip\backup.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\ro-RO\backup.exe | C:\Program Files\Common Files\microsoft shared\ink\backup.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\TextConv\backup.exe | C:\Program Files\Common Files\microsoft shared\backup.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\apppatch\ja-JP\update.exe | C:\Windows\apppatch\backup.exe | N/A |
| File opened for modification | C:\Windows\assembly\backup.exe | C:\Windows\backup.exe | N/A |
| File opened for modification | C:\Windows\assembly\GAC\Extensibility\update.exe | C:\Windows\assembly\GAC\backup.exe | N/A |
| File opened for modification | C:\Windows\assembly\GAC\Microsoft.mshtml\backup.exe | C:\Windows\assembly\GAC\backup.exe | N/A |
| File opened for modification | C:\Windows\apppatch\fr-FR\backup.exe | C:\Windows\apppatch\backup.exe | N/A |
| File opened for modification | C:\Windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\System Restore.exe | C:\Windows\assembly\GAC\mscomctl\backup.exe | N/A |
| File opened for modification | C:\Windows\assembly\GAC\ADODB\backup.exe | C:\Windows\assembly\GAC\backup.exe | N/A |
| File opened for modification | C:\Windows\appcompat\backup.exe | C:\Windows\backup.exe | N/A |
| File opened for modification | C:\Windows\apppatch\es-ES\backup.exe | C:\Windows\apppatch\backup.exe | N/A |
| File opened for modification | C:\Windows\assembly\GAC\Microsoft.StdFormat\backup.exe | C:\Windows\assembly\GAC\backup.exe | N/A |
| File opened for modification | C:\Windows\assembly\GAC\mscomctl\backup.exe | C:\Windows\assembly\GAC\backup.exe | N/A |
| File opened for modification | C:\Windows\backup.exe | C:\backup.exe | N/A |
| File opened for modification | C:\Windows\appcompat\encapsulation\backup.exe | C:\Windows\appcompat\backup.exe | N/A |
| File opened for modification | C:\Windows\apppatch\Custom\Custom64\backup.exe | C:\Windows\apppatch\Custom\backup.exe | N/A |
| File opened for modification | C:\Windows\appcompat\appraiser\Telemetry\backup.exe | C:\Windows\appcompat\appraiser\backup.exe | N/A |
| File opened for modification | C:\Windows\appcompat\Programs\backup.exe | C:\Windows\appcompat\backup.exe | N/A |
| File opened for modification | C:\Windows\apppatch\CustomSDB\backup.exe | C:\Windows\apppatch\backup.exe | N/A |
| File opened for modification | C:\Windows\apppatch\de-DE\backup.exe | C:\Windows\apppatch\backup.exe | N/A |
| File opened for modification | C:\Windows\apppatch\en-US\backup.exe | C:\Windows\apppatch\backup.exe | N/A |
| File opened for modification | C:\Windows\apppatch\it-IT\backup.exe | C:\Windows\apppatch\backup.exe | N/A |
| File opened for modification | C:\Windows\assembly\GAC\backup.exe | C:\Windows\assembly\backup.exe | N/A |
| File opened for modification | C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\backup.exe | C:\Windows\assembly\GAC\ADODB\backup.exe | N/A |
| File opened for modification | C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\backup.exe | C:\Windows\assembly\GAC\Microsoft.mshtml\backup.exe | N/A |
| File opened for modification | C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\update.exe | C:\Windows\assembly\GAC\Microsoft.StdFormat\backup.exe | N/A |
| File opened for modification | C:\Windows\addins\backup.exe | C:\Windows\backup.exe | N/A |
| File opened for modification | C:\Windows\appcompat\appraiser\backup.exe | C:\Windows\appcompat\backup.exe | N/A |
| File opened for modification | C:\Windows\apppatch\backup.exe | C:\Windows\backup.exe | N/A |
| File opened for modification | C:\Windows\apppatch\AppPatch64\backup.exe | C:\Windows\apppatch\backup.exe | N/A |
| File opened for modification | C:\Windows\apppatch\Custom\backup.exe | C:\Windows\apppatch\backup.exe | N/A |
| File opened for modification | C:\Windows\AppReadiness\backup.exe | C:\Windows\backup.exe | N/A |
| File opened for modification | C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\backup.exe | C:\Windows\assembly\GAC\Extensibility\update.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
System Network Configuration Discovery: Internet Connection Discovery
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Explore.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Program Files\Common Files\microsoft shared\VGX\backup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | C:\Program Files\Internet Explorer\fr-FR\backup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\da-dk\backup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Program Files\Java\jdk-1.8\jre\lib\management\backup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | C:\Program Files (x86)\Common Files\Microsoft Shared\Triedit\en-US\backup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\backup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Program Files\Internet Explorer\fr-FR\backup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-gb\update.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Program Files\Java\jdk-1.8\jre\lib\ext\backup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\update.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\backup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_CA\backup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | C:\Users\Public\Videos\update.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | C:\Program Files\Java\jdk-1.8\jre\lib\deploy\backup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\backup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | C:\Program Files\Common Files\microsoft shared\ink\backup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | C:\Program Files\Common Files\microsoft shared\ink\nl-NL\backup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\data.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\backup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Program Files\Java\jdk-1.8\jre\legal\jdk\backup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\backup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fi-fi\backup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\root\System Restore.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\backup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\backup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fr-fr\backup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | C:\Program Files\Java\jdk-1.8\jre\bin\server\backup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Public\Pictures\backup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Program Files\Common Files\microsoft shared\ink\hr-HR\backup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Program Files\Common Files\System\ja-JP\System Restore.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\backup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fr-fr\backup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sl-sl\backup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Program Files (x86)\Common Files\Java\backup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Windows\apppatch\backup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System Restore.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\backup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Program Files\Java\jre-1.8\legal\jdk\backup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\backup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\backup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\backup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\backup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | C:\Users\Admin\Pictures\Saved Pictures\data.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | C:\Users\Public\Music\backup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\backup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\backup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\backup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | C:\Program Files\Crashpad\reports\backup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\backup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | C:\Program Files\Java\jdk-1.8\jre\lib\applet\backup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ar-ae\backup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | C:\Program Files\Java\jdk-1.8\jre\legal\javafx\backup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Program Files\Java\jdk-1.8\jre\lib\amd64\backup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\pt-br\backup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | C:\Program Files\Common Files\microsoft shared\ink\sk-SK\backup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Program Files\Java\jdk-1.8\jre\lib\backup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\backup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\de-de\backup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | C:\Windows\apppatch\backup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\backup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | C:\Program Files\Common Files\System\msadc\it-IT\backup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\update.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Explore.exe
"C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Explore.exe"
C:\backup.exe
\backup.exe \
C:\PerfLogs\backup.exe
C:\PerfLogs\backup.exe C:\PerfLogs\
C:\Program Files\backup.exe
"C:\Program Files\backup.exe" C:\Program Files\
C:\Program Files\7-Zip\backup.exe
"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\
C:\Program Files\7-Zip\Lang\backup.exe
"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\
C:\Program Files\Common Files\backup.exe
"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\
C:\Program Files\Common Files\DESIGNER\backup.exe
"C:\Program Files\Common Files\DESIGNER\backup.exe" C:\Program Files\Common Files\DESIGNER\
C:\Program Files\Common Files\microsoft shared\backup.exe
"C:\Program Files\Common Files\microsoft shared\backup.exe" C:\Program Files\Common Files\microsoft shared\
C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe
"C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe" C:\Program Files\Common Files\microsoft shared\ClickToRun\
C:\Program Files\Common Files\microsoft shared\ink\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\
C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ar-SA\
C:\Program Files\Common Files\microsoft shared\ink\bg-BG\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\bg-BG\
C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\
C:\Program Files\Common Files\microsoft shared\ink\da-DK\data.exe
"C:\Program Files\Common Files\microsoft shared\ink\da-DK\data.exe" C:\Program Files\Common Files\microsoft shared\ink\da-DK\
C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\de-DE\
C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\el-GR\
C:\Program Files\Common Files\microsoft shared\ink\en-GB\update.exe
"C:\Program Files\Common Files\microsoft shared\ink\en-GB\update.exe" C:\Program Files\Common Files\microsoft shared\ink\en-GB\
C:\Program Files\Common Files\microsoft shared\ink\en-US\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\en-US\
C:\Program Files\Common Files\microsoft shared\ink\es-ES\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\es-ES\
C:\Program Files\Common Files\microsoft shared\ink\es-MX\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\es-MX\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\es-MX\
C:\Program Files\Common Files\microsoft shared\ink\et-EE\update.exe
"C:\Program Files\Common Files\microsoft shared\ink\et-EE\update.exe" C:\Program Files\Common Files\microsoft shared\ink\et-EE\
C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fi-FI\
C:\Program Files\Common Files\microsoft shared\ink\fr-CA\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\fr-CA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-CA\
C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fr-FR\
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\update.exe
"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\update.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\update.exe
"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\update.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\
C:\Program Files\Common Files\microsoft shared\ink\he-IL\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\he-IL\
C:\Program Files\Common Files\microsoft shared\ink\hr-HR\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\hr-HR\
C:\Program Files\Common Files\microsoft shared\ink\hu-HU\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\hu-HU\
C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\
C:\Program Files\Common Files\microsoft shared\ink\it-IT\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\it-IT\
C:\Program Files\Common Files\microsoft shared\ink\ja-JP\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ja-JP\
C:\Program Files\Common Files\microsoft shared\ink\ko-KR\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ko-KR\
C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\
C:\Program Files\Common Files\microsoft shared\ink\lt-LT\update.exe
"C:\Program Files\Common Files\microsoft shared\ink\lt-LT\update.exe" C:\Program Files\Common Files\microsoft shared\ink\lt-LT\
C:\Program Files\Common Files\microsoft shared\ink\lv-LV\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\lv-LV\
C:\Program Files\Common Files\microsoft shared\ink\nb-NO\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\nb-NO\
C:\Program Files\Common Files\microsoft shared\ink\nl-NL\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\nl-NL\
C:\Program Files\Common Files\microsoft shared\ink\pl-PL\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\pl-PL\
C:\Program Files\Common Files\microsoft shared\ink\pt-BR\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\pt-BR\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\pt-BR\
C:\Program Files\Common Files\microsoft shared\ink\pt-PT\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\pt-PT\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\pt-PT\
C:\Program Files\Common Files\microsoft shared\ink\ro-RO\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\ro-RO\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ro-RO\
C:\Program Files\Common Files\microsoft shared\ink\ru-RU\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\ru-RU\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\ru-RU\
C:\Program Files\Common Files\microsoft shared\ink\sk-SK\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\sk-SK\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\sk-SK\
C:\Program Files\Common Files\microsoft shared\ink\sl-SI\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\sl-SI\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\sl-SI\
C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\
C:\Program Files\Common Files\microsoft shared\ink\sv-SE\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\sv-SE\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\sv-SE\
C:\Program Files\Common Files\microsoft shared\ink\th-TH\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\th-TH\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\th-TH\
C:\Program Files\Common Files\microsoft shared\ink\tr-TR\update.exe
"C:\Program Files\Common Files\microsoft shared\ink\tr-TR\update.exe" C:\Program Files\Common Files\microsoft shared\ink\tr-TR\
C:\Program Files\Common Files\microsoft shared\ink\uk-UA\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\uk-UA\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\uk-UA\
C:\Program Files\Common Files\microsoft shared\ink\zh-CN\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\zh-CN\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\zh-CN\
C:\Program Files\Common Files\microsoft shared\ink\zh-TW\backup.exe
"C:\Program Files\Common Files\microsoft shared\ink\zh-TW\backup.exe" C:\Program Files\Common Files\microsoft shared\ink\zh-TW\
C:\Program Files\Common Files\microsoft shared\MSInfo\backup.exe
"C:\Program Files\Common Files\microsoft shared\MSInfo\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\
C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exe
"C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\
C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\backup.exe
"C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\
C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\backup.exe
"C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\
C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\update.exe
"C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\update.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\
C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\backup.exe
"C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\
C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe
"C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\
C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\backup.exe
"C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\backup.exe" C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\
C:\Program Files\Common Files\microsoft shared\OFFICE16\backup.exe
"C:\Program Files\Common Files\microsoft shared\OFFICE16\backup.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\
C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\backup.exe
"C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\backup.exe" C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\
C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe
"C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\
C:\Program Files\Common Files\microsoft shared\Source Engine\backup.exe
"C:\Program Files\Common Files\microsoft shared\Source Engine\backup.exe" C:\Program Files\Common Files\microsoft shared\Source Engine\
C:\Program Files\Common Files\microsoft shared\Stationery\backup.exe
"C:\Program Files\Common Files\microsoft shared\Stationery\backup.exe" C:\Program Files\Common Files\microsoft shared\Stationery\
C:\Program Files\Common Files\microsoft shared\TextConv\backup.exe
"C:\Program Files\Common Files\microsoft shared\TextConv\backup.exe" C:\Program Files\Common Files\microsoft shared\TextConv\
C:\Program Files\Common Files\microsoft shared\TextConv\en-US\backup.exe
"C:\Program Files\Common Files\microsoft shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\microsoft shared\TextConv\en-US\
C:\Program Files\Common Files\microsoft shared\Triedit\backup.exe
"C:\Program Files\Common Files\microsoft shared\Triedit\backup.exe" C:\Program Files\Common Files\microsoft shared\Triedit\
C:\Program Files\Common Files\microsoft shared\Triedit\en-US\data.exe
"C:\Program Files\Common Files\microsoft shared\Triedit\en-US\data.exe" C:\Program Files\Common Files\microsoft shared\Triedit\en-US\
C:\Program Files\Common Files\microsoft shared\VC\backup.exe
"C:\Program Files\Common Files\microsoft shared\VC\backup.exe" C:\Program Files\Common Files\microsoft shared\VC\
C:\Program Files\Common Files\microsoft shared\VGX\backup.exe
"C:\Program Files\Common Files\microsoft shared\VGX\backup.exe" C:\Program Files\Common Files\microsoft shared\VGX\
C:\Program Files\Common Files\microsoft shared\VSTO\backup.exe
"C:\Program Files\Common Files\microsoft shared\VSTO\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\backup.exe
"C:\Program Files\Common Files\microsoft shared\VSTO\10.0\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\10.0\
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\backup.exe
"C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\backup.exe" C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\
C:\Program Files\Common Files\Services\System Restore.exe
"C:\Program Files\Common Files\Services\System Restore.exe" C:\Program Files\Common Files\Services\
C:\Program Files\Common Files\System\backup.exe
"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\
C:\Program Files\Common Files\System\ado\backup.exe
"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\
C:\Program Files\Common Files\System\ado\de-DE\backup.exe
"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\
C:\Program Files\Common Files\System\ado\en-US\System Restore.exe
"C:\Program Files\Common Files\System\ado\en-US\System Restore.exe" C:\Program Files\Common Files\System\ado\en-US\
C:\Program Files\Common Files\System\ado\es-ES\backup.exe
"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe
"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\
C:\Program Files\Common Files\System\ado\it-IT\data.exe
"C:\Program Files\Common Files\System\ado\it-IT\data.exe" C:\Program Files\Common Files\System\ado\it-IT\
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe
"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\
C:\Program Files\Common Files\System\de-DE\backup.exe
"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\
C:\Program Files\Common Files\System\en-US\backup.exe
"C:\Program Files\Common Files\System\en-US\backup.exe" C:\Program Files\Common Files\System\en-US\
C:\Program Files\Common Files\System\es-ES\backup.exe
"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\
C:\Program Files\Common Files\System\fr-FR\backup.exe
"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\
C:\Program Files\Common Files\System\it-IT\backup.exe
"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\
C:\Program Files\Common Files\System\ja-JP\System Restore.exe
"C:\Program Files\Common Files\System\ja-JP\System Restore.exe" C:\Program Files\Common Files\System\ja-JP\
C:\Program Files\Common Files\System\msadc\System Restore.exe
"C:\Program Files\Common Files\System\msadc\System Restore.exe" C:\Program Files\Common Files\System\msadc\
C:\Program Files\Common Files\System\msadc\de-DE\backup.exe
"C:\Program Files\Common Files\System\msadc\de-DE\backup.exe" C:\Program Files\Common Files\System\msadc\de-DE\
C:\Program Files\Common Files\System\msadc\en-US\backup.exe
"C:\Program Files\Common Files\System\msadc\en-US\backup.exe" C:\Program Files\Common Files\System\msadc\en-US\
C:\Program Files\Common Files\System\msadc\es-ES\backup.exe
"C:\Program Files\Common Files\System\msadc\es-ES\backup.exe" C:\Program Files\Common Files\System\msadc\es-ES\
C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe
"C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe" C:\Program Files\Common Files\System\msadc\fr-FR\
C:\Program Files\Common Files\System\msadc\it-IT\backup.exe
"C:\Program Files\Common Files\System\msadc\it-IT\backup.exe" C:\Program Files\Common Files\System\msadc\it-IT\
C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe
"C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe" C:\Program Files\Common Files\System\msadc\ja-JP\
C:\Program Files\Common Files\System\Ole DB\backup.exe
"C:\Program Files\Common Files\System\Ole DB\backup.exe" C:\Program Files\Common Files\System\Ole DB\
C:\Program Files\Common Files\System\Ole DB\de-DE\backup.exe
"C:\Program Files\Common Files\System\Ole DB\de-DE\backup.exe" C:\Program Files\Common Files\System\Ole DB\de-DE\
C:\Program Files (x86)\backup.exe
"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\
C:\Program Files\Common Files\System\Ole DB\en-US\backup.exe
"C:\Program Files\Common Files\System\Ole DB\en-US\backup.exe" C:\Program Files\Common Files\System\Ole DB\en-US\
C:\Program Files\Common Files\System\Ole DB\es-ES\backup.exe
"C:\Program Files\Common Files\System\Ole DB\es-ES\backup.exe" C:\Program Files\Common Files\System\Ole DB\es-ES\
C:\Program Files (x86)\Adobe\backup.exe
"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\
C:\Program Files\Common Files\System\Ole DB\fr-FR\backup.exe
"C:\Program Files\Common Files\System\Ole DB\fr-FR\backup.exe" C:\Program Files\Common Files\System\Ole DB\fr-FR\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\
C:\Program Files\Crashpad\backup.exe
"C:\Program Files\Crashpad\backup.exe" C:\Program Files\Crashpad\
C:\Program Files\Common Files\System\Ole DB\it-IT\update.exe
"C:\Program Files\Common Files\System\Ole DB\it-IT\update.exe" C:\Program Files\Common Files\System\Ole DB\it-IT\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\
C:\Program Files\Crashpad\attachments\backup.exe
"C:\Program Files\Crashpad\attachments\backup.exe" C:\Program Files\Crashpad\attachments\
C:\Program Files\Common Files\System\Ole DB\ja-JP\backup.exe
"C:\Program Files\Common Files\System\Ole DB\ja-JP\backup.exe" C:\Program Files\Common Files\System\Ole DB\ja-JP\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\update.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\
C:\Program Files\Crashpad\reports\backup.exe
"C:\Program Files\Crashpad\reports\backup.exe" C:\Program Files\Crashpad\reports\
C:\Program Files\Common Files\System\uk-UA\backup.exe
"C:\Program Files\Common Files\System\uk-UA\backup.exe" C:\Program Files\Common Files\System\uk-UA\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\
C:\Program Files\dotnet\backup.exe
"C:\Program Files\dotnet\backup.exe" C:\Program Files\dotnet\
C:\Program Files\dotnet\host\data.exe
"C:\Program Files\dotnet\host\data.exe" C:\Program Files\dotnet\host\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\
C:\Program Files\dotnet\host\fxr\backup.exe
"C:\Program Files\dotnet\host\fxr\backup.exe" C:\Program Files\dotnet\host\fxr\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\
C:\Program Files\dotnet\host\fxr\6.0.27\backup.exe
"C:\Program Files\dotnet\host\fxr\6.0.27\backup.exe" C:\Program Files\dotnet\host\fxr\6.0.27\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\update.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\
C:\Program Files\dotnet\host\fxr\7.0.16\backup.exe
"C:\Program Files\dotnet\host\fxr\7.0.16\backup.exe" C:\Program Files\dotnet\host\fxr\7.0.16\
C:\Program Files\dotnet\host\fxr\8.0.2\backup.exe
"C:\Program Files\dotnet\host\fxr\8.0.2\backup.exe" C:\Program Files\dotnet\host\fxr\8.0.2\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\
C:\Program Files\dotnet\shared\backup.exe
"C:\Program Files\dotnet\shared\backup.exe" C:\Program Files\dotnet\shared\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\backup.exe
"C:\Program Files\dotnet\shared\Microsoft.NETCore.App\backup.exe" C:\Program Files\dotnet\shared\Microsoft.NETCore.App\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\backup.exe
"C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\backup.exe" C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\backup.exe
"C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\backup.exe" C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\backup.exe
"C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\backup.exe" C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\backup.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\backup.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\backup.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\data.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\data.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\backup.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\data.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\backup.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\backup.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\backup.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\backup.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\backup.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\backup.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prc\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prc\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prc\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\data.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\data.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\backup.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\UIThemes\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\UIThemes\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\UIThemes\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\backup.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\backup.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\backup.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\backup.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\update.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\data.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\data.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\dev\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\dev\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\dev\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\data.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\data.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\dev\cef\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\dev\cef\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\dev\cef\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\backup.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\dev\libs\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\dev\libs\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\dev\libs\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\backup.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System Restore.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System Restore.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\dev\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\dev\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\dev\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\backup.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\backup.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\dev\cef\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\dev\cef\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\dev\cef\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\backup.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\dev\libs\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\dev\libs\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\dev\libs\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\backup.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\dev\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\dev\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\dev\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\backup.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\dev\cef\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\dev\cef\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\dev\cef\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\backup.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\dev\libs\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\dev\libs\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\dev\libs\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\backup.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\backup.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\backup.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\backup.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\backup.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\backup.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\backup.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\hi_contrast\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\hi_contrast\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\hi_contrast\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\update.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\update.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\System Restore.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\System Restore.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System Restore.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System Restore.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\backup.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\backup.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\update.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\update.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\backup.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\themes\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\themes\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\themes\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\backup.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\backup.exe
"C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\backup.exe" C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\themes\dark\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\themes\dark\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\themes\dark\
C:\Program Files\dotnet\swidtag\backup.exe
"C:\Program Files\dotnet\swidtag\backup.exe" C:\Program Files\dotnet\swidtag\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\
C:\Program Files\Google\backup.exe
"C:\Program Files\Google\backup.exe" C:\Program Files\Google\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\
C:\Program Files\Google\Chrome\backup.exe
"C:\Program Files\Google\Chrome\backup.exe" C:\Program Files\Google\Chrome\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\
C:\Program Files\Google\Chrome\Application\backup.exe
"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\
C:\Program Files\Google\Chrome\Application\123.0.6312.123\backup.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\backup.exe" C:\Program Files\Google\Chrome\Application\123.0.6312.123\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ar-ae\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ar-ae\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ar-ae\
C:\Program Files\Google\Chrome\Application\123.0.6312.123\default_apps\backup.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\default_apps\backup.exe" C:\Program Files\Google\Chrome\Application\123.0.6312.123\default_apps\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ca-es\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ca-es\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ca-es\
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Extensions\backup.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Extensions\backup.exe" C:\Program Files\Google\Chrome\Application\123.0.6312.123\Extensions\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\cs-cz\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\cs-cz\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\cs-cz\
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\backup.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\backup.exe" C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\da-dk\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\da-dk\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\da-dk\
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\backup.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\backup.exe" C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\de-de\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\de-de\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\de-de\
C:\Program Files\Google\Chrome\Application\123.0.6312.123\MEIPreload\backup.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\MEIPreload\backup.exe" C:\Program Files\Google\Chrome\Application\123.0.6312.123\MEIPreload\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-ae\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-ae\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-ae\
C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\backup.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\backup.exe" C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-gb\update.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-gb\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-gb\
C:\Program Files\Google\Chrome\Application\123.0.6312.123\WidevineCdm\data.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\WidevineCdm\data.exe" C:\Program Files\Google\Chrome\Application\123.0.6312.123\WidevineCdm\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-il\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-il\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-il\
C:\Program Files\Google\Chrome\Application\123.0.6312.123\WidevineCdm\_platform_specific\backup.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\WidevineCdm\_platform_specific\backup.exe" C:\Program Files\Google\Chrome\Application\123.0.6312.123\WidevineCdm\_platform_specific\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\es-es\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\es-es\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\es-es\
C:\Program Files\Google\Chrome\Application\123.0.6312.123\WidevineCdm\_platform_specific\win_x64\backup.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\WidevineCdm\_platform_specific\win_x64\backup.exe" C:\Program Files\Google\Chrome\Application\123.0.6312.123\WidevineCdm\_platform_specific\win_x64\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\eu-es\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\eu-es\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\eu-es\
C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe
"C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fi-fi\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fi-fi\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fi-fi\
C:\Program Files\Internet Explorer\backup.exe
"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fr-fr\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fr-fr\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fr-fr\
C:\Program Files\Internet Explorer\de-DE\data.exe
"C:\Program Files\Internet Explorer\de-DE\data.exe" C:\Program Files\Internet Explorer\de-DE\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fr-ma\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fr-ma\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fr-ma\
C:\Program Files\Internet Explorer\en-US\backup.exe
"C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\he-il\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\he-il\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\he-il\
C:\Program Files\Internet Explorer\es-ES\backup.exe
"C:\Program Files\Internet Explorer\es-ES\backup.exe" C:\Program Files\Internet Explorer\es-ES\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\hr-hr\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\hr-hr\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\hr-hr\
C:\Program Files\Internet Explorer\fr-FR\backup.exe
"C:\Program Files\Internet Explorer\fr-FR\backup.exe" C:\Program Files\Internet Explorer\fr-FR\
C:\Users\backup.exe
C:\Users\backup.exe C:\Users\
C:\Program Files\Internet Explorer\images\backup.exe
"C:\Program Files\Internet Explorer\images\backup.exe" C:\Program Files\Internet Explorer\images\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\hu-hu\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\hu-hu\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\hu-hu\
C:\Users\Admin\backup.exe
C:\Users\Admin\backup.exe C:\Users\Admin\
C:\Program Files (x86)\Common Files\backup.exe
"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\it-it\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\it-it\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\it-it\
C:\Users\Admin\3D Objects\backup.exe
"C:\Users\Admin\3D Objects\backup.exe" C:\Users\Admin\3D Objects\
C:\Program Files\Internet Explorer\it-IT\System Restore.exe
"C:\Program Files\Internet Explorer\it-IT\System Restore.exe" C:\Program Files\Internet Explorer\it-IT\
C:\Program Files (x86)\Common Files\Adobe\backup.exe
"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\
C:\Program Files (x86)\Common Files\Adobe\Acrobat\data.exe
"C:\Program Files (x86)\Common Files\Adobe\Acrobat\data.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ja-jp\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ja-jp\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ja-jp\
C:\Program Files\Internet Explorer\ja-JP\backup.exe
"C:\Program Files\Internet Explorer\ja-JP\backup.exe" C:\Program Files\Internet Explorer\ja-JP\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\
C:\Users\Admin\Contacts\backup.exe
C:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ko-kr\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ko-kr\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ko-kr\
C:\Program Files (x86)\Common Files\Adobe\ARM\backup.exe
"C:\Program Files (x86)\Common Files\Adobe\ARM\backup.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\
C:\Program Files\Internet Explorer\SIGNUP\backup.exe
"C:\Program Files\Internet Explorer\SIGNUP\backup.exe" C:\Program Files\Internet Explorer\SIGNUP\
C:\Users\Admin\Desktop\backup.exe
C:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\backup.exe
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\nb-no\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\nb-no\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\nb-no\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\
C:\Program Files\Internet Explorer\uk-UA\backup.exe
"C:\Program Files\Internet Explorer\uk-UA\backup.exe" C:\Program Files\Internet Explorer\uk-UA\
C:\Users\Admin\Documents\backup.exe
C:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\nl-nl\System Restore.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\nl-nl\System Restore.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\nl-nl\
C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe
"C:\Program Files (x86)\Common Files\Adobe\HelpCfg\backup.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\System Restore.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\System Restore.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\
C:\Program Files\Java\backup.exe
"C:\Program Files\Java\backup.exe" C:\Program Files\Java\
C:\Users\Admin\Documents\OneNote Notebooks\backup.exe
"C:\Users\Admin\Documents\OneNote Notebooks\backup.exe" C:\Users\Admin\Documents\OneNote Notebooks\
C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\backup.exe
"C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\pl-pl\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\pl-pl\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\pl-pl\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\
C:\Users\Admin\Documents\OneNote Notebooks\My Notebook\backup.exe
"C:\Users\Admin\Documents\OneNote Notebooks\My Notebook\backup.exe" C:\Users\Admin\Documents\OneNote Notebooks\My Notebook\
C:\Program Files\Java\jdk-1.8\backup.exe
"C:\Program Files\Java\jdk-1.8\backup.exe" C:\Program Files\Java\jdk-1.8\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\
C:\Program Files (x86)\Common Files\Adobe\Reader\backup.exe
"C:\Program Files (x86)\Common Files\Adobe\Reader\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\pt-br\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\pt-br\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\pt-br\
C:\Users\Admin\Downloads\backup.exe
C:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\
C:\Program Files\Java\jdk-1.8\bin\backup.exe
"C:\Program Files\Java\jdk-1.8\bin\backup.exe" C:\Program Files\Java\jdk-1.8\bin\
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\backup.exe
"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\
C:\Users\Admin\Favorites\backup.exe
C:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\root\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\root\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\root\
C:\Users\Admin\Links\backup.exe
C:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ro-ro\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ro-ro\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ro-ro\
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\backup.exe
"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\
C:\Program Files\Java\jdk-1.8\include\backup.exe
"C:\Program Files\Java\jdk-1.8\include\backup.exe" C:\Program Files\Java\jdk-1.8\include\
C:\Users\Admin\Music\update.exe
C:\Users\Admin\Music\update.exe C:\Users\Admin\Music\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ru-ru\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ru-ru\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ru-ru\
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\backup.exe
"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\
C:\Program Files\Java\jdk-1.8\include\win32\backup.exe
"C:\Program Files\Java\jdk-1.8\include\win32\backup.exe" C:\Program Files\Java\jdk-1.8\include\win32\
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Users\Admin\OneDrive\System Restore.exe
"C:\Users\Admin\OneDrive\System Restore.exe" C:\Users\Admin\OneDrive\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sk-sk\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sk-sk\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sk-sk\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\System Restore.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\System Restore.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\backup.exe
"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\
C:\Program Files\Java\jdk-1.8\include\win32\bridge\backup.exe
"C:\Program Files\Java\jdk-1.8\include\win32\bridge\backup.exe" C:\Program Files\Java\jdk-1.8\include\win32\bridge\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sl-si\data.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sl-si\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sl-si\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\backup.exe
"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\
C:\Program Files\Java\jdk-1.8\jre\backup.exe
"C:\Program Files\Java\jdk-1.8\jre\backup.exe" C:\Program Files\Java\jdk-1.8\jre\
C:\Users\Admin\Pictures\backup.exe
C:\Users\Admin\Pictures\backup.exe C:\Users\Admin\Pictures\
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\backup.exe
"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\
C:\Users\Admin\Pictures\Camera Roll\data.exe
"C:\Users\Admin\Pictures\Camera Roll\data.exe" C:\Users\Admin\Pictures\Camera Roll\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sl-sl\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sl-sl\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sl-sl\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\
C:\Program Files\Java\jdk-1.8\jre\bin\backup.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\backup.exe" C:\Program Files\Java\jdk-1.8\jre\bin\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\
C:\Users\Admin\Pictures\Saved Pictures\data.exe
"C:\Users\Admin\Pictures\Saved Pictures\data.exe" C:\Users\Admin\Pictures\Saved Pictures\
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\backup.exe
"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sv-se\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sv-se\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sv-se\
C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\backup.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\backup.exe" C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\backup.exe
"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\
C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\System Restore.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\System Restore.exe" C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\tr-tr\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\tr-tr\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\tr-tr\
C:\Users\Admin\Saved Games\backup.exe
"C:\Users\Admin\Saved Games\backup.exe" C:\Users\Admin\Saved Games\
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\backup.exe
"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\
C:\Program Files\Java\jdk-1.8\jre\bin\server\backup.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\server\backup.exe" C:\Program Files\Java\jdk-1.8\jre\bin\server\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\uk-ua\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\uk-ua\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\uk-ua\
C:\Users\Admin\Searches\System Restore.exe
"C:\Users\Admin\Searches\System Restore.exe" C:\Users\Admin\Searches\
C:\Program Files\Java\jdk-1.8\jre\legal\backup.exe
"C:\Program Files\Java\jdk-1.8\jre\legal\backup.exe" C:\Program Files\Java\jdk-1.8\jre\legal\
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_GB\backup.exe
"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_GB\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_GB\
C:\Users\Admin\Videos\backup.exe
C:\Users\Admin\Videos\backup.exe C:\Users\Admin\Videos\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\zh-cn\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\zh-cn\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\zh-cn\
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_US\backup.exe
"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_US\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\zh-tw\data.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\zh-tw\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\zh-tw\
C:\Program Files\Java\jdk-1.8\jre\legal\javafx\backup.exe
"C:\Program Files\Java\jdk-1.8\jre\legal\javafx\backup.exe" C:\Program Files\Java\jdk-1.8\jre\legal\javafx\
C:\Users\Public\backup.exe
C:\Users\Public\backup.exe C:\Users\Public\
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\backup.exe
"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\
C:\Program Files\Java\jdk-1.8\jre\legal\jdk\backup.exe
"C:\Program Files\Java\jdk-1.8\jre\legal\jdk\backup.exe" C:\Program Files\Java\jdk-1.8\jre\legal\jdk\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app-api\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app-api\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app-api\
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_CA\backup.exe
"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_CA\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_CA\
C:\Users\Public\Documents\backup.exe
C:\Users\Public\Documents\backup.exe C:\Users\Public\Documents\
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\update.exe
"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\update.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\
C:\Users\Public\Downloads\data.exe
C:\Users\Public\Downloads\data.exe C:\Users\Public\Downloads\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app-api\dev\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app-api\dev\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app-api\dev\
C:\Program Files\Java\jdk-1.8\jre\lib\backup.exe
"C:\Program Files\Java\jdk-1.8\jre\lib\backup.exe" C:\Program Files\Java\jdk-1.8\jre\lib\
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_US\backup.exe
"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_US\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\
C:\Users\Public\Music\backup.exe
C:\Users\Public\Music\backup.exe C:\Users\Public\Music\
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\backup.exe
"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\
C:\Program Files\Java\jdk-1.8\jre\lib\amd64\backup.exe
"C:\Program Files\Java\jdk-1.8\jre\lib\amd64\backup.exe" C:\Program Files\Java\jdk-1.8\jre\lib\amd64\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\
C:\Program Files\Java\jdk-1.8\jre\lib\applet\backup.exe
"C:\Program Files\Java\jdk-1.8\jre\lib\applet\backup.exe" C:\Program Files\Java\jdk-1.8\jre\lib\applet\
C:\Users\Public\Pictures\backup.exe
C:\Users\Public\Pictures\backup.exe C:\Users\Public\Pictures\
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_CA\backup.exe
"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_CA\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_CA\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\
C:\Users\Public\Videos\update.exe
C:\Users\Public\Videos\update.exe C:\Users\Public\Videos\
C:\Program Files\Java\jdk-1.8\jre\lib\cmm\backup.exe
"C:\Program Files\Java\jdk-1.8\jre\lib\cmm\backup.exe" C:\Program Files\Java\jdk-1.8\jre\lib\cmm\
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_GB\backup.exe
"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_GB\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_GB\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ar-ae\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ar-ae\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ar-ae\
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_US\backup.exe
"C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_US\
C:\Program Files\Java\jdk-1.8\jre\lib\deploy\backup.exe
"C:\Program Files\Java\jdk-1.8\jre\lib\deploy\backup.exe" C:\Program Files\Java\jdk-1.8\jre\lib\deploy\
C:\Windows\backup.exe
C:\Windows\backup.exe C:\Windows\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ca-es\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ca-es\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ca-es\
C:\Windows\addins\backup.exe
C:\Windows\addins\backup.exe C:\Windows\addins\
C:\Program Files\Java\jdk-1.8\jre\lib\ext\backup.exe
"C:\Program Files\Java\jdk-1.8\jre\lib\ext\backup.exe" C:\Program Files\Java\jdk-1.8\jre\lib\ext\
C:\Program Files (x86)\Common Files\Java\backup.exe
"C:\Program Files (x86)\Common Files\Java\backup.exe" C:\Program Files (x86)\Common Files\Java\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\cs-cz\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\cs-cz\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\cs-cz\
C:\Windows\appcompat\backup.exe
C:\Windows\appcompat\backup.exe C:\Windows\appcompat\
C:\Program Files\Java\jdk-1.8\jre\lib\fonts\backup.exe
"C:\Program Files\Java\jdk-1.8\jre\lib\fonts\backup.exe" C:\Program Files\Java\jdk-1.8\jre\lib\fonts\
C:\Program Files (x86)\Common Files\Java\Java Update\backup.exe
"C:\Program Files (x86)\Common Files\Java\Java Update\backup.exe" C:\Program Files (x86)\Common Files\Java\Java Update\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\da-dk\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\da-dk\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\da-dk\
C:\Windows\appcompat\appraiser\backup.exe
C:\Windows\appcompat\appraiser\backup.exe C:\Windows\appcompat\appraiser\
C:\Program Files\Java\jdk-1.8\jre\lib\images\backup.exe
"C:\Program Files\Java\jdk-1.8\jre\lib\images\backup.exe" C:\Program Files\Java\jdk-1.8\jre\lib\images\
C:\Program Files (x86)\Common Files\Microsoft Shared\backup.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\
C:\Windows\appcompat\appraiser\Telemetry\backup.exe
C:\Windows\appcompat\appraiser\Telemetry\backup.exe C:\Windows\appcompat\appraiser\Telemetry\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\de-de\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\de-de\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\de-de\
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\backup.exe
"C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\backup.exe" C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\
C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\backup.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\
C:\Windows\appcompat\encapsulation\backup.exe
C:\Windows\appcompat\encapsulation\backup.exe C:\Windows\appcompat\encapsulation\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\en-ae\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\en-ae\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\en-ae\
C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
C:\Program Files\Java\jdk-1.8\jre\lib\jfr\backup.exe
"C:\Program Files\Java\jdk-1.8\jre\lib\jfr\backup.exe" C:\Program Files\Java\jdk-1.8\jre\lib\jfr\
C:\Windows\appcompat\Programs\backup.exe
C:\Windows\appcompat\Programs\backup.exe C:\Windows\appcompat\Programs\
C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\backup.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\en-gb\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\en-gb\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\en-gb\
C:\Program Files\Java\jdk-1.8\jre\lib\management\backup.exe
"C:\Program Files\Java\jdk-1.8\jre\lib\management\backup.exe" C:\Program Files\Java\jdk-1.8\jre\lib\management\
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\backup.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\
C:\Windows\apppatch\backup.exe
C:\Windows\apppatch\backup.exe C:\Windows\apppatch\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\en-il\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\en-il\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\en-il\
C:\Windows\apppatch\AppPatch64\backup.exe
C:\Windows\apppatch\AppPatch64\backup.exe C:\Windows\apppatch\AppPatch64\
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\backup.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\es-es\update.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\es-es\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\es-es\
C:\Program Files\Java\jdk-1.8\jre\lib\security\update.exe
"C:\Program Files\Java\jdk-1.8\jre\lib\security\update.exe" C:\Program Files\Java\jdk-1.8\jre\lib\security\
C:\Windows\apppatch\Custom\backup.exe
C:\Windows\apppatch\Custom\backup.exe C:\Windows\apppatch\Custom\
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\backup.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\eu-es\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\eu-es\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\eu-es\
C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\backup.exe
"C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\backup.exe" C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\
C:\Windows\apppatch\Custom\Custom64\backup.exe
C:\Windows\apppatch\Custom\Custom64\backup.exe C:\Windows\apppatch\Custom\Custom64\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fi-fi\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fi-fi\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fi-fi\
C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\backup.exe
"C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\backup.exe" C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\backup.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\
C:\Windows\apppatch\CustomSDB\backup.exe
C:\Windows\apppatch\CustomSDB\backup.exe C:\Windows\apppatch\CustomSDB\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fr-fr\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fr-fr\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fr-fr\
C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\update.exe
"C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\update.exe" C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\backup.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\
C:\Windows\apppatch\de-DE\backup.exe
C:\Windows\apppatch\de-DE\backup.exe C:\Windows\apppatch\de-DE\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fr-ma\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fr-ma\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fr-ma\
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\HWRCustomization\
C:\Program Files\Java\jdk-1.8\legal\backup.exe
"C:\Program Files\Java\jdk-1.8\legal\backup.exe" C:\Program Files\Java\jdk-1.8\legal\
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\backup.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\he-il\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\he-il\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\he-il\
C:\Windows\apppatch\en-US\backup.exe
C:\Windows\apppatch\en-US\backup.exe C:\Windows\apppatch\en-US\
C:\Program Files\Java\jdk-1.8\legal\javafx\backup.exe
"C:\Program Files\Java\jdk-1.8\legal\javafx\backup.exe" C:\Program Files\Java\jdk-1.8\legal\javafx\
C:\Windows\apppatch\es-ES\backup.exe
C:\Windows\apppatch\es-ES\backup.exe C:\Windows\apppatch\es-ES\
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\update.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\update.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\
C:\Program Files\Java\jdk-1.8\legal\jdk\backup.exe
"C:\Program Files\Java\jdk-1.8\legal\jdk\backup.exe" C:\Program Files\Java\jdk-1.8\legal\jdk\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\hr-hr\System Restore.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\hr-hr\System Restore.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\hr-hr\
C:\Windows\apppatch\fr-FR\backup.exe
C:\Windows\apppatch\fr-FR\backup.exe C:\Windows\apppatch\fr-FR\
C:\Windows\apppatch\it-IT\backup.exe
C:\Windows\apppatch\it-IT\backup.exe C:\Windows\apppatch\it-IT\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\hu-hu\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\hu-hu\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\hu-hu\
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\uk-UA\backup.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\ink\uk-UA\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\ink\uk-UA\
C:\Program Files\Java\jdk-1.8\lib\backup.exe
"C:\Program Files\Java\jdk-1.8\lib\backup.exe" C:\Program Files\Java\jdk-1.8\lib\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\it-it\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\it-it\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\it-it\
C:\Windows\apppatch\ja-JP\update.exe
C:\Windows\apppatch\ja-JP\update.exe C:\Windows\apppatch\ja-JP\
C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\backup.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\
C:\Program Files\Java\jre-1.8\backup.exe
"C:\Program Files\Java\jre-1.8\backup.exe" C:\Program Files\Java\jre-1.8\
C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\backup.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ja-jp\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ja-jp\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ja-jp\
C:\Windows\AppReadiness\backup.exe
C:\Windows\AppReadiness\backup.exe C:\Windows\AppReadiness\
C:\Program Files\Java\jre-1.8\bin\backup.exe
"C:\Program Files\Java\jre-1.8\bin\backup.exe" C:\Program Files\Java\jre-1.8\bin\
C:\Program Files\Java\jre-1.8\bin\dtplugin\backup.exe
"C:\Program Files\Java\jre-1.8\bin\dtplugin\backup.exe" C:\Program Files\Java\jre-1.8\bin\dtplugin\
C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\backup.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\
C:\Windows\assembly\backup.exe
C:\Windows\assembly\backup.exe C:\Windows\assembly\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ko-kr\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ko-kr\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ko-kr\
C:\Program Files\Java\jre-1.8\bin\plugin2\backup.exe
"C:\Program Files\Java\jre-1.8\bin\plugin2\backup.exe" C:\Program Files\Java\jre-1.8\bin\plugin2\
C:\Windows\assembly\GAC\backup.exe
C:\Windows\assembly\GAC\backup.exe C:\Windows\assembly\GAC\
C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\en-US\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\nb-no\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\nb-no\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\nb-no\
C:\Windows\assembly\GAC\ADODB\backup.exe
C:\Windows\assembly\GAC\ADODB\backup.exe C:\Windows\assembly\GAC\ADODB\
C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\backup.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\
C:\Program Files\Java\jre-1.8\bin\server\backup.exe
"C:\Program Files\Java\jre-1.8\bin\server\backup.exe" C:\Program Files\Java\jre-1.8\bin\server\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\nl-nl\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\nl-nl\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\nl-nl\
C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\backup.exe
C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\pl-pl\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\pl-pl\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\pl-pl\
C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\backup.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\
C:\Program Files\Java\jre-1.8\legal\backup.exe
"C:\Program Files\Java\jre-1.8\legal\backup.exe" C:\Program Files\Java\jre-1.8\legal\
C:\Windows\assembly\GAC\Extensibility\update.exe
C:\Windows\assembly\GAC\Extensibility\update.exe C:\Windows\assembly\GAC\Extensibility\
C:\Program Files\Java\jre-1.8\legal\javafx\backup.exe
"C:\Program Files\Java\jre-1.8\legal\javafx\backup.exe" C:\Program Files\Java\jre-1.8\legal\javafx\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\pt-br\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\pt-br\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\pt-br\
C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\en-US\backup.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\en-US\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\en-US\
C:\Program Files\Java\jre-1.8\legal\jdk\backup.exe
"C:\Program Files\Java\jre-1.8\legal\jdk\backup.exe" C:\Program Files\Java\jre-1.8\legal\jdk\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\root\System Restore.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\root\System Restore.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\root\
C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\backup.exe
C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\
C:\Program Files (x86)\Common Files\Microsoft Shared\Triedit\data.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\Triedit\data.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\Triedit\
C:\Program Files\Java\jre-1.8\lib\backup.exe
"C:\Program Files\Java\jre-1.8\lib\backup.exe" C:\Program Files\Java\jre-1.8\lib\
C:\Program Files (x86)\Common Files\Microsoft Shared\Triedit\en-US\backup.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\Triedit\en-US\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\Triedit\en-US\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ro-ro\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ro-ro\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ro-ro\
C:\Windows\assembly\GAC\Microsoft.mshtml\backup.exe
C:\Windows\assembly\GAC\Microsoft.mshtml\backup.exe C:\Windows\assembly\GAC\Microsoft.mshtml\
C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\backup.exe
C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\
C:\Program Files\Java\jre-1.8\lib\amd64\backup.exe
"C:\Program Files\Java\jre-1.8\lib\amd64\backup.exe" C:\Program Files\Java\jre-1.8\lib\amd64\
C:\Program Files (x86)\Common Files\Microsoft Shared\VC\backup.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\VC\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\VC\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ru-ru\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ru-ru\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ru-ru\
C:\Windows\assembly\GAC\Microsoft.StdFormat\backup.exe
C:\Windows\assembly\GAC\Microsoft.StdFormat\backup.exe C:\Windows\assembly\GAC\Microsoft.StdFormat\
C:\Program Files\Java\jre-1.8\lib\applet\backup.exe
"C:\Program Files\Java\jre-1.8\lib\applet\backup.exe" C:\Program Files\Java\jre-1.8\lib\applet\
C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\update.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\update.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sk-sk\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sk-sk\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sk-sk\
C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\update.exe
C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\update.exe C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sl-si\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sl-si\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sl-si\
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\System Restore.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\System Restore.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\
C:\Windows\assembly\GAC\mscomctl\backup.exe
C:\Windows\assembly\GAC\mscomctl\backup.exe C:\Windows\assembly\GAC\mscomctl\
C:\Program Files\Java\jre-1.8\lib\cmm\System Restore.exe
"C:\Program Files\Java\jre-1.8\lib\cmm\System Restore.exe" C:\Program Files\Java\jre-1.8\lib\cmm\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sl-sl\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sl-sl\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sl-sl\
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\backup.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\
C:\Windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\System Restore.exe
"C:\Windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\System Restore.exe" C:\Windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\
C:\Program Files\Java\jre-1.8\lib\deploy\backup.exe
"C:\Program Files\Java\jre-1.8\lib\deploy\backup.exe" C:\Program Files\Java\jre-1.8\lib\deploy\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sv-se\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sv-se\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sv-se\
C:\Program Files\Java\jre-1.8\lib\ext\backup.exe
"C:\Program Files\Java\jre-1.8\lib\ext\backup.exe" C:\Program Files\Java\jre-1.8\lib\ext\
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\backup.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\tr-tr\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\tr-tr\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\tr-tr\
C:\Windows\assembly\GAC\MSDATASRC\backup.exe
C:\Windows\assembly\GAC\MSDATASRC\backup.exe C:\Windows\assembly\GAC\MSDATASRC\
C:\Program Files\Java\jre-1.8\lib\fonts\backup.exe
"C:\Program Files\Java\jre-1.8\lib\fonts\backup.exe" C:\Program Files\Java\jre-1.8\lib\fonts\
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\data.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\data.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\
C:\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\data.exe
C:\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\data.exe C:\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\
C:\Program Files (x86)\Google\backup.exe
"C:\Program Files (x86)\Google\backup.exe" C:\Program Files (x86)\Google\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\uk-ua\data.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\uk-ua\data.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\uk-ua\
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\backup.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\
C:\Program Files\Java\jre-1.8\lib\images\backup.exe
"C:\Program Files\Java\jre-1.8\lib\images\backup.exe" C:\Program Files\Java\jre-1.8\lib\images\
C:\Windows\assembly\GAC\stdole\backup.exe
C:\Windows\assembly\GAC\stdole\backup.exe C:\Windows\assembly\GAC\stdole\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\zh-cn\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\zh-cn\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\zh-cn\
C:\Program Files (x86)\Google\Temp\backup.exe
"C:\Program Files (x86)\Google\Temp\backup.exe" C:\Program Files (x86)\Google\Temp\
C:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\backup.exe
C:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\backup.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\
C:\Program Files\Java\jre-1.8\lib\images\cursors\backup.exe
"C:\Program Files\Java\jre-1.8\lib\images\cursors\backup.exe" C:\Program Files\Java\jre-1.8\lib\images\cursors\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\zh-tw\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\zh-tw\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\zh-tw\
C:\Program Files (x86)\Google\Update\backup.exe
"C:\Program Files (x86)\Google\Update\backup.exe" C:\Program Files (x86)\Google\Update\
C:\Program Files\Java\jre-1.8\lib\jfr\backup.exe
"C:\Program Files\Java\jre-1.8\lib\jfr\backup.exe" C:\Program Files\Java\jre-1.8\lib\jfr\
C:\Program Files (x86)\Google\Update\1.3.36.371\backup.exe
"C:\Program Files (x86)\Google\Update\1.3.36.371\backup.exe" C:\Program Files (x86)\Google\Update\1.3.36.371\
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\backup.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\
C:\Windows\assembly\GAC_32\backup.exe
C:\Windows\assembly\GAC_32\backup.exe C:\Windows\assembly\GAC_32\
C:\Program Files\Java\jre-1.8\lib\management\backup.exe
"C:\Program Files\Java\jre-1.8\lib\management\backup.exe" C:\Program Files\Java\jre-1.8\lib\management\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\backup.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\
C:\Program Files (x86)\Google\Update\Download\backup.exe
"C:\Program Files (x86)\Google\Update\Download\backup.exe" C:\Program Files (x86)\Google\Update\Download\
C:\Windows\assembly\GAC_32\CustomMarshalers\backup.exe
C:\Windows\assembly\GAC_32\CustomMarshalers\backup.exe C:\Windows\assembly\GAC_32\CustomMarshalers\
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\backup.exe
"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\backup.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\
C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\backup.exe
C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\
C:\Program Files\Java\jre-1.8\lib\security\backup.exe
"C:\Program Files\Java\jre-1.8\lib\security\backup.exe" C:\Program Files\Java\jre-1.8\lib\security\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\backup.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\
C:\Program Files\Microsoft Office\backup.exe
"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\123.0.6312.123\backup.exe
"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\123.0.6312.123\backup.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\123.0.6312.123\
C:\Program Files\Java\jre-1.8\lib\security\policy\backup.exe
"C:\Program Files\Java\jre-1.8\lib\security\policy\backup.exe" C:\Program Files\Java\jre-1.8\lib\security\policy\
C:\Windows\assembly\GAC_32\ISymWrapper\backup.exe
C:\Windows\assembly\GAC_32\ISymWrapper\backup.exe C:\Windows\assembly\GAC_32\ISymWrapper\
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\backup.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\backup.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\
C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\System Restore.exe
"C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\System Restore.exe" C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\1033\System Restore.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\1033\System Restore.exe" C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\1033\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ar-ae\System Restore.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ar-ae\System Restore.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ar-ae\
C:\Program Files\Microsoft Office\Office16\System Restore.exe
"C:\Program Files\Microsoft Office\Office16\System Restore.exe" C:\Program Files\Microsoft Office\Office16\
C:\Program Files\Java\jre-1.8\lib\security\policy\limited\backup.exe
"C:\Program Files\Java\jre-1.8\lib\security\policy\limited\backup.exe" C:\Program Files\Java\jre-1.8\lib\security\policy\limited\
C:\Program Files (x86)\Google\Update\Install\backup.exe
"C:\Program Files (x86)\Google\Update\Install\backup.exe" C:\Program Files (x86)\Google\Update\Install\
C:\Program Files (x86)\Common Files\Oracle\backup.exe
"C:\Program Files (x86)\Common Files\Oracle\backup.exe" C:\Program Files (x86)\Common Files\Oracle\
C:\Windows\assembly\GAC_32\Microsoft.Ink\backup.exe
C:\Windows\assembly\GAC_32\Microsoft.Ink\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Ink\
C:\Program Files\Microsoft Office\PackageManifests\update.exe
"C:\Program Files\Microsoft Office\PackageManifests\update.exe" C:\Program Files\Microsoft Office\PackageManifests\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ca-es\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ca-es\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ca-es\
C:\Program Files (x86)\Common Files\Oracle\Java\backup.exe
"C:\Program Files (x86)\Common Files\Oracle\Java\backup.exe" C:\Program Files (x86)\Common Files\Oracle\Java\
C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\backup.exe
"C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\backup.exe" C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\
C:\Program Files (x86)\Google\Update\Install\{AFD1DC19-D740-4861-ADFA-3BC6A9F6A223}\backup.exe
"C:\Program Files (x86)\Google\Update\Install\{AFD1DC19-D740-4861-ADFA-3BC6A9F6A223}\backup.exe" C:\Program Files (x86)\Google\Update\Install\{AFD1DC19-D740-4861-ADFA-3BC6A9F6A223}\
C:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\backup.exe
C:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\
C:\Program Files\Microsoft Office\root\update.exe
"C:\Program Files\Microsoft Office\root\update.exe" C:\Program Files\Microsoft Office\root\
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\backup.exe
"C:\Program Files (x86)\Common Files\Oracle\Java\javapath\backup.exe" C:\Program Files (x86)\Common Files\Oracle\Java\javapath\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\cs-cz\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\cs-cz\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\cs-cz\
C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\backup.exe
C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\
C:\Program Files (x86)\Google\Update\Offline\backup.exe
"C:\Program Files (x86)\Google\Update\Offline\backup.exe" C:\Program Files (x86)\Google\Update\Offline\
C:\Program Files\Microsoft Office\root\Client\backup.exe
"C:\Program Files\Microsoft Office\root\Client\backup.exe" C:\Program Files\Microsoft Office\root\Client\
C:\Program Files (x86)\Common Files\Services\backup.exe
"C:\Program Files (x86)\Common Files\Services\backup.exe" C:\Program Files (x86)\Common Files\Services\
C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\backup.exe
C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\da-dk\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\da-dk\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\da-dk\
C:\Program Files (x86)\Internet Explorer\backup.exe
"C:\Program Files (x86)\Internet Explorer\backup.exe" C:\Program Files (x86)\Internet Explorer\
C:\Program Files\Microsoft Office\root\Document Themes 16\backup.exe
"C:\Program Files\Microsoft Office\root\Document Themes 16\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\
C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe
"C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe" C:\Program Files (x86)\Internet Explorer\de-DE\
C:\Program Files (x86)\Common Files\System\backup.exe
"C:\Program Files (x86)\Common Files\System\backup.exe" C:\Program Files (x86)\Common Files\System\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\de-de\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\de-de\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\de-de\
C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\backup.exe
C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\backup.exe
"C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\
C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\backup.exe
C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\
C:\Program Files (x86)\Internet Explorer\en-US\backup.exe
"C:\Program Files (x86)\Internet Explorer\en-US\backup.exe" C:\Program Files (x86)\Internet Explorer\en-US\
C:\Program Files (x86)\Common Files\System\ado\backup.exe
"C:\Program Files (x86)\Common Files\System\ado\backup.exe" C:\Program Files (x86)\Common Files\System\ado\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-ae\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-ae\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-ae\
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\backup.exe
"C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\
C:\Program Files (x86)\Common Files\System\ado\de-DE\backup.exe
"C:\Program Files (x86)\Common Files\System\ado\de-DE\backup.exe" C:\Program Files (x86)\Common Files\System\ado\de-DE\
C:\Windows\assembly\GAC_32\MSBuild\System Restore.exe
"C:\Windows\assembly\GAC_32\MSBuild\System Restore.exe" C:\Windows\assembly\GAC_32\MSBuild\
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\backup.exe
"C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\backup.exe" C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\
C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe
"C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe" C:\Program Files (x86)\Internet Explorer\es-ES\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-gb\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-gb\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-gb\
C:\Program Files (x86)\Common Files\System\ado\en-US\backup.exe
"C:\Program Files (x86)\Common Files\System\ado\en-US\backup.exe" C:\Program Files (x86)\Common Files\System\ado\en-US\
C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\backup.exe
C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\
C:\Program Files\Microsoft Office\root\fre\backup.exe
"C:\Program Files\Microsoft Office\root\fre\backup.exe" C:\Program Files\Microsoft Office\root\fre\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-il\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-il\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-il\
C:\Program Files (x86)\Internet Explorer\fr-FR\backup.exe
"C:\Program Files (x86)\Internet Explorer\fr-FR\backup.exe" C:\Program Files (x86)\Internet Explorer\fr-FR\
C:\Program Files (x86)\Common Files\System\ado\es-ES\backup.exe
"C:\Program Files (x86)\Common Files\System\ado\es-ES\backup.exe" C:\Program Files (x86)\Common Files\System\ado\es-ES\
C:\Program Files (x86)\Internet Explorer\images\backup.exe
"C:\Program Files (x86)\Internet Explorer\images\backup.exe" C:\Program Files (x86)\Internet Explorer\images\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\es-es\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\es-es\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\es-es\
C:\Windows\assembly\GAC_32\mscorlib\backup.exe
C:\Windows\assembly\GAC_32\mscorlib\backup.exe C:\Windows\assembly\GAC_32\mscorlib\
C:\Program Files\Microsoft Office\root\Integration\update.exe
"C:\Program Files\Microsoft Office\root\Integration\update.exe" C:\Program Files\Microsoft Office\root\Integration\
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\data.exe
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\data.exe C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\
C:\Program Files (x86)\Common Files\System\ado\fr-FR\backup.exe
"C:\Program Files (x86)\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\System\ado\fr-FR\
C:\Program Files\Microsoft Office\root\Integration\Addons\backup.exe
"C:\Program Files\Microsoft Office\root\Integration\Addons\backup.exe" C:\Program Files\Microsoft Office\root\Integration\Addons\
C:\Program Files (x86)\Internet Explorer\it-IT\backup.exe
"C:\Program Files (x86)\Internet Explorer\it-IT\backup.exe" C:\Program Files (x86)\Internet Explorer\it-IT\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\eu-es\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\eu-es\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\eu-es\
C:\Windows\assembly\GAC_32\PresentationCore\data.exe
C:\Windows\assembly\GAC_32\PresentationCore\data.exe C:\Windows\assembly\GAC_32\PresentationCore\
C:\Program Files (x86)\Common Files\System\ado\it-IT\update.exe
"C:\Program Files (x86)\Common Files\System\ado\it-IT\update.exe" C:\Program Files (x86)\Common Files\System\ado\it-IT\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\fi-fi\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\fi-fi\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\fi-fi\
C:\Program Files (x86)\Internet Explorer\ja-JP\System Restore.exe
"C:\Program Files (x86)\Internet Explorer\ja-JP\System Restore.exe" C:\Program Files (x86)\Internet Explorer\ja-JP\
C:\Program Files\Microsoft Office\root\Licenses\backup.exe
"C:\Program Files\Microsoft Office\root\Licenses\backup.exe" C:\Program Files\Microsoft Office\root\Licenses\
C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\backup.exe
C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\
C:\Program Files (x86)\Common Files\System\ado\ja-JP\backup.exe
"C:\Program Files (x86)\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\System\ado\ja-JP\
C:\Program Files (x86)\Internet Explorer\SIGNUP\backup.exe
"C:\Program Files (x86)\Internet Explorer\SIGNUP\backup.exe" C:\Program Files (x86)\Internet Explorer\SIGNUP\
C:\Windows\assembly\GAC_32\srmlib\backup.exe
C:\Windows\assembly\GAC_32\srmlib\backup.exe C:\Windows\assembly\GAC_32\srmlib\
C:\Program Files\Microsoft Office\root\Licenses16\backup.exe
"C:\Program Files\Microsoft Office\root\Licenses16\backup.exe" C:\Program Files\Microsoft Office\root\Licenses16\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\fr-fr\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\fr-fr\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\fr-fr\
C:\Program Files (x86)\Common Files\System\de-DE\backup.exe
"C:\Program Files (x86)\Common Files\System\de-DE\backup.exe" C:\Program Files (x86)\Common Files\System\de-DE\
C:\Windows\assembly\GAC_32\srmlib\1.0.0.0__31bf3856ad364e35\backup.exe
C:\Windows\assembly\GAC_32\srmlib\1.0.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\srmlib\1.0.0.0__31bf3856ad364e35\
C:\Program Files (x86)\Common Files\System\en-US\backup.exe
"C:\Program Files (x86)\Common Files\System\en-US\backup.exe" C:\Program Files (x86)\Common Files\System\en-US\
C:\Program Files (x86)\Internet Explorer\uk-UA\backup.exe
"C:\Program Files (x86)\Internet Explorer\uk-UA\backup.exe" C:\Program Files (x86)\Internet Explorer\uk-UA\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\fr-ma\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\fr-ma\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\fr-ma\
C:\Program Files\Microsoft Office\root\loc\backup.exe
"C:\Program Files\Microsoft Office\root\loc\backup.exe" C:\Program Files\Microsoft Office\root\loc\
C:\Program Files (x86)\Microsoft\backup.exe
"C:\Program Files (x86)\Microsoft\backup.exe" C:\Program Files (x86)\Microsoft\
C:\Windows\assembly\GAC_32\System.Data\data.exe
C:\Windows\assembly\GAC_32\System.Data\data.exe C:\Windows\assembly\GAC_32\System.Data\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\he-il\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\he-il\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\he-il\
C:\Program Files (x86)\Common Files\System\es-ES\backup.exe
"C:\Program Files (x86)\Common Files\System\es-ES\backup.exe" C:\Program Files (x86)\Common Files\System\es-ES\
C:\Program Files\Microsoft Office\root\Office15\backup.exe
"C:\Program Files\Microsoft Office\root\Office15\backup.exe" C:\Program Files\Microsoft Office\root\Office15\
C:\Program Files (x86)\Microsoft\Edge\backup.exe
"C:\Program Files (x86)\Microsoft\Edge\backup.exe" C:\Program Files (x86)\Microsoft\Edge\
C:\Program Files (x86)\Common Files\System\fr-FR\backup.exe
"C:\Program Files (x86)\Common Files\System\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\System\fr-FR\
C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\backup.exe
C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\backup.exe C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\
C:\Program Files\Microsoft Office\root\Office16\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\backup.exe" C:\Program Files\Microsoft Office\root\Office16\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\hr-hr\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\hr-hr\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\hr-hr\
C:\Program Files (x86)\Microsoft\Edge\Application\backup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\
C:\Program Files (x86)\Common Files\System\it-IT\backup.exe
"C:\Program Files (x86)\Common Files\System\it-IT\backup.exe" C:\Program Files (x86)\Common Files\System\it-IT\
C:\Windows\assembly\GAC_32\System.Data.OracleClient\backup.exe
C:\Windows\assembly\GAC_32\System.Data.OracleClient\backup.exe C:\Windows\assembly\GAC_32\System.Data.OracleClient\
C:\Program Files\Microsoft Office\root\Office16\1033\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\1033\backup.exe" C:\Program Files\Microsoft Office\root\Office16\1033\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\hu-hu\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\hu-hu\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\hu-hu\
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\backup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\
C:\Program Files (x86)\Common Files\System\ja-JP\backup.exe
"C:\Program Files (x86)\Common Files\System\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\System\ja-JP\
C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\backup.exe
C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\backup.exe C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\
C:\Program Files\Microsoft Office\root\Office16\1033\Bibliography\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\1033\Bibliography\backup.exe" C:\Program Files\Microsoft Office\root\Office16\1033\Bibliography\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\it-it\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\it-it\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\it-it\
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\backup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\
C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\backup.exe" C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ja-jp\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ja-jp\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ja-jp\
C:\Windows\assembly\GAC_32\System.EnterpriseServices\backup.exe
C:\Windows\assembly\GAC_32\System.EnterpriseServices\backup.exe C:\Windows\assembly\GAC_32\System.EnterpriseServices\
C:\Program Files (x86)\Common Files\System\msadc\System Restore.exe
"C:\Program Files (x86)\Common Files\System\msadc\System Restore.exe" C:\Program Files (x86)\Common Files\System\msadc\
C:\Program Files (x86)\Common Files\System\msadc\de-DE\backup.exe
"C:\Program Files (x86)\Common Files\System\msadc\de-DE\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\de-DE\
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\EBWebView\backup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\EBWebView\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\EBWebView\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ko-kr\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ko-kr\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ko-kr\
C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\backup.exe
C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\
C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\update.exe
"C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\update.exe" C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\
C:\Program Files (x86)\Common Files\System\msadc\en-US\backup.exe
"C:\Program Files (x86)\Common Files\System\msadc\en-US\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\en-US\
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\EBWebView\x64\backup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\EBWebView\x64\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\EBWebView\x64\
C:\Windows\assembly\GAC_32\System.Printing\backup.exe
C:\Windows\assembly\GAC_32\System.Printing\backup.exe C:\Windows\assembly\GAC_32\System.Printing\
C:\Program Files\Microsoft Office\root\Office16\1036\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\1036\backup.exe" C:\Program Files\Microsoft Office\root\Office16\1036\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\nb-no\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\nb-no\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\nb-no\
C:\Windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\backup.exe
C:\Windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\EBWebView\x86\backup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\EBWebView\x86\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\EBWebView\x86\
C:\Program Files (x86)\Common Files\System\msadc\es-ES\backup.exe
"C:\Program Files (x86)\Common Files\System\msadc\es-ES\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\es-ES\
C:\Windows\assembly\GAC_32\System.Transactions\update.exe
C:\Windows\assembly\GAC_32\System.Transactions\update.exe C:\Windows\assembly\GAC_32\System.Transactions\
C:\Program Files\Microsoft Office\root\Office16\3082\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\3082\backup.exe" C:\Program Files\Microsoft Office\root\Office16\3082\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\nl-nl\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\nl-nl\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\nl-nl\
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Extensions\backup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Extensions\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Extensions\
C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\backup.exe
C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\backup.exe C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\
C:\Program Files (x86)\Common Files\System\msadc\fr-FR\backup.exe
"C:\Program Files (x86)\Common Files\System\msadc\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\fr-FR\
C:\Program Files\Microsoft Office\root\Office16\ADDINS\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\ADDINS\backup.exe" C:\Program Files\Microsoft Office\root\Office16\ADDINS\
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_proxy\backup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_proxy\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_proxy\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\pl-pl\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\pl-pl\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\pl-pl\
C:\Windows\assembly\GAC_32\System.Web\backup.exe
C:\Windows\assembly\GAC_32\System.Web\backup.exe C:\Windows\assembly\GAC_32\System.Web\
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\backup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\
C:\Program Files (x86)\Common Files\System\msadc\it-IT\backup.exe
"C:\Program Files (x86)\Common Files\System\msadc\it-IT\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\it-IT\
C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\backup.exe" C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\pt-br\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\pt-br\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\pt-br\
C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\backup.exe
C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Locales\backup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Locales\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Locales\
C:\Program Files (x86)\Common Files\System\msadc\ja-JP\backup.exe
"C:\Program Files (x86)\Common Files\System\msadc\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\ja-JP\
C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\System Restore.exe
"C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\System Restore.exe" C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\root\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\root\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\root\
C:\Windows\assembly\GAC_64\backup.exe
C:\Windows\assembly\GAC_64\backup.exe C:\Windows\assembly\GAC_64\
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\MEIPreload\backup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\MEIPreload\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\MEIPreload\
C:\Program Files (x86)\Common Files\System\Ole DB\backup.exe
"C:\Program Files (x86)\Common Files\System\Ole DB\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ro-ro\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ro-ro\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ro-ro\
C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\backup.exe" C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\
C:\Windows\assembly\GAC_64\CustomMarshalers\data.exe
C:\Windows\assembly\GAC_64\CustomMarshalers\data.exe C:\Windows\assembly\GAC_64\CustomMarshalers\
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\MLModels\backup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\MLModels\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\MLModels\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ru-ru\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ru-ru\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ru-ru\
C:\Windows\assembly\GAC_64\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\backup.exe
C:\Windows\assembly\GAC_64\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_64\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\
C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\backup.exe" C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\
C:\Program Files (x86)\Common Files\System\Ole DB\de-DE\backup.exe
"C:\Program Files (x86)\Common Files\System\Ole DB\de-DE\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\de-DE\
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Notifications\backup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Notifications\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Notifications\
C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\backup.exe" C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sk-sk\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sk-sk\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sk-sk\
C:\Program Files (x86)\Common Files\System\Ole DB\en-US\backup.exe
"C:\Program Files (x86)\Common Files\System\Ole DB\en-US\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\en-US\
C:\Windows\assembly\GAC_64\ISymWrapper\backup.exe
C:\Windows\assembly\GAC_64\ISymWrapper\backup.exe C:\Windows\assembly\GAC_64\ISymWrapper\
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\PlayReadyCdm\backup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\PlayReadyCdm\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\PlayReadyCdm\
C:\Windows\assembly\GAC_64\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\backup.exe
C:\Windows\assembly\GAC_64\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_64\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sl-si\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sl-si\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sl-si\
C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\backup.exe" C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\PlayReadyCdm\_platform_specific\backup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\PlayReadyCdm\_platform_specific\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\PlayReadyCdm\_platform_specific\
C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\update.exe
"C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\update.exe" C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\
C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\data.exe
"C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\data.exe" C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\
C:\Windows\assembly\GAC_64\Microsoft.Ink\backup.exe
C:\Windows\assembly\GAC_64\Microsoft.Ink\backup.exe C:\Windows\assembly\GAC_64\Microsoft.Ink\
C:\Program Files (x86)\Common Files\System\Ole DB\fr-FR\backup.exe
"C:\Program Files (x86)\Common Files\System\Ole DB\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\fr-FR\
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\PlayReadyCdm\_platform_specific\win_x64\backup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\PlayReadyCdm\_platform_specific\win_x64\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\PlayReadyCdm\_platform_specific\win_x64\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sl-sl\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sl-sl\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sl-sl\
C:\Windows\assembly\GAC_64\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\backup.exe
C:\Windows\assembly\GAC_64\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_64\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\
C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\en\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\en\backup.exe" C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\en\
C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\backup.exe
"C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\backup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sv-se\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sv-se\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sv-se\
C:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\backup.exe
"C:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\
C:\Windows\assembly\GAC_64\Microsoft.Interop.Security.AzRoles\backup.exe
C:\Windows\assembly\GAC_64\Microsoft.Interop.Security.AzRoles\backup.exe C:\Windows\assembly\GAC_64\Microsoft.Interop.Security.AzRoles\
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Extensions\backup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Extensions\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Extensions\
C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Resources\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Resources\backup.exe" C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Resources\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\tr-tr\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\tr-tr\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\tr-tr\
C:\Windows\assembly\GAC_64\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\backup.exe
C:\Windows\assembly\GAC_64\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_64\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\
C:\Program Files (x86)\Common Files\System\uk-UA\update.exe
"C:\Program Files (x86)\Common Files\System\uk-UA\update.exe" C:\Program Files (x86)\Common Files\System\uk-UA\
C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Resources\1033\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Resources\1033\backup.exe" C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Resources\1033\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\uk-ua\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\uk-ua\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\uk-ua\
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\identity_proxy\backup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\identity_proxy\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\identity_proxy\
C:\Windows\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\backup.exe
C:\Windows\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\backup.exe C:\Windows\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Locales\backup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Locales\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Locales\
C:\Program Files\Microsoft Office\root\Office16\AugLoop\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\AugLoop\backup.exe" C:\Program Files\Microsoft Office\root\Office16\AugLoop\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\zh-cn\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\zh-cn\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\zh-cn\
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\MEIPreload\backup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\MEIPreload\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\MEIPreload\
C:\Program Files\Microsoft Office\root\Office16\Bibliography\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\Bibliography\backup.exe" C:\Program Files\Microsoft Office\root\Office16\Bibliography\
C:\Windows\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\backup.exe
C:\Windows\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\zh-tw\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\zh-tw\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\zh-tw\
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\MLModels\backup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\MLModels\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\MLModels\
C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\backup.exe" C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\
C:\Windows\assembly\GAC_64\MSBuild\backup.exe
C:\Windows\assembly\GAC_64\MSBuild\backup.exe C:\Windows\assembly\GAC_64\MSBuild\
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Notifications\backup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Notifications\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Notifications\
C:\Windows\bcastdvr\update.exe
C:\Windows\bcastdvr\update.exe C:\Windows\bcastdvr\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Trust Protection Lists\backup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Trust Protection Lists\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Trust Protection Lists\
C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\backup.exe" C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\
C:\Windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\backup.exe
C:\Windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\
C:\Windows\Branding\backup.exe
C:\Windows\Branding\backup.exe C:\Windows\Branding\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\jquery.ui.touch-punch\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\jquery.ui.touch-punch\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\jquery.ui.touch-punch\
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Trust Protection Lists\Mu\backup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Trust Protection Lists\Mu\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Trust Protection Lists\Mu\
C:\Windows\Branding\Basebrd\backup.exe
C:\Windows\Branding\Basebrd\backup.exe C:\Windows\Branding\Basebrd\
C:\Program Files\Microsoft Office\root\Office16\BORDERS\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\BORDERS\backup.exe" C:\Program Files\Microsoft Office\root\Office16\BORDERS\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\jquery.ui.touch-punch\0.2.2\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\jquery.ui.touch-punch\0.2.2\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\jquery.ui.touch-punch\0.2.2\
C:\Windows\assembly\GAC_64\mscorlib\backup.exe
C:\Windows\assembly\GAC_64\mscorlib\backup.exe C:\Windows\assembly\GAC_64\mscorlib\
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Trust Protection Lists\Sigma\backup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Trust Protection Lists\Sigma\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Trust Protection Lists\Sigma\
C:\Windows\Branding\Basebrd\de-DE\backup.exe
C:\Windows\Branding\Basebrd\de-DE\backup.exe C:\Windows\Branding\Basebrd\de-DE\
C:\Program Files\Microsoft Office\root\Office16\Configuration\System Restore.exe
"C:\Program Files\Microsoft Office\root\Office16\Configuration\System Restore.exe" C:\Program Files\Microsoft Office\root\Office16\Configuration\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\require\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\require\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\require\
C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\backup.exe
C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\backup.exe C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\VisualElements\backup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\VisualElements\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\VisualElements\
C:\Windows\Branding\Basebrd\en-US\backup.exe
C:\Windows\Branding\Basebrd\en-US\backup.exe C:\Windows\Branding\Basebrd\en-US\
C:\Program Files\Microsoft Office\root\Office16\Document Parts\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\Document Parts\backup.exe" C:\Program Files\Microsoft Office\root\Office16\Document Parts\
C:\Windows\assembly\GAC_64\PresentationCore\update.exe
C:\Windows\assembly\GAC_64\PresentationCore\update.exe C:\Windows\assembly\GAC_64\PresentationCore\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\require\2.1.15\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\require\2.1.15\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\require\2.1.15\
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\WidevineCdm\backup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\WidevineCdm\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\WidevineCdm\
C:\Windows\Branding\Basebrd\es-ES\backup.exe
C:\Windows\Branding\Basebrd\es-ES\backup.exe C:\Windows\Branding\Basebrd\es-ES\
C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\backup.exe
C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\
C:\Program Files\Microsoft Office\root\Office16\Document Parts\1033\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\Document Parts\1033\backup.exe" C:\Program Files\Microsoft Office\root\Office16\Document Parts\1033\
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\WidevineCdm\_platform_specific\backup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\WidevineCdm\_platform_specific\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\WidevineCdm\_platform_specific\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\misc\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\misc\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\misc\
C:\Windows\Branding\Basebrd\fr-FR\backup.exe
C:\Windows\Branding\Basebrd\fr-FR\backup.exe C:\Windows\Branding\Basebrd\fr-FR\
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\WidevineCdm\_platform_specific\win_x64\backup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\WidevineCdm\_platform_specific\win_x64\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\WidevineCdm\_platform_specific\win_x64\
C:\Windows\assembly\GAC_64\srmlib\update.exe
C:\Windows\assembly\GAC_64\srmlib\update.exe C:\Windows\assembly\GAC_64\srmlib\
C:\Program Files\Microsoft Office\root\Office16\Document Parts\1033\16\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\Document Parts\1033\16\backup.exe" C:\Program Files\Microsoft Office\root\Office16\Document Parts\1033\16\
C:\Windows\Branding\Basebrd\it-IT\System Restore.exe
"C:\Windows\Branding\Basebrd\it-IT\System Restore.exe" C:\Windows\Branding\Basebrd\it-IT\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\update.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\
C:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\backup.exe
C:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_64\srmlib\1.0.0.0__31bf3856ad364e35\
C:\Windows\Branding\Basebrd\ja-JP\backup.exe
C:\Windows\Branding\Basebrd\ja-JP\backup.exe C:\Windows\Branding\Basebrd\ja-JP\
C:\Program Files\Microsoft Office\root\Office16\FPA_f14\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\FPA_f14\backup.exe" C:\Program Files\Microsoft Office\root\Office16\FPA_f14\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\swiftshader\backup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\swiftshader\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\swiftshader\
C:\Program Files\Microsoft Office\root\Office16\FPA_f2\data.exe
"C:\Program Files\Microsoft Office\root\Office16\FPA_f2\data.exe" C:\Program Files\Microsoft Office\root\Office16\FPA_f2\
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\backup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\
C:\Windows\Branding\Basebrd\uk-UA\backup.exe
C:\Windows\Branding\Basebrd\uk-UA\backup.exe C:\Windows\Branding\Basebrd\uk-UA\
C:\Windows\assembly\GAC_64\System.Data\backup.exe
C:\Windows\assembly\GAC_64\System.Data\backup.exe C:\Windows\assembly\GAC_64\System.Data\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\css\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\css\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\css\
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\Mu\backup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\Mu\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\Mu\
C:\Windows\Branding\shellbrd\backup.exe
C:\Windows\Branding\shellbrd\backup.exe C:\Windows\Branding\shellbrd\
C:\Program Files\Microsoft Office\root\Office16\FPA_f3\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\FPA_f3\backup.exe" C:\Program Files\Microsoft Office\root\Office16\FPA_f3\
C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\backup.exe
C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\backup.exe C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\
C:\Windows\CbsTemp\backup.exe
C:\Windows\CbsTemp\backup.exe C:\Windows\CbsTemp\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\images\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\images\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\images\
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\Sigma\backup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\Sigma\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\Sigma\
C:\Program Files\Microsoft Office\root\Office16\FPA_f33\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\FPA_f33\backup.exe" C:\Program Files\Microsoft Office\root\Office16\FPA_f33\
C:\Windows\assembly\GAC_64\System.Data.OracleClient\backup.exe
C:\Windows\assembly\GAC_64\System.Data.OracleClient\backup.exe C:\Windows\assembly\GAC_64\System.Data.OracleClient\
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\VisualElements\backup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\VisualElements\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\VisualElements\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\
C:\Windows\Containers\backup.exe
C:\Windows\Containers\backup.exe C:\Windows\Containers\
C:\Program Files\Microsoft Office\root\Office16\FPA_f4\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\FPA_f4\backup.exe" C:\Program Files\Microsoft Office\root\Office16\FPA_f4\
C:\Windows\assembly\GAC_64\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\backup.exe
C:\Windows\assembly\GAC_64\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\backup.exe C:\Windows\assembly\GAC_64\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\WidevineCdm\backup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\WidevineCdm\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\WidevineCdm\
C:\Windows\Containers\serviced\backup.exe
C:\Windows\Containers\serviced\backup.exe C:\Windows\Containers\serviced\
C:\Program Files\Microsoft Office\root\Office16\FPA_f7\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\FPA_f7\backup.exe" C:\Program Files\Microsoft Office\root\Office16\FPA_f7\
C:\Windows\assembly\GAC_64\System.EnterpriseServices\backup.exe
C:\Windows\assembly\GAC_64\System.EnterpriseServices\backup.exe C:\Windows\assembly\GAC_64\System.EnterpriseServices\
C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000006\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000006\backup.exe" C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000006\
C:\Windows\Cursors\backup.exe
C:\Windows\Cursors\backup.exe C:\Windows\Cursors\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ar-ae\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ar-ae\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ar-ae\
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\WidevineCdm\_platform_specific\backup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\WidevineCdm\_platform_specific\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\WidevineCdm\_platform_specific\
C:\Program Files\Microsoft Office 15\backup.exe
"C:\Program Files\Microsoft Office 15\backup.exe" C:\Program Files\Microsoft Office 15\
C:\Windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\backup.exe
C:\Windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\
C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000008\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000008\backup.exe" C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000008\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ca-es\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ca-es\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ca-es\
C:\Program Files\Microsoft Office 15\ClientX64\backup.exe
"C:\Program Files\Microsoft Office 15\ClientX64\backup.exe" C:\Program Files\Microsoft Office 15\ClientX64\
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\WidevineCdm\_platform_specific\win_x64\backup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\WidevineCdm\_platform_specific\win_x64\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\WidevineCdm\_platform_specific\win_x64\
C:\Windows\assembly\GAC_64\System.Printing\backup.exe
C:\Windows\assembly\GAC_64\System.Printing\backup.exe C:\Windows\assembly\GAC_64\System.Printing\
C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000009\update.exe
"C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000009\update.exe" C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000009\
C:\Windows\debug\backup.exe
C:\Windows\debug\backup.exe C:\Windows\debug\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\cs-cz\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\cs-cz\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\cs-cz\
C:\Program Files\Mozilla Firefox\backup.exe
"C:\Program Files\Mozilla Firefox\backup.exe" C:\Program Files\Mozilla Firefox\
C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\backup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\backup.exe" C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\
C:\Windows\de-DE\backup.exe
C:\Windows\de-DE\backup.exe C:\Windows\de-DE\
C:\Windows\assembly\GAC_64\System.Printing\3.0.0.0__31bf3856ad364e35\backup.exe
C:\Windows\assembly\GAC_64\System.Printing\3.0.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_64\System.Printing\3.0.0.0__31bf3856ad364e35\
C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000011\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000011\backup.exe" C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000011\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\da-dk\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\da-dk\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\da-dk\
C:\Program Files\Mozilla Firefox\browser\backup.exe
"C:\Program Files\Mozilla Firefox\browser\backup.exe" C:\Program Files\Mozilla Firefox\browser\
C:\Program Files\Microsoft Office\Updates\backup.exe
"C:\Program Files\Microsoft Office\Updates\backup.exe" C:\Program Files\Microsoft Office\Updates\
C:\Program Files\Mozilla Firefox\browser\features\backup.exe
"C:\Program Files\Mozilla Firefox\browser\features\backup.exe" C:\Program Files\Mozilla Firefox\browser\features\
C:\Program Files\Microsoft Office\Updates\Apply\backup.exe
"C:\Program Files\Microsoft Office\Updates\Apply\backup.exe" C:\Program Files\Microsoft Office\Updates\Apply\
C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\update.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\update.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\
C:\Windows\DiagTrack\backup.exe
C:\Windows\DiagTrack\backup.exe C:\Windows\DiagTrack\
C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000050\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000050\backup.exe" C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000050\
C:\Windows\assembly\GAC_64\System.Transactions\backup.exe
C:\Windows\assembly\GAC_64\System.Transactions\backup.exe C:\Windows\assembly\GAC_64\System.Transactions\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\de-de\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\de-de\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\de-de\
C:\Windows\DiagTrack\Scenarios\backup.exe
C:\Windows\DiagTrack\Scenarios\backup.exe C:\Windows\DiagTrack\Scenarios\
C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System Restore.exe
"C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System Restore.exe" C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\
C:\Program Files\Microsoft Office\root\Office16\FPA_w1\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\FPA_w1\backup.exe" C:\Program Files\Microsoft Office\root\Office16\FPA_w1\
C:\Program Files\Microsoft Office\Updates\Apply\FilesInUse\backup.exe
"C:\Program Files\Microsoft Office\Updates\Apply\FilesInUse\backup.exe" C:\Program Files\Microsoft Office\Updates\Apply\FilesInUse\
C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\backup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\backup.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\
C:\Program Files\Mozilla Firefox\browser\VisualElements\backup.exe
"C:\Program Files\Mozilla Firefox\browser\VisualElements\backup.exe" C:\Program Files\Mozilla Firefox\browser\VisualElements\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-ae\update.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-ae\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-ae\
C:\Windows\DiagTrack\Settings\backup.exe
C:\Windows\DiagTrack\Settings\backup.exe C:\Windows\DiagTrack\Settings\
C:\Windows\assembly\GAC_64\System.Web\backup.exe
C:\Windows\assembly\GAC_64\System.Web\backup.exe C:\Windows\assembly\GAC_64\System.Web\
C:\Program Files\Microsoft Office\Updates\Apply\FilesInUse\934B6514-B3DC-4B8F-82EB-F1681BAEB6A9\backup.exe
"C:\Program Files\Microsoft Office\Updates\Apply\FilesInUse\934B6514-B3DC-4B8F-82EB-F1681BAEB6A9\backup.exe" C:\Program Files\Microsoft Office\Updates\Apply\FilesInUse\934B6514-B3DC-4B8F-82EB-F1681BAEB6A9\
C:\Program Files\Microsoft Office\root\Office16\Library\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\Library\backup.exe" C:\Program Files\Microsoft Office\root\Office16\Library\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-gb\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-gb\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-gb\
C:\Program Files\Mozilla Firefox\defaults\backup.exe
"C:\Program Files\Mozilla Firefox\defaults\backup.exe" C:\Program Files\Mozilla Firefox\defaults\
C:\Windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\backup.exe
C:\Windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\
C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\backup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\backup.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\
C:\Windows\DigitalLocker\backup.exe
C:\Windows\DigitalLocker\backup.exe C:\Windows\DigitalLocker\
C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\backup.exe" C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\
C:\Program Files\Microsoft Office\Updates\Download\backup.exe
"C:\Program Files\Microsoft Office\Updates\Download\backup.exe" C:\Program Files\Microsoft Office\Updates\Download\
C:\Program Files\Mozilla Firefox\defaults\pref\backup.exe
"C:\Program Files\Mozilla Firefox\defaults\pref\backup.exe" C:\Program Files\Mozilla Firefox\defaults\pref\
C:\Windows\assembly\GAC_MSIL\backup.exe
C:\Windows\assembly\GAC_MSIL\backup.exe C:\Windows\assembly\GAC_MSIL\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-il\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-il\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-il\
C:\Windows\DigitalLocker\en-US\backup.exe
C:\Windows\DigitalLocker\en-US\backup.exe C:\Windows\DigitalLocker\en-US\
C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\update.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\update.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\
C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\backup.exe" C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\
C:\Windows\assembly\GAC_MSIL\Accessibility\data.exe
C:\Windows\assembly\GAC_MSIL\Accessibility\data.exe C:\Windows\assembly\GAC_MSIL\Accessibility\
C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\backup.exe
"C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\backup.exe" C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\
C:\Program Files\Mozilla Firefox\fonts\backup.exe
"C:\Program Files\Mozilla Firefox\fonts\backup.exe" C:\Program Files\Mozilla Firefox\fonts\
C:\Windows\en-US\backup.exe
C:\Windows\en-US\backup.exe C:\Windows\en-US\
C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\backup.exe" C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\es-es\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\es-es\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\es-es\
C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\backup.exe
C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\
C:\Program Files (x86)\Microsoft.NET\backup.exe
"C:\Program Files (x86)\Microsoft.NET\backup.exe" C:\Program Files (x86)\Microsoft.NET\
C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\934B6514-B3DC-4B8F-82EB-F1681BAEB6A9\backup.exe
"C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\934B6514-B3DC-4B8F-82EB-F1681BAEB6A9\backup.exe" C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\934B6514-B3DC-4B8F-82EB-F1681BAEB6A9\
C:\Program Files\Mozilla Firefox\gmp-clearkey\backup.exe
"C:\Program Files\Mozilla Firefox\gmp-clearkey\backup.exe" C:\Program Files\Mozilla Firefox\gmp-clearkey\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\eu-es\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\eu-es\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\eu-es\
C:\Windows\es-ES\data.exe
C:\Windows\es-ES\data.exe C:\Windows\es-ES\
C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\backup.exe" C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\
C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\backup.exe
"C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\backup.exe" C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\
C:\Windows\assembly\GAC_MSIL\AspNetMMCExt\backup.exe
C:\Windows\assembly\GAC_MSIL\AspNetMMCExt\backup.exe C:\Windows\assembly\GAC_MSIL\AspNetMMCExt\
C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\934B6514-B3DC-4B8F-82EB-F1681BAEB6A9\root\backup.exe
"C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\934B6514-B3DC-4B8F-82EB-F1681BAEB6A9\root\backup.exe" C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\934B6514-B3DC-4B8F-82EB-F1681BAEB6A9\root\
C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\backup.exe
"C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\backup.exe" C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\
C:\Windows\Fonts\backup.exe
C:\Windows\Fonts\backup.exe C:\Windows\Fonts\
C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\backup.exe" C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\
C:\Windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\System Restore.exe
"C:\Windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\System Restore.exe" C:\Windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\
C:\Program Files (x86)\Microsoft.NET\RedistList\backup.exe
"C:\Program Files (x86)\Microsoft.NET\RedistList\backup.exe" C:\Program Files (x86)\Microsoft.NET\RedistList\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fi-fi\System Restore.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fi-fi\System Restore.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fi-fi\
C:\Program Files\Mozilla Firefox\uninstall\backup.exe
"C:\Program Files\Mozilla Firefox\uninstall\backup.exe" C:\Program Files\Mozilla Firefox\uninstall\
C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\934B6514-B3DC-4B8F-82EB-F1681BAEB6A9\root\vfs\update.exe
"C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\934B6514-B3DC-4B8F-82EB-F1681BAEB6A9\root\vfs\update.exe" C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\934B6514-B3DC-4B8F-82EB-F1681BAEB6A9\root\vfs\
C:\Program Files (x86)\Mozilla Maintenance Service\backup.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\backup.exe" C:\Program Files (x86)\Mozilla Maintenance Service\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fr-fr\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fr-fr\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fr-fr\
C:\Windows\fr-FR\backup.exe
C:\Windows\fr-FR\backup.exe C:\Windows\fr-FR\
C:\Program Files\Microsoft Office\root\Office16\LogoImages\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\LogoImages\backup.exe" C:\Program Files\Microsoft Office\root\Office16\LogoImages\
C:\Windows\assembly\GAC_MSIL\AspNetMMCExt.Resources\backup.exe
C:\Windows\assembly\GAC_MSIL\AspNetMMCExt.Resources\backup.exe C:\Windows\assembly\GAC_MSIL\AspNetMMCExt.Resources\
C:\Program Files\MSBuild\backup.exe
"C:\Program Files\MSBuild\backup.exe" C:\Program Files\MSBuild\
C:\Program Files\Microsoft Office\root\rsod\backup.exe
"C:\Program Files\Microsoft Office\root\rsod\backup.exe" C:\Program Files\Microsoft Office\root\rsod\
C:\Program Files\Microsoft Office\root\Office16\MEDIA\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\MEDIA\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MEDIA\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fr-ma\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fr-ma\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fr-ma\
C:\Windows\GameBarPresenceWriter\data.exe
C:\Windows\GameBarPresenceWriter\data.exe C:\Windows\GameBarPresenceWriter\
C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\934B6514-B3DC-4B8F-82EB-F1681BAEB6A9\root\vfs\Windows\backup.exe
"C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\934B6514-B3DC-4B8F-82EB-F1681BAEB6A9\root\vfs\Windows\backup.exe" C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\934B6514-B3DC-4B8F-82EB-F1681BAEB6A9\root\vfs\Windows\
C:\Program Files (x86)\Mozilla Maintenance Service\logs\backup.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\logs\backup.exe" C:\Program Files (x86)\Mozilla Maintenance Service\logs\
C:\Program Files\MSBuild\Microsoft\backup.exe
"C:\Program Files\MSBuild\Microsoft\backup.exe" C:\Program Files\MSBuild\Microsoft\
C:\Windows\assembly\GAC_MSIL\AspNetMMCExt.Resources\2.0.0.0_de_b03f5f7f11d50a3a\backup.exe
C:\Windows\assembly\GAC_MSIL\AspNetMMCExt.Resources\2.0.0.0_de_b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_MSIL\AspNetMMCExt.Resources\2.0.0.0_de_b03f5f7f11d50a3a\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\he-il\System Restore.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\he-il\System Restore.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\he-il\
C:\Program Files\Microsoft Office\root\Office16\MSIPC\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\MSIPC\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\
C:\Program Files (x86)\MSBuild\backup.exe
"C:\Program Files (x86)\MSBuild\backup.exe" C:\Program Files (x86)\MSBuild\
C:\Windows\Globalization\backup.exe
C:\Windows\Globalization\backup.exe C:\Windows\Globalization\
C:\Windows\assembly\GAC_MSIL\AspNetMMCExt.Resources\2.0.0.0_es_b03f5f7f11d50a3a\backup.exe
C:\Windows\assembly\GAC_MSIL\AspNetMMCExt.Resources\2.0.0.0_es_b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_MSIL\AspNetMMCExt.Resources\2.0.0.0_es_b03f5f7f11d50a3a\
C:\Program Files\Microsoft Office\root\Templates\backup.exe
"C:\Program Files\Microsoft Office\root\Templates\backup.exe" C:\Program Files\Microsoft Office\root\Templates\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\hr-hr\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\hr-hr\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\hr-hr\
C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\backup.exe
"C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\backup.exe" C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\
C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\934B6514-B3DC-4B8F-82EB-F1681BAEB6A9\root\vfs\Windows\assembly\backup.exe
"C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\934B6514-B3DC-4B8F-82EB-F1681BAEB6A9\root\vfs\Windows\assembly\backup.exe" C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\934B6514-B3DC-4B8F-82EB-F1681BAEB6A9\root\vfs\Windows\assembly\
C:\Program Files\Microsoft Office\root\Office16\MSIPC\ar\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\MSIPC\ar\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\ar\
C:\Program Files (x86)\MSBuild\Microsoft\backup.exe
"C:\Program Files (x86)\MSBuild\Microsoft\backup.exe" C:\Program Files (x86)\MSBuild\Microsoft\
C:\Windows\Globalization\ELS\backup.exe
C:\Windows\Globalization\ELS\backup.exe C:\Windows\Globalization\ELS\
C:\Windows\assembly\GAC_MSIL\AspNetMMCExt.Resources\2.0.0.0_fr_b03f5f7f11d50a3a\backup.exe
C:\Windows\assembly\GAC_MSIL\AspNetMMCExt.Resources\2.0.0.0_fr_b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_MSIL\AspNetMMCExt.Resources\2.0.0.0_fr_b03f5f7f11d50a3a\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\hu-hu\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\hu-hu\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\hu-hu\
C:\Program Files\Microsoft Office\root\Templates\1033\backup.exe
"C:\Program Files\Microsoft Office\root\Templates\1033\backup.exe" C:\Program Files\Microsoft Office\root\Templates\1033\
C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\backup.exe
"C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\backup.exe" C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\
C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\934B6514-B3DC-4B8F-82EB-F1681BAEB6A9\root\vfs\Windows\assembly\GAC_MSIL\backup.exe
"C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\934B6514-B3DC-4B8F-82EB-F1681BAEB6A9\root\vfs\Windows\assembly\GAC_MSIL\backup.exe" C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\934B6514-B3DC-4B8F-82EB-F1681BAEB6A9\root\vfs\Windows\assembly\GAC_MSIL\
C:\Program Files\Microsoft Office\root\Office16\MSIPC\bg\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\MSIPC\bg\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\bg\
C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\backup.exe
"C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\backup.exe" C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\
C:\Windows\assembly\GAC_MSIL\AspNetMMCExt.Resources\2.0.0.0_it_b03f5f7f11d50a3a\backup.exe
C:\Windows\assembly\GAC_MSIL\AspNetMMCExt.Resources\2.0.0.0_it_b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_MSIL\AspNetMMCExt.Resources\2.0.0.0_it_b03f5f7f11d50a3a\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\it-it\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\it-it\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\it-it\
C:\Windows\Globalization\ELS\Transliteration\data.exe
C:\Windows\Globalization\ELS\Transliteration\data.exe C:\Windows\Globalization\ELS\Transliteration\
C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\934B6514-B3DC-4B8F-82EB-F1681BAEB6A9\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.SPClient.Interfaces\backup.exe
"C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\934B6514-B3DC-4B8F-82EB-F1681BAEB6A9\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.SPClient.Interfaces\backup.exe" C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\934B6514-B3DC-4B8F-82EB-F1681BAEB6A9\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.SPClient.Interfaces\
C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\backup.exe
"C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\backup.exe" C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\
C:\Program Files\Microsoft Office\root\Templates\1033\GettingStarted16\backup.exe
"C:\Program Files\Microsoft Office\root\Templates\1033\GettingStarted16\backup.exe" C:\Program Files\Microsoft Office\root\Templates\1033\GettingStarted16\
C:\Windows\assembly\GAC_MSIL\AspNetMMCExt.Resources\2.0.0.0_ja_b03f5f7f11d50a3a\backup.exe
C:\Windows\assembly\GAC_MSIL\AspNetMMCExt.Resources\2.0.0.0_ja_b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_MSIL\AspNetMMCExt.Resources\2.0.0.0_ja_b03f5f7f11d50a3a\
C:\Windows\Globalization\ICU\backup.exe
C:\Windows\Globalization\ICU\backup.exe C:\Windows\Globalization\ICU\
C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\backup.exe
"C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\backup.exe" C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\
C:\Program Files\Microsoft Office\root\Office16\MSIPC\ca\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\MSIPC\ca\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\ca\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ja-jp\update.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ja-jp\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ja-jp\
C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\934B6514-B3DC-4B8F-82EB-F1681BAEB6A9\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.SPClient.Interfaces\13.0.0.0__89845DCD8080CC91\backup.exe
"C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\934B6514-B3DC-4B8F-82EB-F1681BAEB6A9\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.SPClient.Interfaces\13.0.0.0__89845DCD8080CC91\backup.exe" C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\934B6514-B3DC-4B8F-82EB-F1681BAEB6A9\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.SPClient.Interfaces\13.0.0.0__89845DCD8080CC91\
C:\Program Files\Reference Assemblies\backup.exe
"C:\Program Files\Reference Assemblies\backup.exe" C:\Program Files\Reference Assemblies\
C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\backup.exe
"C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\backup.exe" C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\
C:\Windows\assembly\GAC_MSIL\ComSvcConfig\backup.exe
C:\Windows\assembly\GAC_MSIL\ComSvcConfig\backup.exe C:\Windows\assembly\GAC_MSIL\ComSvcConfig\
C:\Windows\Globalization\Sorting\backup.exe
C:\Windows\Globalization\Sorting\backup.exe C:\Windows\Globalization\Sorting\
C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\backup.exe
"C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\backup.exe" C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\
C:\Program Files\Microsoft Office\root\Office16\MSIPC\cs\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\MSIPC\cs\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\cs\
C:\Program Files\Reference Assemblies\Microsoft\backup.exe
"C:\Program Files\Reference Assemblies\Microsoft\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ko-kr\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ko-kr\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ko-kr\
C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\backup.exe
"C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\backup.exe" C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\
C:\Windows\assembly\GAC_MSIL\ComSvcConfig\3.0.0.0__b03f5f7f11d50a3a\backup.exe
C:\Windows\assembly\GAC_MSIL\ComSvcConfig\3.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_MSIL\ComSvcConfig\3.0.0.0__b03f5f7f11d50a3a\
C:\Program Files\Microsoft Office\root\Office16\MSIPC\da\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\MSIPC\da\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\da\
C:\Windows\Globalization\Time Zone\backup.exe
"C:\Windows\Globalization\Time Zone\backup.exe" C:\Windows\Globalization\Time Zone\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\nb-no\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\nb-no\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\nb-no\
C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\backup.exe
"C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\backup.exe" C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\
C:\Program Files\Reference Assemblies\Microsoft\Framework\backup.exe
"C:\Program Files\Reference Assemblies\Microsoft\Framework\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\
C:\Program Files\Microsoft Office\root\Office16\MSIPC\de\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\MSIPC\de\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\de\
C:\Windows\assembly\GAC_MSIL\cscompmgd\backup.exe
C:\Windows\assembly\GAC_MSIL\cscompmgd\backup.exe C:\Windows\assembly\GAC_MSIL\cscompmgd\
C:\Program Files (x86)\Reference Assemblies\System Restore.exe
"C:\Program Files (x86)\Reference Assemblies\System Restore.exe" C:\Program Files (x86)\Reference Assemblies\
C:\Windows\Help\backup.exe
C:\Windows\Help\backup.exe C:\Windows\Help\
C:\Program Files\Microsoft Office\root\Office16\MSIPC\el\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\MSIPC\el\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\el\
C:\Windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\backup.exe
C:\Windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\nl-nl\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\nl-nl\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\nl-nl\
C:\Program Files (x86)\Reference Assemblies\Microsoft\backup.exe
"C:\Program Files (x86)\Reference Assemblies\Microsoft\backup.exe" C:\Program Files (x86)\Reference Assemblies\Microsoft\
C:\Program Files\Microsoft Office\root\Templates\Presentation Designs\data.exe
"C:\Program Files\Microsoft Office\root\Templates\Presentation Designs\data.exe" C:\Program Files\Microsoft Office\root\Templates\Presentation Designs\
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\data.exe
"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\data.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\
C:\Windows\Help\Corporate\backup.exe
C:\Windows\Help\Corporate\backup.exe C:\Windows\Help\Corporate\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\pl-pl\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\pl-pl\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\pl-pl\
C:\Program Files\Microsoft Office\root\Office16\MSIPC\en-us\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\MSIPC\en-us\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\en-us\
C:\Windows\assembly\GAC_MSIL\dfsvc\System Restore.exe
"C:\Windows\assembly\GAC_MSIL\dfsvc\System Restore.exe" C:\Windows\assembly\GAC_MSIL\dfsvc\
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\backup.exe
"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\backup.exe" C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\
C:\Windows\Help\en-US\backup.exe
C:\Windows\Help\en-US\backup.exe C:\Windows\Help\en-US\
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\backup.exe
"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\
C:\Program Files\Microsoft Office\root\vfs\backup.exe
"C:\Program Files\Microsoft Office\root\vfs\backup.exe" C:\Program Files\Microsoft Office\root\vfs\
C:\Program Files\Microsoft Office\root\Office16\MSIPC\es\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\MSIPC\es\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\es\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\pt-br\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\pt-br\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\pt-br\
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\backup.exe
"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\backup.exe" C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\
C:\Windows\Help\Help\backup.exe
C:\Windows\Help\Help\backup.exe C:\Windows\Help\Help\
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\backup.exe
"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\
C:\Windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\update.exe
C:\Windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\update.exe C:\Windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\
C:\Program Files\Microsoft Office\root\vfs\Common AppData\System Restore.exe
"C:\Program Files\Microsoft Office\root\vfs\Common AppData\System Restore.exe" C:\Program Files\Microsoft Office\root\vfs\Common AppData\
C:\Program Files\Microsoft Office\root\Office16\MSIPC\et\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\MSIPC\et\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\et\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\root\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\root\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\root\
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\de\backup.exe
"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\de\backup.exe" C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\de\
C:\Windows\Help\mui\backup.exe
C:\Windows\Help\mui\backup.exe C:\Windows\Help\mui\
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\backup.exe
"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\
C:\Program Files\Microsoft Office\root\Office16\MSIPC\eu\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\MSIPC\eu\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\eu\
C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\backup.exe
"C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\backup.exe" C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\
C:\Windows\assembly\GAC_MSIL\IEExecRemote\backup.exe
C:\Windows\assembly\GAC_MSIL\IEExecRemote\backup.exe C:\Windows\assembly\GAC_MSIL\IEExecRemote\
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\es\backup.exe
"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\es\backup.exe" C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\es\
C:\Windows\Help\mui\0407\backup.exe
C:\Windows\Help\mui\0407\backup.exe C:\Windows\Help\mui\0407\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ro-ro\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ro-ro\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ro-ro\
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\backup.exe
"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\
C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\backup.exe
"C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\backup.exe" C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\
C:\Program Files\Microsoft Office\root\Office16\MSIPC\fi\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\MSIPC\fi\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\fi\
C:\Windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\backup.exe
C:\Windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\fr\backup.exe
"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\fr\backup.exe" C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\fr\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ru-ru\update.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ru-ru\update.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ru-ru\
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\backup.exe
"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\
C:\Windows\assembly\GAC_MSIL\IEHost\backup.exe
C:\Windows\assembly\GAC_MSIL\IEHost\backup.exe C:\Windows\assembly\GAC_MSIL\IEHost\
C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\backup.exe
"C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\backup.exe" C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\
C:\Windows\Help\mui\0409\backup.exe
C:\Windows\Help\mui\0409\backup.exe C:\Windows\Help\mui\0409\
C:\Program Files\Microsoft Office\root\Office16\MSIPC\fr\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\MSIPC\fr\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\fr\
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\it\backup.exe
"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\it\backup.exe" C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\it\
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\backup.exe
"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\
C:\Windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\backup.exe
C:\Windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\
C:\Windows\Help\mui\040C\backup.exe
C:\Windows\Help\mui\040C\backup.exe C:\Windows\Help\mui\040C\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sk-sk\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sk-sk\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sk-sk\
C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\backup.exe
"C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\backup.exe" C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ja\backup.exe
"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ja\backup.exe" C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ja\
C:\Program Files\Microsoft Office\root\Office16\MSIPC\gl\System Restore.exe
"C:\Program Files\Microsoft Office\root\Office16\MSIPC\gl\System Restore.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\gl\
C:\Windows\Help\mui\0410\backup.exe
C:\Windows\Help\mui\0410\backup.exe C:\Windows\Help\mui\0410\
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\backup.exe
"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\backup.exe" C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\backup.exe
"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\
C:\Windows\assembly\GAC_MSIL\IIEHost\System Restore.exe
"C:\Windows\assembly\GAC_MSIL\IIEHost\System Restore.exe" C:\Windows\assembly\GAC_MSIL\IIEHost\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-si\System Restore.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-si\System Restore.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-si\
C:\Program Files\Microsoft Office\root\vfs\Fonts\data.exe
"C:\Program Files\Microsoft Office\root\vfs\Fonts\data.exe" C:\Program Files\Microsoft Office\root\vfs\Fonts\
C:\Program Files\Microsoft Office\root\Office16\MSIPC\he\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\MSIPC\he\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\he\
C:\Windows\Help\mui\0411\backup.exe
C:\Windows\Help\mui\0411\backup.exe C:\Windows\Help\mui\0411\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-sl\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-sl\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-sl\
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList\backup.exe
"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList\backup.exe" C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList\
C:\Program Files\Microsoft Office\root\Office16\MSIPC\hi\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\MSIPC\hi\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\hi\
C:\Windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\backup.exe
C:\Windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\
C:\Program Files\Microsoft Office\root\vfs\Fonts\private\update.exe
"C:\Program Files\Microsoft Office\root\vfs\Fonts\private\update.exe" C:\Program Files\Microsoft Office\root\vfs\Fonts\private\
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\backup.exe
"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\
C:\Windows\Help\mui\0422\backup.exe
C:\Windows\Help\mui\0422\backup.exe C:\Windows\Help\mui\0422\
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\backup.exe
"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\backup.exe" C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sv-se\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sv-se\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sv-se\
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\update.exe
"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\update.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\
C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\backup.exe
C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\backup.exe C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\backup.exe
"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\backup.exe" C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\
C:\Program Files\Microsoft Office\root\Office16\MSIPC\hr\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\MSIPC\hr\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\hr\
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\de\backup.exe
"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\de\backup.exe" C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\de\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\tr-tr\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\tr-tr\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\tr-tr\
C:\Windows\Help\mui\0C0A\backup.exe
C:\Windows\Help\mui\0C0A\backup.exe C:\Windows\Help\mui\0C0A\
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\backup.exe
"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\
C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\backup.exe
C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\es\backup.exe
"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\es\backup.exe" C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\es\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\uk-ua\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\uk-ua\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\uk-ua\
C:\Program Files\Microsoft Office\root\Office16\MSIPC\hu\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\MSIPC\hu\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\hu\
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\backup.exe
"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\DESIGNER\backup.exe
"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\DESIGNER\backup.exe" C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\DESIGNER\
C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine\backup.exe
C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine\backup.exe C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine\
C:\Windows\Help\OEM\backup.exe
C:\Windows\Help\OEM\backup.exe C:\Windows\Help\OEM\
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\backup.exe
"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\fr\backup.exe
"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\fr\backup.exe" C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\fr\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\zh-cn\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\zh-cn\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\zh-cn\
C:\Program Files\Microsoft Office\root\Office16\MSIPC\id\backup.exe
"C:\Program Files\Microsoft Office\root\Office16\MSIPC\id\backup.exe" C:\Program Files\Microsoft Office\root\Office16\MSIPC\id\
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\backup.exe
"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\backup.exe" C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\
C:\Windows\Help\OEM\ContentStore\backup.exe
C:\Windows\Help\OEM\ContentStore\backup.exe C:\Windows\Help\OEM\ContentStore\
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\versions\backup.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\versions\backup.exe" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\versions\
C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\backup.exe
C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\backup.exe
"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\it\backup.exe
"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\it\backup.exe" C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\it\
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\backup.exe
"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\backup.exe" C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.49.80.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.130.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.73.42.20.in-addr.arpa | udp |
Files
memory/3544-0-0x0000000000400000-0x0000000000415000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\temp.zip
| MD5 | 76cdb2bad9582d23c1f6f4d868218d6c |
| SHA1 | b04f3ee8f5e43fa3b162981b50bb72fe1acabb33 |
| SHA256 | 8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85 |
| SHA512 | 5e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f |
C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\temp.zip
| MD5 | fafaaf37389ffd61307bf2260cabd266 |
| SHA1 | fb0687becbdf5d156aa785792be75a583ebed517 |
| SHA256 | cdbade4971e21522acf7f2ef5b14cc6509b1804f8e38ac315358d1b0f3b67fca |
| SHA512 | 8065f0c8008e9c8e1950648a403ee2609b3e9fc9b0b301f4d2aa13a61d15a0a02fbfa42f7918f4354d79f22dc2b2013eae6679b4391da878619e6aaaaa347afd |
C:\backup.exe
| MD5 | 3339a37116ff7566c183c07e6e3a95aa |
| SHA1 | eb9073a0c74a7e8d65e86eb239e5685205977f94 |
| SHA256 | e69cc16f482ef6a7d2f311232e902c05dc14af29e88d3b2a3b3221f1eef12404 |
| SHA512 | fee2d3704a8d10000056563d3883a70b856fec27d696f2927dd81fb5c770e2a89447ecf5ef6ff50fd4d43fb042a9e2a48e47a626d908db0e3310f6fb7eaa6b9d |
C:\PerfLogs\backup.exe
| MD5 | 28c57dbc1cec24c62a64b421451c2b96 |
| SHA1 | d56edcb77331b0d452a27d1e805e656f757a5ae7 |
| SHA256 | daff6671d340669df7f486c39e9dfc9d73816b09663ac9afa7178778b95700d5 |
| SHA512 | 74aaa5ffe06a0f83638e93dad9dac9caec86794d02c377611cb2c2166d20b4c1195ac4fbccb956e85bc1fb4489474f643c462a2f1fd919d681682e300bf8f106 |
C:\Program Files\7-Zip\backup.exe
| MD5 | f813f003875b9a8b449afbb3d08abc71 |
| SHA1 | d218558adacc6798627a4bc00b8c3e57c25d1ab4 |
| SHA256 | 24bbb6eac1161ed6ca16359b20e5cd4fe28d4248d2834592b3984b7212ce01ef |
| SHA512 | 78a9604d362a662c453468e6510534995108fa8f91fccfcee8b61a3e310cdd4843d7ee20ede9e07317a56e6a58b41dd1cea1261bc74eb90dec67b1ffe943faa4 |
C:\Program Files\7-Zip\Lang\backup.exe
| MD5 | 0933e4394001146c3bb5a7a80d8a9e38 |
| SHA1 | 11f62ecfa088256e4d43300e625c73c1dd05768d |
| SHA256 | 2fb1c30e6580aa4d49248d726c0bac2cc8a485467b24852084bfb6a2f6877083 |
| SHA512 | 010ebb25b2b6df18a20df17fbb95551092a4c8ea4b7b01beac6b97751cce7ed99fa7cd4829d8e3ad08ae8ffeef48c45f8773368815257b321b699f0cfe88db4e |
memory/1200-52-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2408-53-0x0000000000400000-0x0000000000415000-memory.dmp
C:\Program Files\Common Files\DESIGNER\backup.exe
| MD5 | 84618f57767a156133c0410aff14d4d8 |
| SHA1 | d1f4b9fba7dc34c4b0a7ee0d4ef16fe86dee8bcb |
| SHA256 | a03df8471404a3eb75496c6e71d8fdc253c14c14e8a115627a55fef9e8660c53 |
| SHA512 | 8488cde4a3434bdcca04d10c840d8fa21f9f9bfba8ef0344fb5211c681d4bd296e547f7f52ff9365dde6fc59b033289886749b5e8447a3b0220ddfe78b63f8e0 |
memory/3392-66-0x0000000000400000-0x0000000000415000-memory.dmp
C:\Program Files\Common Files\microsoft shared\ClickToRun\backup.exe
| MD5 | d3f72114ebf93e33e21ff8f338dd0980 |
| SHA1 | 3943d48d4c75e24b0b550830846994f347dbe8a3 |
| SHA256 | 18cacfd70cbc43b23a5657a6a717cde83825b748bedffeae35b10bb85af39c06 |
| SHA512 | 9e9d2601c47ddd3f1be6254f2612f55072967f275a061da35a4173982cc727a86686e41da366743c1746badb56c0ca88a796a92db52ee0617e73f518bfd0dc56 |
memory/4212-79-0x0000000000400000-0x0000000000415000-memory.dmp
C:\Program Files\Common Files\microsoft shared\ink\ar-SA\backup.exe
| MD5 | 2cf47a9c199dd786fb4f649e8b1d0866 |
| SHA1 | a23b75ce9e06021226a121e0d8a3d21e18d63250 |
| SHA256 | 771f58f7283532f86642f6ddd566bb8f81439646e1d4190c22ef805ce7cf027e |
| SHA512 | 19f60eb83ecd177e8b5b592fad434187868fb6c2272e997b15d77858cc1ccdbbfd25b28ce44fc0334905be84caf450731ea19e2389f6d0439f42bb536eb377d3 |
memory/4900-94-0x0000000000400000-0x0000000000415000-memory.dmp
memory/4540-100-0x0000000000400000-0x0000000000415000-memory.dmp
memory/840-106-0x0000000000400000-0x0000000000415000-memory.dmp
memory/928-114-0x0000000000400000-0x0000000000415000-memory.dmp
memory/224-122-0x0000000000400000-0x0000000000415000-memory.dmp
memory/68-128-0x0000000000400000-0x0000000000415000-memory.dmp
C:\Program Files\Common Files\microsoft shared\ink\en-GB\update.exe
| MD5 | 532981b70714b76846e807c7e319763d |
| SHA1 | f3b869878187f1670eb8a3dab6a1af483e3f6930 |
| SHA256 | 22710ab598808e5888a140f134785829600ab8909b332ee1e6ff90f659d79c7d |
| SHA512 | 5725a4596456fe67edbb4420be620b1484c08b7c6f9a5366444ceb52616ad0b2ae61a11633d55b03b681baf9024e0fb7cb286a3f50cf88aed131becd92c5e222 |
memory/5000-135-0x0000000000400000-0x0000000000415000-memory.dmp
memory/3232-141-0x0000000000400000-0x0000000000415000-memory.dmp
memory/1676-148-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2980-157-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2756-164-0x0000000000400000-0x0000000000415000-memory.dmp
memory/3328-170-0x0000000000400000-0x0000000000415000-memory.dmp
memory/1316-176-0x0000000000400000-0x0000000000415000-memory.dmp
C:\Program Files\Common Files\microsoft shared\ink\fr-FR\backup.exe
| MD5 | 2b8c55a9f5fb068d5eb927175dc7e4c6 |
| SHA1 | b8f0f399cde063b070d532e70304dd0ae9647e03 |
| SHA256 | ee7b3168b72bdadfee641ca8293ba18c24a2ec7ab918c065a6c8167be07d4d90 |
| SHA512 | d5a9ec694fda1d9a97bf584c6435b58a5eab0ec1b5a1ce0cbc1e9a5a3abd900a67912a153462c1419c7da7cdf35d494ad6f3d851f3041201db8a3aaa82a81320 |
memory/2696-183-0x0000000000400000-0x0000000000415000-memory.dmp
C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\backup.exe
| MD5 | 210041b403324d73eedafee8ccb44673 |
| SHA1 | aa07b52862a251a1c2fc1003ee5fcf04b646ccdb |
| SHA256 | 153b5e792f912a1016af6bd7f79756a457f1514398b5b75bf58343ba7560c1b3 |
| SHA512 | a10e0a8801910b5f25464f8427c10dc60fdf3202d75184e84814903e7129c374f97dd11f163b922806353312611940b27c9a67495d0861b72cdc6ef7608d00f7 |
memory/3472-197-0x0000000000400000-0x0000000000415000-memory.dmp
memory/4304-203-0x0000000000400000-0x0000000000415000-memory.dmp
memory/3940-210-0x0000000000400000-0x0000000000415000-memory.dmp
memory/3256-219-0x0000000000400000-0x0000000000415000-memory.dmp
memory/4020-226-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2328-233-0x0000000000400000-0x0000000000415000-memory.dmp
memory/396-239-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2768-244-0x0000000000400000-0x0000000000415000-memory.dmp
memory/3068-249-0x0000000000400000-0x0000000000415000-memory.dmp
memory/4672-253-0x0000000000400000-0x0000000000415000-memory.dmp
memory/3464-255-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2408-256-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2408-260-0x0000000000400000-0x0000000000415000-memory.dmp
memory/4956-265-0x0000000000400000-0x0000000000415000-memory.dmp
memory/4460-271-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2316-275-0x0000000000400000-0x0000000000415000-memory.dmp
memory/4100-280-0x0000000000400000-0x0000000000415000-memory.dmp
memory/1532-285-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2268-290-0x0000000000400000-0x0000000000415000-memory.dmp
memory/4892-296-0x0000000000400000-0x0000000000415000-memory.dmp
memory/4788-300-0x0000000000400000-0x0000000000415000-memory.dmp
memory/4052-306-0x0000000000400000-0x0000000000415000-memory.dmp
memory/3008-310-0x0000000000400000-0x0000000000415000-memory.dmp
memory/3180-316-0x0000000000400000-0x0000000000415000-memory.dmp
memory/1412-320-0x0000000000400000-0x0000000000415000-memory.dmp
memory/3588-326-0x0000000000400000-0x0000000000415000-memory.dmp
memory/1068-331-0x0000000000400000-0x0000000000415000-memory.dmp
memory/516-336-0x0000000000400000-0x0000000000415000-memory.dmp
memory/5116-340-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2704-346-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2680-350-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2552-356-0x0000000000400000-0x0000000000415000-memory.dmp
memory/3136-360-0x0000000000400000-0x0000000000415000-memory.dmp
memory/612-366-0x0000000000400000-0x0000000000415000-memory.dmp
memory/1400-370-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2532-375-0x0000000000400000-0x0000000000415000-memory.dmp
memory/1272-380-0x0000000000400000-0x0000000000415000-memory.dmp
memory/4396-385-0x0000000000400000-0x0000000000415000-memory.dmp
memory/1848-386-0x0000000000400000-0x0000000000415000-memory.dmp
memory/4224-396-0x0000000000400000-0x0000000000415000-memory.dmp
memory/3000-400-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2844-406-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2996-411-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2908-416-0x0000000000400000-0x0000000000415000-memory.dmp
memory/3516-421-0x0000000000400000-0x0000000000415000-memory.dmp
memory/400-426-0x0000000000400000-0x0000000000415000-memory.dmp
memory/4304-427-0x0000000000400000-0x0000000000415000-memory.dmp
memory/4956-437-0x0000000000400000-0x0000000000415000-memory.dmp
memory/4460-435-0x0000000000400000-0x0000000000415000-memory.dmp
memory/384-441-0x0000000000400000-0x0000000000415000-memory.dmp
memory/3132-446-0x0000000000400000-0x0000000000415000-memory.dmp
memory/4540-452-0x0000000000400000-0x0000000000415000-memory.dmp
memory/4788-460-0x0000000000400000-0x0000000000415000-memory.dmp
memory/4936-462-0x0000000000400000-0x0000000000415000-memory.dmp
memory/3544-467-0x0000000000400000-0x0000000000415000-memory.dmp
memory/3212-472-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2588-473-0x0000000000400000-0x0000000000415000-memory.dmp
memory/1556-478-0x0000000000400000-0x0000000000415000-memory.dmp
memory/4528-483-0x0000000000400000-0x0000000000415000-memory.dmp
memory/1728-484-0x0000000000400000-0x0000000000415000-memory.dmp
memory/4420-489-0x0000000000400000-0x0000000000415000-memory.dmp
memory/1492-494-0x0000000000400000-0x0000000000415000-memory.dmp
memory/4944-497-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2664-499-0x0000000000400000-0x0000000000415000-memory.dmp
memory/4184-501-0x0000000000400000-0x0000000000415000-memory.dmp
memory/4316-502-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2640-507-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2348-512-0x0000000000400000-0x0000000000415000-memory.dmp
memory/3136-521-0x0000000000400000-0x0000000000415000-memory.dmp
memory/848-526-0x0000000000400000-0x0000000000415000-memory.dmp
memory/3556-530-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2936-536-0x0000000000400000-0x0000000000415000-memory.dmp
memory/1272-540-0x0000000000400000-0x0000000000415000-memory.dmp
memory/392-545-0x0000000000400000-0x0000000000415000-memory.dmp
memory/3980-547-0x0000000000400000-0x0000000000415000-memory.dmp
memory/5024-552-0x0000000000400000-0x0000000000415000-memory.dmp
memory/4224-557-0x0000000000400000-0x0000000000415000-memory.dmp
Analysis: behavioral29
Detonation Overview
Submitted
2024-11-16 22:34
Reported
2024-11-16 22:37
Platform
win7-20241023-en
Max time kernel
150s
Max time network
124s
Command Line
Signatures
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\xapounq.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~DFA1B1.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\lohyryd.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\app stroe.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\xapounq.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~DFA1B1.tmp | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\lohyryd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\app stroe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\xapounq.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\~DFA1B1.tmp | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\~DFA1B1.tmp | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\app stroe.exe
"C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\app stroe.exe"
C:\Users\Admin\AppData\Local\Temp\xapounq.exe
C:\Users\Admin\AppData\Local\Temp\xapounq.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\_uninsep.bat" "
C:\Users\Admin\AppData\Local\Temp\~DFA1B1.tmp
C:\Users\Admin\AppData\Local\Temp\~DFA1B1.tmp OK
C:\Users\Admin\AppData\Local\Temp\lohyryd.exe
"C:\Users\Admin\AppData\Local\Temp\lohyryd.exe"
Network
| Country | Destination | Domain | Proto |
| JP | 27.125.205.36:11170 | tcp | |
| KR | 218.54.28.146:11180 | tcp | |
| JP | 27.125.205.36:11170 | tcp |
Files
memory/1736-2-0x0000000000400000-0x00000000004E0000-memory.dmp
\Users\Admin\AppData\Local\Temp\xapounq.exe
| MD5 | a429850d8a856a05b26fcbde2cc3c653 |
| SHA1 | df72f3905749999d61703d9c5926b48cf0f39823 |
| SHA256 | 4330f158146d36be76074f53c3715085b20a26a3bb08a99e76212add02ecd863 |
| SHA512 | db7b6fe7772e2f5730a51d59f3f8a917c77b88cd258e6731b8f5938aa289a5fdcf752273f4c99c6b55a0d6471f1205896157f084ecfbdd42ed72b8d0fc650728 |
memory/1736-9-0x0000000001F40000-0x0000000002020000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_uninsep.bat
| MD5 | fa241bb53d778e95e5d451463e580d58 |
| SHA1 | 9f6a150272a3d231fd8f22befca20ce8ce285075 |
| SHA256 | 1970ccc2659cbe5a7b9b3693ae82b69ead9014a14bfe9c566c09bda1ddb053f7 |
| SHA512 | c21b676da6372a06d30bb821dec597bc323edcc580ca6c34d1ca982d2b4a067a606301226a5bf7274267f49657084168a75b167502bb76e44206147bdf3adb95 |
C:\Users\Admin\AppData\Local\Temp\golfinfo.ini
| MD5 | 705525ab9a15f55d8d58206c5cab7890 |
| SHA1 | 03be9e16fa234405fec40b5ba2386cea30e68eb9 |
| SHA256 | 0be8c5c9297b49016a47be7999986e0fd31df325b7736adc2edfb6b145e6dc06 |
| SHA512 | 344c0065aca3d8e84d6a396008588e0cc660939508f7a60da02f9dfdd67f21e22bc12243839cb1d5a71d3868492175af346fb5d9b312099298c0f5724e3a0a7a |
memory/1736-20-0x0000000000400000-0x00000000004E0000-memory.dmp
memory/2316-22-0x0000000000400000-0x00000000004E0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\~DFA1B1.tmp
| MD5 | 6258e261b42ab339d506c8a757400664 |
| SHA1 | 1373f54b08c307facc66404cc865042579415b36 |
| SHA256 | f30bc43c49de521a1b042e69cdb6bfcaef6e8aee77d0afb45d06d2807cfbb303 |
| SHA512 | 7e7c5b6c1cbf150f8125245720f6380b37fc6a1eec2eec3e422d1f2725889e63c2550c53997f73e4c77a9013f214569b2fb597b4fb6ddc4b9eb6294df36265da |
memory/2460-29-0x0000000000400000-0x00000000004E0000-memory.dmp
memory/2316-28-0x0000000002D40000-0x0000000002E20000-memory.dmp
memory/2316-32-0x0000000000400000-0x00000000004E0000-memory.dmp
memory/1736-33-0x0000000001F40000-0x0000000002020000-memory.dmp
memory/2460-34-0x0000000000400000-0x00000000004E0000-memory.dmp
\Users\Admin\AppData\Local\Temp\lohyryd.exe
| MD5 | 22631c9d94a255c2c99d2ec867f63256 |
| SHA1 | 9f59b244debc4f29d7b1594920bdd197a83e3a17 |
| SHA256 | 52a11f86d374fc83908dd608f6a5fba1d7d2ae9cdd523042e294472209a9f433 |
| SHA512 | 4e3d4d95c93af25a974ace8293870a7257d91d02cd77b0bab2b9f280a998407b2c8a186261ad9ffddedaf57909cedd005c6bc9055ad8b19dabaf47ab1e9a9de2 |
memory/2248-47-0x0000000000400000-0x000000000053E000-memory.dmp
memory/2460-46-0x0000000003E10000-0x0000000003F4E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\gbp.ini
| MD5 | 86bb2dbeaef655893262f3c041f6afe2 |
| SHA1 | 1b26ff1241c1353bd506c18bd0c11878076ba65d |
| SHA256 | 4a57643d2c59d1235bc0926f845583f39345839e3e9428ad619eb4b6baf96ad2 |
| SHA512 | 58294cfaa5882a4c5625c03fe6f9e4882912b31f7169241f95626745d66c0a746083a9044365943d66ae7a420113d28c0ddd642c4ed697c683deb63796a13d31 |
memory/2460-49-0x0000000000400000-0x00000000004E0000-memory.dmp
memory/2248-50-0x0000000000400000-0x000000000053E000-memory.dmp
memory/2460-65-0x0000000003E10000-0x0000000003F4E000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-16 22:34
Reported
2024-11-16 22:34
Platform
win7-20240903-en
Max time kernel
0s
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-11-16 22:34
Reported
2024-11-16 22:37
Platform
win7-20240903-en
Max time kernel
135s
Max time network
138s
Command Line
Signatures
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Barys.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks installed software on the system
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Barys.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Barys.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Barys.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Barys.exe | N/A |
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Barys.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Barys.exe
"C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Barys.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | retpolerta.com | udp |
Files
memory/2508-0-0x0000000001C40000-0x0000000001CDB000-memory.dmp
memory/2508-1-0x0000000000400000-0x000000000049A000-memory.dmp
memory/2508-2-0x00000000001D0000-0x00000000001D1000-memory.dmp
memory/2508-3-0x00000000001E0000-0x00000000001E1000-memory.dmp
memory/2508-6-0x0000000000200000-0x0000000000201000-memory.dmp
memory/2508-5-0x00000000001F0000-0x00000000001F1000-memory.dmp
memory/2508-4-0x00000000001E0000-0x00000000001E1000-memory.dmp
memory/2508-7-0x00000000001E0000-0x00000000001E1000-memory.dmp
memory/2508-9-0x0000000000400000-0x000000000049A000-memory.dmp
memory/2508-8-0x00000000001E0000-0x00000000001E1000-memory.dmp
memory/2508-20-0x0000000001D80000-0x0000000001D81000-memory.dmp
memory/2508-19-0x00000000003F0000-0x00000000003F1000-memory.dmp
memory/2508-18-0x0000000001D80000-0x0000000001D81000-memory.dmp
memory/2508-17-0x00000000003F0000-0x00000000003F1000-memory.dmp
memory/2508-16-0x00000000002A0000-0x00000000002A1000-memory.dmp
memory/2508-15-0x0000000001D80000-0x0000000001D81000-memory.dmp
memory/2508-14-0x00000000003F0000-0x00000000003F1000-memory.dmp
memory/2508-13-0x00000000002A0000-0x00000000002A1000-memory.dmp
memory/2508-12-0x0000000000290000-0x0000000000291000-memory.dmp
memory/2508-11-0x00000000001F0000-0x00000000001F1000-memory.dmp
memory/2508-10-0x00000000001E0000-0x00000000001E1000-memory.dmp
memory/2508-21-0x00000000002A0000-0x00000000002A1000-memory.dmp
memory/2508-22-0x00000000003F0000-0x00000000003F1000-memory.dmp
memory/2508-23-0x00000000002A0000-0x00000000002A1000-memory.dmp
memory/2508-24-0x00000000001F0000-0x00000000001F1000-memory.dmp
memory/2508-25-0x00000000001E0000-0x00000000001E1000-memory.dmp
memory/2508-26-0x00000000001F0000-0x00000000001F1000-memory.dmp
memory/2508-27-0x0000000000200000-0x0000000000201000-memory.dmp
memory/2508-28-0x00000000001E0000-0x00000000001E1000-memory.dmp
memory/2508-29-0x00000000001E0000-0x00000000001E1000-memory.dmp
memory/2508-30-0x00000000001E0000-0x00000000001E1000-memory.dmp
memory/2508-31-0x00000000002A0000-0x00000000002A1000-memory.dmp
memory/2508-36-0x00000000003F0000-0x00000000003F1000-memory.dmp
memory/2508-35-0x00000000002A0000-0x00000000002A1000-memory.dmp
memory/2508-34-0x0000000001D80000-0x0000000001D81000-memory.dmp
memory/2508-33-0x00000000003F0000-0x00000000003F1000-memory.dmp
memory/2508-32-0x00000000002A0000-0x00000000002A1000-memory.dmp
memory/2508-37-0x00000000002A0000-0x00000000002A1000-memory.dmp
memory/2508-38-0x00000000002A0000-0x00000000002A1000-memory.dmp
memory/2508-39-0x00000000002A0000-0x00000000002A1000-memory.dmp
memory/2508-40-0x00000000002A0000-0x00000000002A1000-memory.dmp
memory/2508-41-0x00000000002A0000-0x00000000002A1000-memory.dmp
memory/2508-42-0x00000000002A0000-0x00000000002A1000-memory.dmp
\Users\Admin\AppData\Local\Temp\715cd7ac
| MD5 | d47ad2979d9f7bea7a63d2c7b234c8f6 |
| SHA1 | e138a3a6f8f1d7811be5920e6885a49846a0fce2 |
| SHA256 | dc2a53c03c8b0bbf66b177fdb758ef239633b0c6da79fd298b60749b1183a0af |
| SHA512 | 5223ee6a046c81f7d2ae02d75a416c8c8d721d4d4a6949006dbda8d1d593d12fccdb582db19d14e546b8177eda8188ed8f07ea13f664402fd7c065e1d44cc6f5 |
memory/2508-47-0x0000000000400000-0x000000000049A000-memory.dmp
Analysis: behavioral9
Detonation Overview
Submitted
2024-11-16 22:34
Reported
2024-11-16 22:37
Platform
win7-20240903-en
Max time kernel
119s
Max time network
123s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Dynamer.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Dynamer.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1076 wrote to memory of 1528 | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Dynamer.exe | C:\Windows\SysWOW64\WerFault.exe |
| PID 1076 wrote to memory of 1528 | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Dynamer.exe | C:\Windows\SysWOW64\WerFault.exe |
| PID 1076 wrote to memory of 1528 | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Dynamer.exe | C:\Windows\SysWOW64\WerFault.exe |
| PID 1076 wrote to memory of 1528 | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Dynamer.exe | C:\Windows\SysWOW64\WerFault.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Dynamer.exe
"C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Dynamer.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 432
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-16 22:34
Reported
2024-11-16 22:37
Platform
win10v2004-20241007-en
Max time kernel
148s
Max time network
152s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Adobe Reader.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\asih.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Adobe Reader.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\asih.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3904 wrote to memory of 4208 | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Adobe Reader.exe | C:\Users\Admin\AppData\Local\Temp\asih.exe |
| PID 3904 wrote to memory of 4208 | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Adobe Reader.exe | C:\Users\Admin\AppData\Local\Temp\asih.exe |
| PID 3904 wrote to memory of 4208 | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Adobe Reader.exe | C:\Users\Admin\AppData\Local\Temp\asih.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Adobe Reader.exe
"C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Adobe Reader.exe"
C:\Users\Admin\AppData\Local\Temp\asih.exe
"C:\Users\Admin\AppData\Local\Temp\asih.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | emrlogistics.com | udp |
| US | 3.19.116.195:443 | emrlogistics.com | tcp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 3.18.7.81:443 | emrlogistics.com | tcp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 3.19.116.195:443 | emrlogistics.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 3.18.7.81:443 | emrlogistics.com | tcp |
| US | 3.19.116.195:443 | emrlogistics.com | tcp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 3.18.7.81:443 | emrlogistics.com | tcp |
| US | 3.19.116.195:443 | emrlogistics.com | tcp |
| US | 3.18.7.81:443 | emrlogistics.com | tcp |
Files
memory/3904-0-0x0000000000500000-0x000000000050F000-memory.dmp
memory/3904-1-0x00000000005E0000-0x00000000005E6000-memory.dmp
memory/3904-2-0x00000000005E0000-0x00000000005E6000-memory.dmp
memory/3904-3-0x0000000000600000-0x0000000000606000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\asih.exe
| MD5 | 70ad66092dc58c51a3594b425f6ede37 |
| SHA1 | ccd729a8a6464fa4ba504798b6d82388f6d4db33 |
| SHA256 | cc5a7a4be50871408a20e53b38462ecf7201fcd05c0d53a66570182fb0005f41 |
| SHA512 | 105ed1cbcbcb6f6ba765c3505acf86627260b99df5f984ea2a6104d6ba8e93f6d477b01b3fc04dc6a4cc4245ad69a0a925720486ed1b3d7a0c5279133f719a3e |
memory/3904-18-0x0000000000500000-0x000000000050F000-memory.dmp
memory/4208-20-0x00000000004E0000-0x00000000004E6000-memory.dmp
memory/4208-26-0x00000000004C0000-0x00000000004C6000-memory.dmp
memory/4208-27-0x0000000000500000-0x000000000050F000-memory.dmp
Analysis: behavioral15
Detonation Overview
Submitted
2024-11-16 22:34
Reported
2024-11-16 22:37
Platform
win7-20240903-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Detects MyDoom family
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
MyDoom
Mydoom family
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Flyagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Flyagent.exe | N/A |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Flyagent.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Flyagent.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Flyagent.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\services.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Flyagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Flyagent.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Flyagent.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Flyagent.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1716 wrote to memory of 2132 | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Flyagent.exe | C:\Windows\services.exe |
| PID 1716 wrote to memory of 2132 | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Flyagent.exe | C:\Windows\services.exe |
| PID 1716 wrote to memory of 2132 | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Flyagent.exe | C:\Windows\services.exe |
| PID 1716 wrote to memory of 2132 | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Flyagent.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Flyagent.exe
"C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Flyagent.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 10.0.77.20:1034 | tcp | |
| N/A | 172.16.1.116:1034 | tcp | |
| N/A | 172.16.1.5:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.42.10:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| N/A | 10.6.70.182:1034 | tcp | |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 204.13.239.180:25 | alumni.caltech.edu | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| N/A | 172.16.1.126:1034 | tcp | |
| US | 8.8.8.8:53 | mx.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mx.gzip.org | udp |
| US | 8.8.8.8:53 | mail.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | smtp.alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | mail.gzip.org | udp |
| US | 85.187.148.2:25 | mail.gzip.org | tcp |
| N/A | 172.16.1.116:1034 | tcp | |
| US | 8.8.8.8:53 | apple.com | udp |
| US | 8.8.8.8:53 | mx-in-vib.apple.com | udp |
| US | 8.8.8.8:53 | unicode.org | udp |
| DK | 17.57.170.2:25 | mx-in-vib.apple.com | tcp |
| US | 8.8.8.8:53 | alt3.aspmx.l.google.com | udp |
| FI | 142.250.150.27:25 | alt3.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 88.221.134.89:80 | r11.o.lencr.org | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 88.221.135.105:80 | r11.o.lencr.org | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | email.apple.com | udp |
| US | 8.8.8.8:53 | mx-in-hfd.apple.com | udp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| NL | 17.57.165.2:25 | mx-in-hfd.apple.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | lists.unicode.org | udp |
| US | 8.8.8.8:53 | lists.unicode.org | udp |
| US | 8.8.8.8:53 | corp.unicode.org | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | corp.unicode.org | udp |
| US | 64.182.22.132:25 | corp.unicode.org | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| N/A | 10.150.78.55:1034 | tcp | |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | mx-in-rn.apple.com | udp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 17.56.176.6:25 | mx-in-rn.apple.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| BE | 142.251.168.26:25 | aspmx.l.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 8.8.8.8:53 | mx-in.g.apple.com | udp |
| NL | 17.57.165.2:25 | mx-in.g.apple.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 64.182.22.132:25 | corp.unicode.org | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| N/A | 10.218.249.159:1034 | tcp | |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 2.18.190.71:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 23.192.22.93:80 | www.microsoft.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | tcp | |
| US | 209.202.254.10:443 | tcp | |
| GB | 172.217.16.228:80 | tcp | |
| US | 209.202.254.10:80 | tcp |
Files
memory/1716-0-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1716-3-0x0000000000220000-0x0000000000228000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
memory/2132-10-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/1716-16-0x0000000000500000-0x0000000000510200-memory.dmp
memory/1716-17-0x0000000000220000-0x0000000000228000-memory.dmp
memory/2132-19-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2132-20-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2132-25-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2132-30-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1716-31-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2132-32-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1716-36-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2132-37-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | abb7c5c40e301eabb5d6adf5d24979d2 |
| SHA1 | f1a0daf7a8ecebfaab27e7866b251550cfb1eddc |
| SHA256 | 4e6dd5f4c00ef6746122f16feb3763621bfdce08d5ebfb196f1a6436c1781f1d |
| SHA512 | cf6ac5cc3d613079abbb7cd9d1804483843fb14746896bb47ee5fea9ded670c3ce297cf9704dbff7f48888130d68b2e5295b9222f2450efa2a8f08f7c624e1b5 |
C:\Users\Admin\AppData\Local\Temp\tmp254E.tmp
| MD5 | 56c54807da77c38e3102080bf9185c18 |
| SHA1 | 06708baf616e21fc532e4a79cc3a7d231a8db0a4 |
| SHA256 | e20886e6e547ffe26970ea784ed795a35f32967791e24531628f35fa65b75e73 |
| SHA512 | 607e6fcdda969df83e6c6fdece5125e222c7a128abeb0f5ea6e9fbdf4d0bf882cb064d37cd7b9067a3ecb0262524dbae6b69f3b0ad71bc10a3aea3b49bd076b9 |
memory/1716-57-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2132-58-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2132-60-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1716-64-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2132-65-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1716-69-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2132-70-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1716-71-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2132-72-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2132-77-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 85af4261579468b14f65a62c1fd6bcb1 |
| SHA1 | e54cfc549527116aa325cbd9e153ca9aff3b020b |
| SHA256 | aaae803e53bd000b68d07aeb509ebee74837d81da6451037fcfbe3f76666f8aa |
| SHA512 | fb4a712ee27772638d387ab6645cf450f4e32c7d186b6db158fd8a96fb1e60c263323a2576d82dd922482dcafc7349072b96747328aa7268a7f5d3d932c81832 |
C:\Users\Admin\AppData\Local\Temp\Cab2353.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2366.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f297b1ff24a664ca8b6f0c10febba875 |
| SHA1 | d191196f3b6c74b7114245aa90e9e605ec360ae4 |
| SHA256 | 969e808d819313eb78f96c83f3f8f9c91f43bd24ad9997ffda377dd4c0867583 |
| SHA512 | 1070afe9a93ab15e5c638c28f46ffd596ab9226ae0e682af3adf0222988e35ef3d698f002d9a153bf5e81560d183864bf141737c1e90b859058924a7777d11a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6144a4f430de1cb26d4a961f1e91b2b |
| SHA1 | 1ec8badf4525e4167abec75060655b560fd497e2 |
| SHA256 | 117c08ee83ab55d58bbaf10e6fb4f422fe1e80ffc2ae747bf5bfccbf3fb29f0c |
| SHA512 | a0e7e582f69aea8255a4c4b07a485a21cba29b42600f90459325e1e042eef8c6f47dffad90c9f98fa03f82b473089d7921ddd692b4739da3f7bd68264d6a7126 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 79ac78dbfc257aa993d56b9478b84db9 |
| SHA1 | f811b57aaf3e6ff55a0153cde1eb5ae917254f10 |
| SHA256 | 3c45367462d543e0ee189a3c1a8a1a51c767bb8637567f95a2b7adf92eb6859e |
| SHA512 | 3f5c563243d39177d766188eb408a573ac6f8eb71a7ad037908f828a2a943f61f4683b404b1c2c83aa0315386e90730180ebc4ce8ef26ae1abb473049ea98322 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4bc36dc815f33293a1ba117891dd92b1 |
| SHA1 | 129f7802cf00ce45c45675426edf804aae2b07c6 |
| SHA256 | dbc0bb8c2b71ea38c12762a67223345b0babb6e0f66c6b1cee6ff48fbf8baef8 |
| SHA512 | dbeb539172c87413d2613df9f464abe1a9d1d192285efc72cbccef2f726985e08a19321c8edd465d9a7bd57f7870de7ff11d601b8bdc795af8ac094a42a4d1cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a9cf9bbb0f4e78c3b7fa9daec1a760a |
| SHA1 | c3a51a4f0fdf060d412fdb755eb40feadb32ce4b |
| SHA256 | c572cde82d872253b6a19d7c6dbeb6f7ec656a242ea52f830122a2bc5facd625 |
| SHA512 | 25c5583fcaba6e3251ca7f0c5825012bf2a5eccc34f413eb858371dcb52ca04769575325bc8fc6bac6f586bb20adf133736c6e610b9363dce78a234e7e62b454 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q4648X1K\NWYU3UT1.htm
| MD5 | 68189cba4db3931eacf86e39ccdd7f45 |
| SHA1 | 7d7e5995bea403a6d356c2d3c010c74f74cd76fa |
| SHA256 | 22a1fe362e66ed4e42700343f73c1a3d005e10e8f190ddab741fad379f750fcc |
| SHA512 | 74ddf5d50dbb0f8ffb806e90d87fc5e81b5e8da8a3410f312c2bc1e0d246b9bdb5d982b8e19a6bfb42bf77c2c260b4266b3ae950ee323227f9a2d81f636d8f81 |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | 62be775b9c5cfc76051245f1718bcb7b |
| SHA1 | 45e4f96d61da2897cf26b63c2fbbd44f4221e5ae |
| SHA256 | 2f46beb33d523c0bb62688b2991f5775ca35557c8b11e6ed10de689e149e1777 |
| SHA512 | 78b68279ad48f79ccb5ceae44d7995ebe17e10c3a599b24e7f440b0a8d2b87f59fc7060c39368f4e839f60e964dac41c6b23513294811daba8ef95acc69ae548 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQQODH7V\search[2].htm
| MD5 | 8ba61a16b71609a08bfa35bc213fce49 |
| SHA1 | 8374dddcc6b2ede14b0ea00a5870a11b57ced33f |
| SHA256 | 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1 |
| SHA512 | 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1 |
memory/1716-337-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2132-338-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q4648X1K\search[2].htm
| MD5 | 3a6764322484d41302ef97d769af5429 |
| SHA1 | 64518cd0c84a65d24b661a6842679f482964d809 |
| SHA256 | 1c36d4a2256767c4bbeb524abff60d3a5c1fc05208605a32470df8998b25742e |
| SHA512 | d107bfb2a37fae2802a4f3745367bfc9f609ccc6df2dbf34f35c4f5f708f9e95a8573e68199934fa14b273ba8195973f57d8d148494dc9d3647e891c38f25731 |
memory/1716-420-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2132-421-0x0000000000400000-0x0000000000408000-memory.dmp
memory/1716-500-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2132-509-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROLMKJ86\default[4].htm
| MD5 | ccfe63b884fe4225fa33f618a54ce37a |
| SHA1 | bbb0778c1597eafe7fb9c5c65412f8ab04b2e311 |
| SHA256 | f7dd5bab49466a4cdb6a7f5a0e07a158f7a1567bd809ed745812469775b33112 |
| SHA512 | 858f345503c89ba075b374764145fba5b1a9d3440d1628edeab0a3e02cc7cbfbe1119c20747026e69d630ed262d3c91c5073ef06823cf727dfcb11605c7c5ff8 |
Analysis: behavioral27
Detonation Overview
Submitted
2024-11-16 22:34
Reported
2024-11-16 22:37
Platform
win7-20241010-en
Max time kernel
121s
Max time network
126s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Zombie.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Zombie.exe
"C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Zombie.exe"
Network
Files
memory/2900-0-0x0000000000400000-0x000000000040A000-memory.dmp
memory/2900-2-0x0000000000400000-0x000000000040A000-memory.dmp
Analysis: behavioral20
Detonation Overview
Submitted
2024-11-16 22:34
Reported
2024-11-16 22:37
Platform
win10v2004-20241007-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MSRATING.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.49.80.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
Files
memory/16904-0-0x0000000075660000-0x00000000758E4000-memory.dmp
memory/16888-1-0x0000000075660000-0x00000000758E4000-memory.dmp
memory/16864-3-0x0000000075660000-0x00000000758E4000-memory.dmp
memory/16876-2-0x0000000075660000-0x00000000758E4000-memory.dmp
Analysis: behavioral7
Detonation Overview
Submitted
2024-11-16 22:34
Reported
2024-11-16 22:37
Platform
win7-20240903-en
Max time kernel
117s
Max time network
124s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Butcher Crypter.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Butcher Crypter.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Butcher Crypter.exe
"C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Butcher Crypter.exe"
Network
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-11-16 22:34
Reported
2024-11-16 22:37
Platform
win7-20240903-en
Max time kernel
117s
Max time network
119s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\FloodFix.exe
"C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\FloodFix.exe"
Network
Files
memory/3020-0-0x0000000000400000-0x0000000000413000-memory.dmp
Analysis: behavioral14
Detonation Overview
Submitted
2024-11-16 22:34
Reported
2024-11-16 22:37
Platform
win10v2004-20241007-en
Max time kernel
92s
Max time network
152s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\FloodFix.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\FloodFix.exe
"C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\FloodFix.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-11-16 22:34
Reported
2024-11-16 22:37
Platform
win10v2004-20241007-en
Max time kernel
141s
Max time network
139s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\InstallCore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\InstallCore.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\InstallCore.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\InstallCore.exe
"C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\InstallCore.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| GB | 142.250.180.2:80 | partner.googleadservices.com | tcp |
| GB | 216.58.201.98:80 | www.googletagservices.com | tcp |
| GB | 216.58.201.98:443 | www.googletagservices.com | tcp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 216.58.201.99:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 216.58.201.99:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
Files
memory/5052-0-0x0000000000401000-0x000000000040A000-memory.dmp
memory/5052-4-0x00000000023B0000-0x00000000024F6000-memory.dmp
memory/5052-6-0x00000000023B0000-0x00000000024F6000-memory.dmp
memory/5052-5-0x0000000000400000-0x0000000000415000-memory.dmp
memory/5052-1-0x00000000023B0000-0x00000000024F6000-memory.dmp
memory/5052-106-0x00000000023B0000-0x00000000024F6000-memory.dmp
memory/5052-107-0x00000000023B0000-0x00000000024F6000-memory.dmp
memory/5052-109-0x00000000023B0000-0x00000000024F6000-memory.dmp
memory/5052-108-0x00000000023B0000-0x00000000024F6000-memory.dmp
memory/5052-110-0x00000000023B0000-0x00000000024F6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ish240646921\bootstrap_57590.html
| MD5 | 1ea9e5b417811379e874ad4870d5c51a |
| SHA1 | a4bd01f828454f3619a815dbe5423b181ec4051c |
| SHA256 | f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a |
| SHA512 | 965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa |
C:\Users\Admin\AppData\Local\Temp\ish240646921\css\sdk-ui\progress-bar.css
| MD5 | 5335f1c12201b5f7cf5f8b4f5692e3d1 |
| SHA1 | 13807a10369f7ff9ab3f9aba18135bccb98bec2d |
| SHA256 | 974cd89e64bdaa85bf36ed2a50af266d245d781a8139f5b45d7c55a0b0841dda |
| SHA512 | 0d4e54d2ffe96ccf548097f7812e3608537b4dae9687816983fddfb73223c196159cc6a39fcdc000784c79b2ced878efbc7a5b5f6e057973bf25b128124510df |
C:\Users\Admin\AppData\Local\Temp\ish240646921\css\main.css
| MD5 | 0860a940abec13648eec1333b3c3f786 |
| SHA1 | 42395eda7237e488e1103ff3eb87dc0ff0ca09fc |
| SHA256 | 0a19ecb9efd9e6f3488171620dabb9a14a19995b662afba81b432338c6e2b503 |
| SHA512 | f7ed99b99af1e0e6a71d09af6fc5136ac5180a3edbc52bcceb25864247cb86a19868c4452ff0481a2624142c6af9d8cd64dba85ebc67258e7885c4e95780d344 |
C:\Users\Admin\AppData\Local\Temp\ish240646921\images\close.png
| MD5 | 11145975e3e0e33c7ddf3fd28edbd3f8 |
| SHA1 | fe1fbfd9ffe72637c87f07bb46e75956309fdf20 |
| SHA256 | 8caba3304d24488a8d88ee9b1aee3fcafd409bdfedf075b66abd66a55d38ab43 |
| SHA512 | f6d74a61eb788fc9c65c20b94a80dc810bb3270cd4919193086644a97ad17824cae97d4c1d7a9a080445dea09d4a7ad30a529d9905cee51710f41f0f5bef7458 |
C:\Users\Admin\AppData\Local\Temp\ish240646921\images\progress_bar.png
| MD5 | eabb61abba55f80af418fa1128d1548d |
| SHA1 | a5ee1d55de2cc60966039120c830fc19cefb0351 |
| SHA256 | 717f3f02f5d5fd1478b6d2ec44acef6e70bb8f1adcf2dc030c08b92e851737e1 |
| SHA512 | d232072c9540bf0e2fd56f353c2cc83518eabf8282cc02d9f8bec81c0341287ada29ba79f2a515d68722658686b6cce97be138a48f44409562d9a567af200bd6 |
C:\Users\Admin\AppData\Local\Temp\ish240646921\images\progress.png
| MD5 | 35a600a752d3074501de31a516860499 |
| SHA1 | 51eac62cf77a0b88a3e9cb9ee6f85def21fd4bcf |
| SHA256 | 14e064857751b23da7bbe40861ef4caf99b2496227507b8e3108fbac6d901f75 |
| SHA512 | 046ec179571d239bfb2d51be9837f96d9afebf2e5db77bba0f4a25ce8716d37581a3f9753bd2dbb04c47711699a9d93987bceb71df0b8becf8c577d660320069 |
C:\Users\Admin\AppData\Local\Temp\ish240646921\images\loader.gif
| MD5 | 57ca1a2085d82f0574e3ef740b9a5ead |
| SHA1 | 2974f4bf37231205a256f2648189a461e74869c0 |
| SHA256 | 476a7b1085cc64de1c0eb74a6776fa8385d57eb18774f199df83fc4d7bbcc24e |
| SHA512 | 2d50b9095d06ffd15eeeccf0eb438026ca8d09ba57141fed87a60edd2384e2139320fb5539144a2f16de885c49b0919a93690974f32b73654debca01d9d7d55c |
C:\Users\Admin\AppData\Local\Temp\ish240646921\images\color_btn.png
| MD5 | ccfbcbb51598a1946b19ff56c4ae9bd1 |
| SHA1 | 83c5a77c766253d2c22e3b893408fe60acb46113 |
| SHA256 | 7ec494b43d8c70c338929fd88af752e117bb924a4284b93567e7b8c9cb79be9f |
| SHA512 | 4a7b08a008350460beeb60e9473e497ab1c67d5ef60e927bb35a8cae574fd177b2c1a8e2df26d655e28b4ec4726d5616938ed4a612cbfcfa8f52f82d0de94426 |
C:\Users\Admin\AppData\Local\Temp\ish240646921\images\grey_btn.png
| MD5 | 124bc01ea52af57ca245837d87460f4b |
| SHA1 | d2726285b847e7d43c937f304b16b2cbce059662 |
| SHA256 | f12fd05169348634a4fead731020fea3b9db80a1b1738b5db8488b45ef480475 |
| SHA512 | e2f9006f8a0126ef9927a502dc1088a60af1fd36bd64deb5193e5abe2beaaeeb3c0bc47135070d7aa949205df592221e7b0bc62c3b5c420b59778b0dafa498ee |
C:\Users\Admin\AppData\Local\Temp\ish240646921\images\sheild.png
| MD5 | 85fc7769fe307fc06b911ca91ca6c67a |
| SHA1 | 30dbf2c943538c8fcffe54a8b4e93c325d39c76a |
| SHA256 | a4eacd03722984aaf404ac709b767bec7acd47f0f4dd1bc9b4f2615aaa0e1420 |
| SHA512 | 31c60db83b2b93b716b6c5270f8304692bc405a94df414017c6be8c231aca1d8f01bcf013a94ff2894afae7c8a1248c56579e5199acad60c09a33b300d24a5ba |
C:\Users\Admin\AppData\Local\Temp\ish240646921\images\welcome_prod_box.png
| MD5 | 07cd59b954e8495ad6cd6a7c11d2de86 |
| SHA1 | 787aeda3eee8053705fb208a6b399b8340820b82 |
| SHA256 | 6e6b964fd79b4a3461f128e2ed145b9b641d108b8616695f36387661cae995bb |
| SHA512 | 0159aca0c2a49393fd91acd4b6819217e67f8fd01e220297eb3e0fdd8132fad794fc317f5cc5e2b761d4123da71478b97df776908de6740eb6d54187c6c00754 |
C:\Users\Admin\AppData\Local\Temp\ish240646921\images\bg_new.png
| MD5 | d2db1177cee2d41ac3cd41fee6c3ece8 |
| SHA1 | e48ed73c184e23e5bda2ab5938a821134b538972 |
| SHA256 | df04b7308a83b09f4ed58b0696aa0e12995924696d8e8b79736e781198e971cd |
| SHA512 | d19ace601b6f2a6b8d34588b293705462ecab656a99c578c3561f19e94ce46d3fd78ce947e3656cff6cf75c69e98ad511cf2b51ffc8687083b172a879ff6265d |
C:\Users\Admin\AppData\Local\Temp\ish240646921\images\pause_btn.png
| MD5 | 818b8908ace0ccc5fecbca20f2919587 |
| SHA1 | e599b4229d622c36bc6cd5b155c94c50d1a68b86 |
| SHA256 | ad2ec992fc336af09f7be4a652d240936a08bf522d10ff7fbec5dbfe0c4d332d |
| SHA512 | 7d63287a12f519524146f7ed620aee6724489fa351752e7eb64e99fae098e524e744e570d2b7abc21f89064cff2bdaa9864f7f0cda9fb9ca861d1df9a45bcd9f |
C:\Users\Admin\AppData\Local\Temp\ish240646921\images\resume_btn.png
| MD5 | 5f8dcbf4ebc42ad95cfc4d9401283972 |
| SHA1 | e4060ea37daa2953bfdf8a773e447143f6365e75 |
| SHA256 | 931193720d26f0007ad223fca1a440f4866047a0ca96f5d29de3e62e7ba6a731 |
| SHA512 | f918c4b834dff01c82f4b0063708d9155aef87b40fa3ae101d5d0a761ed17a348ff6ba4fb5f1e6ba4921698dcbb3e8291a25e48d180092107cb05660d948a61d |
memory/5052-148-0x00000000023B0000-0x00000000024F6000-memory.dmp
Analysis: behavioral30
Detonation Overview
Submitted
2024-11-16 22:34
Reported
2024-11-16 22:37
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\app stroe.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\~DFA277.tmp | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\quxevyk.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~DFA277.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\yzymdak.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\app stroe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\quxevyk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\~DFA277.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\yzymdak.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\~DFA277.tmp | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\app stroe.exe
"C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\app stroe.exe"
C:\Users\Admin\AppData\Local\Temp\quxevyk.exe
C:\Users\Admin\AppData\Local\Temp\quxevyk.exe
C:\Users\Admin\AppData\Local\Temp\~DFA277.tmp
C:\Users\Admin\AppData\Local\Temp\~DFA277.tmp OK
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_uninsep.bat" "
C:\Users\Admin\AppData\Local\Temp\yzymdak.exe
"C:\Users\Admin\AppData\Local\Temp\yzymdak.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.49.80.91.in-addr.arpa | udp |
| JP | 27.125.205.36:11170 | tcp | |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| KR | 218.54.28.146:11180 | tcp | |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| JP | 27.125.205.36:11170 | tcp | |
| US | 8.8.8.8:53 | 21.49.80.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.130.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
memory/2132-0-0x0000000000400000-0x00000000004E0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\quxevyk.exe
| MD5 | cb399a631f49e6deaf5c823969bbde6c |
| SHA1 | a6c84328f7ba2f9f67cc8aa267a1dbd5ef29287a |
| SHA256 | 61796bfb0195fcec587e823538afec4e9a91ef1d4f6e75d357b315ae8584319c |
| SHA512 | 5e9099907c55b09d2be8cc014d41ecda4fd6206478f5f0271e6cd50ca746219b8646b0a759d5c7c7aed05034ce76b0fde1cbdb63ac3cf5c68477caac713935f2 |
C:\Users\Admin\AppData\Local\Temp\golfinfo.ini
| MD5 | d68790deef9c319c28ab55f382d0f58a |
| SHA1 | 2eae1310049b800ef7122b972c70fc15bcff6753 |
| SHA256 | d1ff4ceae2ae163622fb73a2e73335983acc4552bc8ba9f6555d08411df0cacf |
| SHA512 | 4a0efb23467bc643b6a8452dd4e3aba32f6e2f438315288379df61b4283cf207dd35996c794ebc24e10711cb0f71fda2e272ff9ca7a0d2db24c71ae054abcca0 |
C:\Users\Admin\AppData\Local\Temp\~DFA277.tmp
| MD5 | f37a871176367bebaf2b096546a7041c |
| SHA1 | 641a6b7e5b54f3e60fe29b396257f842b1bab337 |
| SHA256 | ee7eca8422de3efade075befb9b5c5522bade8d2a849a70725030225cd53640f |
| SHA512 | 6cb5a347479c5632eb351eac34670c38422672ab39d96b44bb9b001db3f984fd451fc2984f5a68bd5799da70280f0141ea41da5f5f5381c0db694fa663cd8bd1 |
memory/2132-16-0x0000000000400000-0x00000000004E0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_uninsep.bat
| MD5 | fa241bb53d778e95e5d451463e580d58 |
| SHA1 | 9f6a150272a3d231fd8f22befca20ce8ce285075 |
| SHA256 | 1970ccc2659cbe5a7b9b3693ae82b69ead9014a14bfe9c566c09bda1ddb053f7 |
| SHA512 | c21b676da6372a06d30bb821dec597bc323edcc580ca6c34d1ca982d2b4a067a606301226a5bf7274267f49657084168a75b167502bb76e44206147bdf3adb95 |
memory/1756-19-0x0000000000400000-0x00000000004E0000-memory.dmp
memory/2092-21-0x0000000000400000-0x00000000004E0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\yzymdak.exe
| MD5 | 25a878f3522cf3819bfe4c0561fce967 |
| SHA1 | a0e29f02406f9bca6aaf3faf37698d1e310675b8 |
| SHA256 | 0ad6a9b72cbd668dbdf08dcbb7d7c94faa34177fdf6141b079f12c5038f5230f |
| SHA512 | c79620b1696a052ad2b0900c81c4abebd3363ae0509dfd7f041e6aba1ecc9775d4515fdd3dfa2cfbabb714d1d48a7a199a25e4b4679c7c5ca41eff903be39f5d |
memory/1636-36-0x0000000000400000-0x000000000053E000-memory.dmp
memory/1636-38-0x00000000001D0000-0x00000000001D2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\gbp.ini
| MD5 | 86bb2dbeaef655893262f3c041f6afe2 |
| SHA1 | 1b26ff1241c1353bd506c18bd0c11878076ba65d |
| SHA256 | 4a57643d2c59d1235bc0926f845583f39345839e3e9428ad619eb4b6baf96ad2 |
| SHA512 | 58294cfaa5882a4c5625c03fe6f9e4882912b31f7169241f95626745d66c0a746083a9044365943d66ae7a420113d28c0ddd642c4ed697c683deb63796a13d31 |
memory/2092-40-0x0000000000400000-0x00000000004E0000-memory.dmp
memory/1636-42-0x00000000001D0000-0x00000000001D2000-memory.dmp
memory/1636-41-0x0000000000400000-0x000000000053E000-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-16 22:34
Reported
2024-11-16 22:37
Platform
win7-20240903-en
Max time kernel
147s
Max time network
149s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\asih.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Adobe Reader.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Adobe Reader.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\asih.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2708 wrote to memory of 2672 | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Adobe Reader.exe | C:\Users\Admin\AppData\Local\Temp\asih.exe |
| PID 2708 wrote to memory of 2672 | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Adobe Reader.exe | C:\Users\Admin\AppData\Local\Temp\asih.exe |
| PID 2708 wrote to memory of 2672 | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Adobe Reader.exe | C:\Users\Admin\AppData\Local\Temp\asih.exe |
| PID 2708 wrote to memory of 2672 | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Adobe Reader.exe | C:\Users\Admin\AppData\Local\Temp\asih.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Adobe Reader.exe
"C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Adobe Reader.exe"
C:\Users\Admin\AppData\Local\Temp\asih.exe
"C:\Users\Admin\AppData\Local\Temp\asih.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | emrlogistics.com | udp |
| US | 34.205.242.146:443 | emrlogistics.com | tcp |
| US | 54.161.222.85:443 | emrlogistics.com | tcp |
| US | 34.205.242.146:443 | emrlogistics.com | tcp |
| US | 54.161.222.85:443 | emrlogistics.com | tcp |
| US | 34.205.242.146:443 | emrlogistics.com | tcp |
| US | 54.161.222.85:443 | emrlogistics.com | tcp |
| US | 34.205.242.146:443 | emrlogistics.com | tcp |
| US | 54.161.222.85:443 | emrlogistics.com | tcp |
Files
memory/2708-0-0x0000000000500000-0x000000000050F000-memory.dmp
memory/2708-3-0x00000000003F0000-0x00000000003F6000-memory.dmp
memory/2708-2-0x00000000001C0000-0x00000000001C6000-memory.dmp
memory/2708-1-0x00000000001C0000-0x00000000001C6000-memory.dmp
\Users\Admin\AppData\Local\Temp\asih.exe
| MD5 | 70ad66092dc58c51a3594b425f6ede37 |
| SHA1 | ccd729a8a6464fa4ba504798b6d82388f6d4db33 |
| SHA256 | cc5a7a4be50871408a20e53b38462ecf7201fcd05c0d53a66570182fb0005f41 |
| SHA512 | 105ed1cbcbcb6f6ba765c3505acf86627260b99df5f984ea2a6104d6ba8e93f6d477b01b3fc04dc6a4cc4245ad69a0a925720486ed1b3d7a0c5279133f719a3e |
memory/2708-15-0x0000000000500000-0x000000000050F000-memory.dmp
memory/2672-18-0x0000000000500000-0x000000000050F000-memory.dmp
memory/2672-26-0x0000000000240000-0x0000000000246000-memory.dmp
memory/2672-19-0x0000000000480000-0x0000000000486000-memory.dmp
memory/2672-27-0x0000000000500000-0x000000000050F000-memory.dmp
Analysis: behavioral11
Detonation Overview
Submitted
2024-11-16 22:34
Reported
2024-11-16 22:37
Platform
win7-20240729-en
Max time kernel
144s
Max time network
16s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\Common Files\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\Microsoft Games\Chess\es-ES\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\Internet Explorer\it-IT\update.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\Microsoft Games\Hearts\it-IT\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\1033\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\assembly\GAC_32\MSBuild\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\VideoLAN\VLC\locale\as_IN\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\Java\jre7\lib\zi\Antarctica\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files (x86)\Common Files\microsoft shared\Triedit\fr-FR\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\assembly\GAC\Microsoft.mshtml\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\Microsoft Games\Multiplayer\Backgammon\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files (x86)\Common Files\System\Ole DB\fr-FR\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Users\Public\Recorded TV\Sample Media\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\assembly\GAC_32\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\6.1.0.0__31bf3856ad364e35\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files\Mozilla Firefox\defaults\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Oasis\backup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
Executes dropped EXE
Loads dropped DLL
Network Share Discovery
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\040C\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\SysWOW64\AdvancedInstallers\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\SysWOW64\ar-SA\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\SysWOW64\catroot2\System Restore.exe | N/A | N/A |
| File opened for modification | C:\Windows\SysWOW64\com\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\SysWOW64\backup.exe | C:\Windows\backup.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\0410\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\SysWOW64\0411\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\SysWOW64\0C0A\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\SysWOW64\0407\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\SysWOW64\bg-BG\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\SysWOW64\catroot\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\SysWOW64\com\de-DE\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\SysWOW64\com\en-US\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\SysWOW64\0409\System Restore.exe | N/A | N/A |
| File opened for modification | C:\Windows\SysWOW64\com\es-ES\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\SysWOW64\com\fr-FR\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\SysWOW64\com\dmp\backup.exe | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\backup.exe | C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\backup.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\backup.exe | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\backup.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Games\FreeCell\en-US\backup.exe | C:\Program Files\Microsoft Games\FreeCell\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\TextConv\de-DE\backup.exe | C:\Program Files (x86)\Common Files\microsoft shared\TextConv\backup.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\backup.exe | C:\Program Files\Microsoft Games\Multiplayer\Checkers\backup.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\gl\backup.exe | C:\Program Files\VideoLAN\VLC\locale\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\de\data.exe | N/A | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\backup.exe | N/A | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\backup.exe | N/A | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInSideAdapters\backup.exe | C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\backup.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe | C:\Program Files\Common Files\Microsoft Shared\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\es-ES\backup.exe | C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\backup.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\br\data.exe | C:\Program Files\VideoLAN\VLC\locale\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\backup.exe | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\backup.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\es-ES\backup.exe | N/A | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\sq\LC_MESSAGES\backup.exe | N/A | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\backup.exe | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\backup.exe | C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\backup.exe | N/A |
| File opened for modification | C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\backup.exe | C:\Program Files\Reference Assemblies\Microsoft\Framework\backup.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\backup.exe | N/A | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\si\backup.exe | C:\Program Files\VideoLAN\VLC\locale\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\backup.exe | N/A | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\backup.exe | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\backup.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\backup.exe | C:\Program Files\VideoLAN\VLC\locale\gd\backup.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\is\backup.exe | C:\Program Files\VideoLAN\VLC\locale\backup.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\backup.exe | N/A | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\backup.exe | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\backup.exe | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\backup.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\backup.exe | C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\JOURNAL\backup.exe | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\backup.exe | N/A |
| File opened for modification | C:\Program Files\Windows Photo Viewer\en-US\System Restore.exe | N/A | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Photo Viewer\it-IT\backup.exe | N/A | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\css\backup.exe | N/A | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\css\backup.exe | N/A | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\backup.exe | C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\System Restore.exe | N/A |
| File opened for modification | C:\Program Files\Windows Journal\en-US\backup.exe | N/A | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\backup.exe | N/A | N/A |
| File opened for modification | C:\Program Files (x86)\Reference Assemblies\backup.exe | C:\Program Files (x86)\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Access.en-us\backup.exe | C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\backup.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Games\FreeCell\fr-FR\update.exe | C:\Program Files\Microsoft Games\FreeCell\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\backup.exe | N/A | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Slate\backup.exe | N/A | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\backup.exe | N/A | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\backup.exe | N/A | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\css\backup.exe | N/A | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\backup.exe | C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\data.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\js\backup.exe | N/A | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\backup.exe | N/A | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe | C:\Program Files (x86)\Common Files\Adobe\backup.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\defaults\backup.exe | C:\Program Files\Mozilla Firefox\update.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft SQL Server Compact Edition\backup.exe | C:\Program Files (x86)\backup.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\css\backup.exe | N/A | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\backup.exe | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\TextConv\it-IT\backup.exe | C:\Program Files (x86)\Common Files\microsoft shared\TextConv\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\Triedit\de-DE\backup.exe | C:\Program Files (x86)\Common Files\microsoft shared\Triedit\backup.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\es_MX\LC_MESSAGES\backup.exe | C:\Program Files\VideoLAN\VLC\locale\es_MX\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\backup.exe | N/A | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\backup.exe | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\backup.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ky\backup.exe | C:\Program Files\VideoLAN\VLC\locale\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.en\backup.exe | C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\backup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\TextConv\en-US\backup.exe | C:\Program Files (x86)\Common Files\microsoft shared\TextConv\backup.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\backup.exe | N/A | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\js\backup.exe | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\4a235e617ad0a4c3aecd3982f0e3c48a\update.exe | N/A | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1da2af67#\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\IME\en-US\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.GroupPoli#\0261a298f938ba71a7aab6f91dad326d\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.B3325a29b#\5a3b5e8dacb3f7675f8f480243680feb\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\PLA\Rules\ja-JP\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\0728af1479c3388cadf85ccfc2b12582\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.GroupPoli#\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\inf\MSDTC Bridge 4.0.0.0\001F\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\c335a6ef5339fa917518475c286c8ca4\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\assembly\GAC_64\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\update.exe | N/A | N/A |
| File opened for modification | C:\Windows\Help\Help\es-ES\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\inf\ASP.NET_4.0.30319\0019\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\Prefetch\ReadyBoot\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\assembly\GAC\MSDATASRC\backup.exe | C:\Windows\assembly\GAC\backup.exe | N/A |
| File opened for modification | C:\Windows\ehome\en-US\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\1028\update.exe | N/A | N/A |
| File opened for modification | C:\Windows\assembly\GAC_64\MSBuild\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\assembly\GAC_MSIL\MCESidebarCtrl\6.1.0.0__31bf3856ad364e35\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\assembly\GAC_64\mcupdate\6.1.0.0__31bf3856ad364e35\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Vsta\14.0.0.0__71e9bce111e9429c\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\MUI\0407\data.exe | N/A | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v4.0.30319_64\Presentatiob3047ded#\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Datab086ae17#\9c8de58d3f31e68eee4f90023d7ae37c\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\assembly\GAC_64\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\update.exe | N/A | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v4.0.30319_64\AspNetMMCExt\51f5ebc7dec87fb0c89540ed15a5c2b6\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\inf\ASP.NET_4.0.30319\000E\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\1041\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\backup.exe | C:\Windows\assembly\GAC\stdole\backup.exe | N/A |
| File opened for modification | C:\Windows\assembly\GAC_MSIL\ehiProxy\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Bml\6.1.0.0__31bf3856ad364e35\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\System Restore.exe | N/A | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W71daf281#\df459c0a2762c33e0699703f186b1751\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\1bc1ee3c3aa45d28dcf4657bceb2fcb4\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.FormControl\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\inf\BITS\0411\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\inf\BITS\0C0A\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\fr-FR\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\Resources\Themes\Aero\Shell\NormalColor\ja-JP\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Security.#\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\inf\it-IT\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\inf\TermService\0409\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\Help\Help\ja-JP\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\IME\IMEJP10\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\2bd538d545e15452202ef3b41080e2ce\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\update.exe | N/A | N/A |
| File opened for modification | C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\backup.exe | C:\Windows\assembly\GAC_32\CustomMarshalers\backup.exe | N/A |
| File opened for modification | C:\Windows\Fonts\backup.exe | C:\Windows\backup.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\de-DE\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\it-IT\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v3.5\de\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\assembly\GAC_MSIL\ehiiTV\6.1.0.0__31bf3856ad364e35\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\inf\ASP.NET\0015\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\inf\MSDTC Bridge 4.0.0.0\0011\backup.exe | N/A | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\backup.exe | N/A | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\backup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files\VideoLAN\backup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\assembly\GAC_32\AuditPolicyGPManagedStubs.Interop\backup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AFTRNOON\backup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\System Restore.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\backup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files\Internet Explorer\SIGNUP\backup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\backup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\backup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files\VideoLAN\VLC\locale\es_MX\backup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\backup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\update.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\backup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files\Internet Explorer\it-IT\update.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Common Files\microsoft shared\ink\it-IT\backup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\backup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\backup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\backup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files\Microsoft Games\More Games\fr-FR\backup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Explore.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_es_31bf3856ad364e35\backup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\backup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | C:\Program Files\Google\backup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\update.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | C:\Program Files\Microsoft Games\More Games\de-DE\backup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\backup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Program Files\Java\jre7\lib\jfr\backup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Program Files (x86)\Common Files\microsoft shared\Triedit\es-ES\backup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\backup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | C:\Windows\assembly\GAC\stdole\backup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\backup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Program Files\VideoLAN\VLC\locale\ga\backup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Program Files (x86)\Common Files\microsoft shared\VBA\backup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\14.0.0.0__71e9bce111e9429c\backup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1" | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Explore.exe
"C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Explore.exe"
C:\backup.exe
\backup.exe \
C:\PerfLogs\backup.exe
C:\PerfLogs\backup.exe C:\PerfLogs\
C:\PerfLogs\Admin\backup.exe
C:\PerfLogs\Admin\backup.exe C:\PerfLogs\Admin\
C:\Program Files\backup.exe
"C:\Program Files\backup.exe" C:\Program Files\
C:\Program Files\7-Zip\backup.exe
"C:\Program Files\7-Zip\backup.exe" C:\Program Files\7-Zip\
C:\Program Files\7-Zip\Lang\backup.exe
"C:\Program Files\7-Zip\Lang\backup.exe" C:\Program Files\7-Zip\Lang\
C:\Program Files\Common Files\backup.exe
"C:\Program Files\Common Files\backup.exe" C:\Program Files\Common Files\
C:\Program Files\Common Files\Microsoft Shared\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\backup.exe" C:\Program Files\Common Files\Microsoft Shared\
C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\Filters\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Filters\
C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\
C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\
C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\
C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\
C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\
C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\
C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\
C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\en-US\
C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\
C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\
C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\data.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\data.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\
C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\
C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\
C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\
C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\
C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\
C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\
C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\
C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\
C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\
C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\
C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\
C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\
C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\
C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\
C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\
C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\
C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\System Restore.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\System Restore.exe" C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\
C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\
C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\
C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\
C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\
C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\
C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\
C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\
C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\
C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\backup.exe" C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\
C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\MSInfo\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\
C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\
C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\
C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\
C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\
C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\
C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\update.exe
"C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\update.exe" C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\backup.exe" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\
C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\Stationery\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Stationery\
C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\TextConv\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\
C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\
C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\
C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\
C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\
C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\
C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\
C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\Triedit\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\
C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\
C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\
C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\
C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\fr-FR\
C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\
C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\backup.exe" C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\
C:\Program Files\Common Files\Microsoft Shared\VC\data.exe
"C:\Program Files\Common Files\Microsoft Shared\VC\data.exe" C:\Program Files\Common Files\Microsoft Shared\VC\
C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\VGX\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VGX\
C:\Program Files\Common Files\Microsoft Shared\VSTO\update.exe
"C:\Program Files\Common Files\Microsoft Shared\VSTO\update.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\
C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\
C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\backup.exe
"C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\backup.exe" C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\
C:\Program Files\Common Files\Services\backup.exe
"C:\Program Files\Common Files\Services\backup.exe" C:\Program Files\Common Files\Services\
C:\Program Files\Common Files\SpeechEngines\backup.exe
"C:\Program Files\Common Files\SpeechEngines\backup.exe" C:\Program Files\Common Files\SpeechEngines\
C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe
"C:\Program Files\Common Files\SpeechEngines\Microsoft\backup.exe" C:\Program Files\Common Files\SpeechEngines\Microsoft\
C:\Program Files\Common Files\System\backup.exe
"C:\Program Files\Common Files\System\backup.exe" C:\Program Files\Common Files\System\
C:\Program Files\Common Files\System\ado\backup.exe
"C:\Program Files\Common Files\System\ado\backup.exe" C:\Program Files\Common Files\System\ado\
C:\Program Files\Common Files\System\ado\de-DE\backup.exe
"C:\Program Files\Common Files\System\ado\de-DE\backup.exe" C:\Program Files\Common Files\System\ado\de-DE\
C:\Program Files\Common Files\System\ado\en-US\backup.exe
"C:\Program Files\Common Files\System\ado\en-US\backup.exe" C:\Program Files\Common Files\System\ado\en-US\
C:\Program Files\Common Files\System\ado\es-ES\backup.exe
"C:\Program Files\Common Files\System\ado\es-ES\backup.exe" C:\Program Files\Common Files\System\ado\es-ES\
C:\Program Files\Common Files\System\ado\fr-FR\backup.exe
"C:\Program Files\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files\Common Files\System\ado\fr-FR\
C:\Program Files\Common Files\System\ado\it-IT\backup.exe
"C:\Program Files\Common Files\System\ado\it-IT\backup.exe" C:\Program Files\Common Files\System\ado\it-IT\
C:\Program Files\Common Files\System\ado\ja-JP\backup.exe
"C:\Program Files\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files\Common Files\System\ado\ja-JP\
C:\Program Files\Common Files\System\de-DE\backup.exe
"C:\Program Files\Common Files\System\de-DE\backup.exe" C:\Program Files\Common Files\System\de-DE\
C:\Program Files\Common Files\System\en-US\System Restore.exe
"C:\Program Files\Common Files\System\en-US\System Restore.exe" C:\Program Files\Common Files\System\en-US\
C:\Program Files\Common Files\System\es-ES\backup.exe
"C:\Program Files\Common Files\System\es-ES\backup.exe" C:\Program Files\Common Files\System\es-ES\
C:\Program Files\Common Files\System\fr-FR\backup.exe
"C:\Program Files\Common Files\System\fr-FR\backup.exe" C:\Program Files\Common Files\System\fr-FR\
C:\Program Files\Common Files\System\it-IT\backup.exe
"C:\Program Files\Common Files\System\it-IT\backup.exe" C:\Program Files\Common Files\System\it-IT\
C:\Program Files\Common Files\System\ja-JP\backup.exe
"C:\Program Files\Common Files\System\ja-JP\backup.exe" C:\Program Files\Common Files\System\ja-JP\
C:\Program Files\Common Files\System\msadc\backup.exe
"C:\Program Files\Common Files\System\msadc\backup.exe" C:\Program Files\Common Files\System\msadc\
C:\Program Files\Common Files\System\msadc\de-DE\backup.exe
"C:\Program Files\Common Files\System\msadc\de-DE\backup.exe" C:\Program Files\Common Files\System\msadc\de-DE\
C:\Program Files\Common Files\System\msadc\en-US\backup.exe
"C:\Program Files\Common Files\System\msadc\en-US\backup.exe" C:\Program Files\Common Files\System\msadc\en-US\
C:\Program Files\Common Files\System\msadc\es-ES\backup.exe
"C:\Program Files\Common Files\System\msadc\es-ES\backup.exe" C:\Program Files\Common Files\System\msadc\es-ES\
C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe
"C:\Program Files\Common Files\System\msadc\fr-FR\backup.exe" C:\Program Files\Common Files\System\msadc\fr-FR\
C:\Program Files\Common Files\System\msadc\it-IT\System Restore.exe
"C:\Program Files\Common Files\System\msadc\it-IT\System Restore.exe" C:\Program Files\Common Files\System\msadc\it-IT\
C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe
"C:\Program Files\Common Files\System\msadc\ja-JP\backup.exe" C:\Program Files\Common Files\System\msadc\ja-JP\
C:\Program Files\Common Files\System\Ole DB\backup.exe
"C:\Program Files\Common Files\System\Ole DB\backup.exe" C:\Program Files\Common Files\System\Ole DB\
C:\Program Files\Common Files\System\Ole DB\de-DE\backup.exe
"C:\Program Files\Common Files\System\Ole DB\de-DE\backup.exe" C:\Program Files\Common Files\System\Ole DB\de-DE\
C:\Program Files\Common Files\System\Ole DB\en-US\backup.exe
"C:\Program Files\Common Files\System\Ole DB\en-US\backup.exe" C:\Program Files\Common Files\System\Ole DB\en-US\
C:\Program Files\Common Files\System\Ole DB\es-ES\backup.exe
"C:\Program Files\Common Files\System\Ole DB\es-ES\backup.exe" C:\Program Files\Common Files\System\Ole DB\es-ES\
C:\Program Files\Common Files\System\Ole DB\fr-FR\backup.exe
"C:\Program Files\Common Files\System\Ole DB\fr-FR\backup.exe" C:\Program Files\Common Files\System\Ole DB\fr-FR\
C:\Program Files\Common Files\System\Ole DB\it-IT\backup.exe
"C:\Program Files\Common Files\System\Ole DB\it-IT\backup.exe" C:\Program Files\Common Files\System\Ole DB\it-IT\
C:\Program Files\Common Files\System\Ole DB\ja-JP\backup.exe
"C:\Program Files\Common Files\System\Ole DB\ja-JP\backup.exe" C:\Program Files\Common Files\System\Ole DB\ja-JP\
C:\Program Files\DVD Maker\backup.exe
"C:\Program Files\DVD Maker\backup.exe" C:\Program Files\DVD Maker\
C:\Program Files\DVD Maker\de-DE\backup.exe
"C:\Program Files\DVD Maker\de-DE\backup.exe" C:\Program Files\DVD Maker\de-DE\
C:\Program Files\DVD Maker\en-US\backup.exe
"C:\Program Files\DVD Maker\en-US\backup.exe" C:\Program Files\DVD Maker\en-US\
C:\Program Files\DVD Maker\es-ES\backup.exe
"C:\Program Files\DVD Maker\es-ES\backup.exe" C:\Program Files\DVD Maker\es-ES\
C:\Program Files\DVD Maker\fr-FR\backup.exe
"C:\Program Files\DVD Maker\fr-FR\backup.exe" C:\Program Files\DVD Maker\fr-FR\
C:\Program Files\DVD Maker\it-IT\backup.exe
"C:\Program Files\DVD Maker\it-IT\backup.exe" C:\Program Files\DVD Maker\it-IT\
C:\Program Files\DVD Maker\ja-JP\backup.exe
"C:\Program Files\DVD Maker\ja-JP\backup.exe" C:\Program Files\DVD Maker\ja-JP\
C:\Program Files\DVD Maker\Shared\backup.exe
"C:\Program Files\DVD Maker\Shared\backup.exe" C:\Program Files\DVD Maker\Shared\
C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe
"C:\Program Files\DVD Maker\Shared\DvdStyles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe
"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\
C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\System Restore.exe
"C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\System Restore.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\
C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe
"C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\
C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe
"C:\Program Files\DVD Maker\Shared\DvdStyles\Full\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Full\
C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe
"C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe
"C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\
C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe
"C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\
C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe
"C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\
C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe
"C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\
C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe
"C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\
C:\Program Files\DVD Maker\Shared\DvdStyles\Push\System Restore.exe
"C:\Program Files\DVD Maker\Shared\DvdStyles\Push\System Restore.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Push\
C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\backup.exe
"C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\
C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\backup.exe
"C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\
C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\backup.exe
"C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\
C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\backup.exe
"C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\
C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\backup.exe
"C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\
C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\backup.exe
"C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\
C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\backup.exe
"C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\
C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\backup.exe
"C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\
C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\backup.exe
"C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\backup.exe" C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\
C:\Program Files\Google\backup.exe
"C:\Program Files\Google\backup.exe" C:\Program Files\Google\
C:\Program Files\Google\Chrome\System Restore.exe
"C:\Program Files\Google\Chrome\System Restore.exe" C:\Program Files\Google\Chrome\
C:\Program Files\Google\Chrome\Application\backup.exe
"C:\Program Files\Google\Chrome\Application\backup.exe" C:\Program Files\Google\Chrome\Application\
C:\Program Files\Google\Chrome\Application\106.0.5249.119\backup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\
C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\backup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\backup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\backup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\update.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\update.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\
C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\backup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\
C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\update.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\update.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\
C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\backup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\
C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\backup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\backup.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\
C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\data.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\data.exe" C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\
C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe
"C:\Program Files\Google\Chrome\Application\SetupMetrics\backup.exe" C:\Program Files\Google\Chrome\Application\SetupMetrics\
C:\Program Files\Internet Explorer\backup.exe
"C:\Program Files\Internet Explorer\backup.exe" C:\Program Files\Internet Explorer\
C:\Program Files\Internet Explorer\de-DE\backup.exe
"C:\Program Files\Internet Explorer\de-DE\backup.exe" C:\Program Files\Internet Explorer\de-DE\
C:\Program Files\Internet Explorer\en-US\backup.exe
"C:\Program Files\Internet Explorer\en-US\backup.exe" C:\Program Files\Internet Explorer\en-US\
C:\Program Files\Internet Explorer\es-ES\backup.exe
"C:\Program Files\Internet Explorer\es-ES\backup.exe" C:\Program Files\Internet Explorer\es-ES\
C:\Program Files\Internet Explorer\fr-FR\update.exe
"C:\Program Files\Internet Explorer\fr-FR\update.exe" C:\Program Files\Internet Explorer\fr-FR\
C:\Program Files\Internet Explorer\images\backup.exe
"C:\Program Files\Internet Explorer\images\backup.exe" C:\Program Files\Internet Explorer\images\
C:\Program Files\Internet Explorer\it-IT\update.exe
"C:\Program Files\Internet Explorer\it-IT\update.exe" C:\Program Files\Internet Explorer\it-IT\
C:\Program Files\Internet Explorer\ja-JP\data.exe
"C:\Program Files\Internet Explorer\ja-JP\data.exe" C:\Program Files\Internet Explorer\ja-JP\
C:\Program Files\Internet Explorer\SIGNUP\backup.exe
"C:\Program Files\Internet Explorer\SIGNUP\backup.exe" C:\Program Files\Internet Explorer\SIGNUP\
C:\Program Files\Java\backup.exe
"C:\Program Files\Java\backup.exe" C:\Program Files\Java\
C:\Program Files\Java\jdk1.7.0_80\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\backup.exe" C:\Program Files\Java\jdk1.7.0_80\
C:\Program Files\Java\jdk1.7.0_80\bin\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\bin\backup.exe" C:\Program Files\Java\jdk1.7.0_80\bin\
C:\Program Files\Java\jdk1.7.0_80\db\System Restore.exe
"C:\Program Files\Java\jdk1.7.0_80\db\System Restore.exe" C:\Program Files\Java\jdk1.7.0_80\db\
C:\Program Files\Java\jdk1.7.0_80\db\bin\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\db\bin\backup.exe" C:\Program Files\Java\jdk1.7.0_80\db\bin\
C:\Program Files\Java\jdk1.7.0_80\db\lib\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\db\lib\backup.exe" C:\Program Files\Java\jdk1.7.0_80\db\lib\
C:\Program Files\Java\jdk1.7.0_80\include\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\include\backup.exe" C:\Program Files\Java\jdk1.7.0_80\include\
C:\Program Files\Java\jdk1.7.0_80\include\win32\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\include\win32\backup.exe" C:\Program Files\Java\jdk1.7.0_80\include\win32\
C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\update.exe
"C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\update.exe" C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\
C:\Program Files\Java\jdk1.7.0_80\jre\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\jre\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\
C:\Program Files\Java\jdk1.7.0_80\jre\bin\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\jre\bin\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\bin\
C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\
C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\update.exe
"C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\update.exe" C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\
C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\
C:\Program Files\Java\jdk1.7.0_80\jre\lib\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\jre\lib\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\
C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\
C:\Program Files\Java\jdk1.7.0_80\jre\lib\applet\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\jre\lib\applet\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\applet\
C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\
C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\
C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\System Restore.exe
"C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\System Restore.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\
C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\
C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\
C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\System Restore.exe
"C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\System Restore.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\
C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\backup.exe" C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\
C:\Program Files\Java\jdk1.7.0_80\lib\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\data.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\data.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\update.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\update.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\System Restore.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\System Restore.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\System Restore.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\System Restore.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\
C:\Program Files (x86)\backup.exe
"C:\Program Files (x86)\backup.exe" C:\Program Files (x86)\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\
C:\Program Files (x86)\Adobe\backup.exe
"C:\Program Files (x86)\Adobe\backup.exe" C:\Program Files (x86)\Adobe\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\
C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\
C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Esl\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Esl\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\System Restore.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\System Restore.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\update.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\update.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\update.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\update.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\update.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\update.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\data.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\data.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\backup.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\backup.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\update.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\update.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\backup.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\data.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\data.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\update.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\update.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\backup.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\backup.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\data.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\data.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\data.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\data.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\backup.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\System Restore.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\backup.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\backup.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\System Restore.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\System Restore.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\backup.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\backup.exe" C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\
C:\Program Files (x86)\Common Files\backup.exe
"C:\Program Files (x86)\Common Files\backup.exe" C:\Program Files (x86)\Common Files\
C:\Program Files (x86)\Common Files\Adobe\backup.exe
"C:\Program Files (x86)\Common Files\Adobe\backup.exe" C:\Program Files (x86)\Common Files\Adobe\
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\
C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe
"C:\Program Files (x86)\Common Files\Adobe\Acrobat\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Acrobat\
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\
C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe
"C:\Program Files (x86)\Common Files\Adobe\Help\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\backup.exe
"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\backup.exe
"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\backup.exe
"C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\
C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe
"C:\Program Files (x86)\Common Files\Adobe\Updater6\backup.exe" C:\Program Files (x86)\Common Files\Adobe\Updater6\
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\
C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe
"C:\Program Files (x86)\Common Files\Adobe AIR\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\System Restore.exe
"C:\Program Files (x86)\Common Files\Adobe AIR\Versions\System Restore.exe" C:\Program Files (x86)\Common Files\Adobe AIR\Versions\
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\System Restore.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\System Restore.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\backup.exe
"C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\backup.exe" C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\
C:\Program Files (x86)\Common Files\DESIGNER\backup.exe
"C:\Program Files (x86)\Common Files\DESIGNER\backup.exe" C:\Program Files (x86)\Common Files\DESIGNER\
C:\Program Files (x86)\Common Files\microsoft shared\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\
C:\Program Files (x86)\Common Files\microsoft shared\DAO\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\DAO\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\DAO\
C:\Program Files (x86)\Common Files\microsoft shared\DW\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\DW\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\DW\
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\
C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\
C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\1033\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\1033\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\1033\
C:\Program Files (x86)\Common Files\microsoft shared\EURO\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\EURO\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\EURO\
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\
C:\Program Files (x86)\Common Files\microsoft shared\Filters\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\Filters\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Filters\
C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\
C:\Program Files (x86)\Common Files\microsoft shared\Help\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\Help\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\
C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\
C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\
C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\
C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\
C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\System Restore.exe
"C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\System Restore.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\
C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\
C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\backup.exe
"C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\backup.exe" C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\
C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\
C:\Program Files\Java\jre7\backup.exe
"C:\Program Files\Java\jre7\backup.exe" C:\Program Files\Java\jre7\
C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\
C:\Program Files\Java\jre7\bin\System Restore.exe
"C:\Program Files\Java\jre7\bin\System Restore.exe" C:\Program Files\Java\jre7\bin\
C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\
C:\Program Files\Java\jre7\bin\dtplugin\backup.exe
"C:\Program Files\Java\jre7\bin\dtplugin\backup.exe" C:\Program Files\Java\jre7\bin\dtplugin\
C:\Program Files\Java\jre7\bin\plugin2\backup.exe
"C:\Program Files\Java\jre7\bin\plugin2\backup.exe" C:\Program Files\Java\jre7\bin\plugin2\
C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\data.exe
"C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\data.exe" C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\
C:\Program Files\Java\jre7\bin\server\data.exe
"C:\Program Files\Java\jre7\bin\server\data.exe" C:\Program Files\Java\jre7\bin\server\
C:\Program Files (x86)\Common Files\microsoft shared\ink\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\ink\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\
C:\Program Files\Java\jre7\lib\backup.exe
"C:\Program Files\Java\jre7\lib\backup.exe" C:\Program Files\Java\jre7\lib\
C:\Program Files (x86)\Common Files\microsoft shared\ink\1.0\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\ink\1.0\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\1.0\
C:\Program Files\Java\jre7\lib\amd64\backup.exe
"C:\Program Files\Java\jre7\lib\amd64\backup.exe" C:\Program Files\Java\jre7\lib\amd64\
C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\
C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\
C:\Program Files\Java\jre7\lib\applet\backup.exe
"C:\Program Files\Java\jre7\lib\applet\backup.exe" C:\Program Files\Java\jre7\lib\applet\
C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\System Restore.exe
"C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\System Restore.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\
C:\Program Files\Java\jre7\lib\cmm\System Restore.exe
"C:\Program Files\Java\jre7\lib\cmm\System Restore.exe" C:\Program Files\Java\jre7\lib\cmm\
C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\
C:\Program Files\Java\jre7\lib\deploy\backup.exe
"C:\Program Files\Java\jre7\lib\deploy\backup.exe" C:\Program Files\Java\jre7\lib\deploy\
C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\
C:\Program Files\Java\jre7\lib\ext\backup.exe
"C:\Program Files\Java\jre7\lib\ext\backup.exe" C:\Program Files\Java\jre7\lib\ext\
C:\Program Files (x86)\Common Files\microsoft shared\ink\HWRCustomization\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\ink\HWRCustomization\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\HWRCustomization\
C:\Program Files\Java\jre7\lib\fonts\backup.exe
"C:\Program Files\Java\jre7\lib\fonts\backup.exe" C:\Program Files\Java\jre7\lib\fonts\
C:\Program Files (x86)\Common Files\microsoft shared\ink\it-IT\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\ink\it-IT\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\it-IT\
C:\Program Files\Java\jre7\lib\images\System Restore.exe
"C:\Program Files\Java\jre7\lib\images\System Restore.exe" C:\Program Files\Java\jre7\lib\images\
C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\
C:\Program Files\Java\jre7\lib\images\cursors\backup.exe
"C:\Program Files\Java\jre7\lib\images\cursors\backup.exe" C:\Program Files\Java\jre7\lib\images\cursors\
C:\Program Files (x86)\Common Files\microsoft shared\MSClientDataMgr\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\MSClientDataMgr\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSClientDataMgr\
C:\Program Files\Java\jre7\lib\jfr\backup.exe
"C:\Program Files\Java\jre7\lib\jfr\backup.exe" C:\Program Files\Java\jre7\lib\jfr\
C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\
C:\Program Files\Java\jre7\lib\management\backup.exe
"C:\Program Files\Java\jre7\lib\management\backup.exe" C:\Program Files\Java\jre7\lib\management\
C:\Program Files\Java\jre7\lib\security\System Restore.exe
"C:\Program Files\Java\jre7\lib\security\System Restore.exe" C:\Program Files\Java\jre7\lib\security\
C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\PublicAssemblies\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\PublicAssemblies\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\PublicAssemblies\
C:\Program Files\Java\jre7\lib\zi\backup.exe
"C:\Program Files\Java\jre7\lib\zi\backup.exe" C:\Program Files\Java\jre7\lib\zi\
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\de-DE\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\de-DE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\de-DE\
C:\Program Files\Java\jre7\lib\zi\Africa\backup.exe
"C:\Program Files\Java\jre7\lib\zi\Africa\backup.exe" C:\Program Files\Java\jre7\lib\zi\Africa\
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\en-US\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\en-US\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\en-US\
C:\Program Files\Java\jre7\lib\zi\America\backup.exe
"C:\Program Files\Java\jre7\lib\zi\America\backup.exe" C:\Program Files\Java\jre7\lib\zi\America\
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\es-ES\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\es-ES\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\es-ES\
C:\Program Files\Java\jre7\lib\zi\America\Argentina\backup.exe
"C:\Program Files\Java\jre7\lib\zi\America\Argentina\backup.exe" C:\Program Files\Java\jre7\lib\zi\America\Argentina\
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\fr-FR\
C:\Program Files\Java\jre7\lib\zi\America\Indiana\backup.exe
"C:\Program Files\Java\jre7\lib\zi\America\Indiana\backup.exe" C:\Program Files\Java\jre7\lib\zi\America\Indiana\
C:\Program Files\Java\jre7\lib\zi\America\Kentucky\backup.exe
"C:\Program Files\Java\jre7\lib\zi\America\Kentucky\backup.exe" C:\Program Files\Java\jre7\lib\zi\America\Kentucky\
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\it-IT\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\it-IT\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\it-IT\
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\ja-JP\
C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\backup.exe
"C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\backup.exe" C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\
C:\Program Files\Java\jre7\lib\zi\Antarctica\backup.exe
"C:\Program Files\Java\jre7\lib\zi\Antarctica\backup.exe" C:\Program Files\Java\jre7\lib\zi\Antarctica\
C:\Program Files\Java\jre7\lib\zi\Asia\update.exe
"C:\Program Files\Java\jre7\lib\zi\Asia\update.exe" C:\Program Files\Java\jre7\lib\zi\Asia\
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\
C:\Program Files\Java\jre7\lib\zi\Atlantic\backup.exe
"C:\Program Files\Java\jre7\lib\zi\Atlantic\backup.exe" C:\Program Files\Java\jre7\lib\zi\Atlantic\
C:\Program Files\Java\jre7\lib\zi\Australia\backup.exe
"C:\Program Files\Java\jre7\lib\zi\Australia\backup.exe" C:\Program Files\Java\jre7\lib\zi\Australia\
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\
C:\Program Files\Java\jre7\lib\zi\Etc\backup.exe
"C:\Program Files\Java\jre7\lib\zi\Etc\backup.exe" C:\Program Files\Java\jre7\lib\zi\Etc\
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Access.en-us\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Access.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Access.en-us\
C:\Program Files\Java\jre7\lib\zi\Europe\backup.exe
"C:\Program Files\Java\jre7\lib\zi\Europe\backup.exe" C:\Program Files\Java\jre7\lib\zi\Europe\
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Excel.en-us\data.exe
"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Excel.en-us\data.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Excel.en-us\
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Groove.en-us\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Groove.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Groove.en-us\
C:\Program Files\Java\jre7\lib\zi\Indian\backup.exe
"C:\Program Files\Java\jre7\lib\zi\Indian\backup.exe" C:\Program Files\Java\jre7\lib\zi\Indian\
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\InfoPath.en-us\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\InfoPath.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\InfoPath.en-us\
C:\Program Files\Java\jre7\lib\zi\Pacific\backup.exe
"C:\Program Files\Java\jre7\lib\zi\Pacific\backup.exe" C:\Program Files\Java\jre7\lib\zi\Pacific\
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\
C:\Program Files\Java\jre7\lib\zi\SystemV\backup.exe
"C:\Program Files\Java\jre7\lib\zi\SystemV\backup.exe" C:\Program Files\Java\jre7\lib\zi\SystemV\
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.en-us\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.en-us\
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.WW\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.WW\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.WW\
C:\Program Files\Microsoft Games\backup.exe
"C:\Program Files\Microsoft Games\backup.exe" C:\Program Files\Microsoft Games\
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\OneNote.en-us\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\OneNote.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\OneNote.en-us\
C:\Program Files\Microsoft Games\Chess\backup.exe
"C:\Program Files\Microsoft Games\Chess\backup.exe" C:\Program Files\Microsoft Games\Chess\
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Outlook.en-us\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Outlook.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Outlook.en-us\
C:\Program Files\Microsoft Games\Chess\de-DE\backup.exe
"C:\Program Files\Microsoft Games\Chess\de-DE\backup.exe" C:\Program Files\Microsoft Games\Chess\de-DE\
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.en\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.en\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.en\
C:\Program Files\Microsoft Games\Chess\en-US\backup.exe
"C:\Program Files\Microsoft Games\Chess\en-US\backup.exe" C:\Program Files\Microsoft Games\Chess\en-US\
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.es\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.es\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.es\
C:\Program Files\Microsoft Games\Chess\es-ES\backup.exe
"C:\Program Files\Microsoft Games\Chess\es-ES\backup.exe" C:\Program Files\Microsoft Games\Chess\es-ES\
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.fr\update.exe
"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.fr\update.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.fr\
C:\Program Files\Microsoft Games\Chess\fr-FR\backup.exe
"C:\Program Files\Microsoft Games\Chess\fr-FR\backup.exe" C:\Program Files\Microsoft Games\Chess\fr-FR\
C:\Program Files\Microsoft Games\Chess\it-IT\backup.exe
"C:\Program Files\Microsoft Games\Chess\it-IT\backup.exe" C:\Program Files\Microsoft Games\Chess\it-IT\
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proofing.en-us\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proofing.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proofing.en-us\
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PROPLUS\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PROPLUS\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PROPLUS\
C:\Program Files\Microsoft Games\Chess\ja-JP\backup.exe
"C:\Program Files\Microsoft Games\Chess\ja-JP\backup.exe" C:\Program Files\Microsoft Games\Chess\ja-JP\
C:\Program Files\Microsoft Games\FreeCell\backup.exe
"C:\Program Files\Microsoft Games\FreeCell\backup.exe" C:\Program Files\Microsoft Games\FreeCell\
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Publisher.en-us\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Publisher.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Publisher.en-us\
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Word.en-us\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Word.en-us\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Word.en-us\
C:\Program Files\Microsoft Games\FreeCell\de-DE\backup.exe
"C:\Program Files\Microsoft Games\FreeCell\de-DE\backup.exe" C:\Program Files\Microsoft Games\FreeCell\de-DE\
C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\System Restore.exe
"C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\System Restore.exe" C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\
C:\Program Files\Microsoft Games\FreeCell\en-US\backup.exe
"C:\Program Files\Microsoft Games\FreeCell\en-US\backup.exe" C:\Program Files\Microsoft Games\FreeCell\en-US\
C:\Program Files (x86)\Common Files\microsoft shared\Portal\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\Portal\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Portal\
C:\Program Files\Microsoft Games\FreeCell\es-ES\backup.exe
"C:\Program Files\Microsoft Games\FreeCell\es-ES\backup.exe" C:\Program Files\Microsoft Games\FreeCell\es-ES\
C:\Program Files\Microsoft Games\FreeCell\fr-FR\update.exe
"C:\Program Files\Microsoft Games\FreeCell\fr-FR\update.exe" C:\Program Files\Microsoft Games\FreeCell\fr-FR\
C:\Program Files (x86)\Common Files\microsoft shared\Portal\1033\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\Portal\1033\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Portal\1033\
C:\Program Files (x86)\Common Files\microsoft shared\PROOF\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\PROOF\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\PROOF\
C:\Program Files\Microsoft Games\FreeCell\it-IT\backup.exe
"C:\Program Files\Microsoft Games\FreeCell\it-IT\backup.exe" C:\Program Files\Microsoft Games\FreeCell\it-IT\
C:\Program Files\Microsoft Games\FreeCell\ja-JP\data.exe
"C:\Program Files\Microsoft Games\FreeCell\ja-JP\data.exe" C:\Program Files\Microsoft Games\FreeCell\ja-JP\
C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\update.exe
"C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\update.exe" C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\
C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\1033\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\1033\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\1033\
C:\Program Files\Microsoft Games\Hearts\backup.exe
"C:\Program Files\Microsoft Games\Hearts\backup.exe" C:\Program Files\Microsoft Games\Hearts\
C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\
C:\Program Files\Microsoft Games\Hearts\de-DE\backup.exe
"C:\Program Files\Microsoft Games\Hearts\de-DE\backup.exe" C:\Program Files\Microsoft Games\Hearts\de-DE\
C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\1033\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\1033\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\1033\
C:\Program Files\Microsoft Games\Hearts\en-US\backup.exe
"C:\Program Files\Microsoft Games\Hearts\en-US\backup.exe" C:\Program Files\Microsoft Games\Hearts\en-US\
C:\Program Files\Microsoft Games\Hearts\es-ES\backup.exe
"C:\Program Files\Microsoft Games\Hearts\es-ES\backup.exe" C:\Program Files\Microsoft Games\Hearts\es-ES\
C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\update.exe
"C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\update.exe" C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\
C:\Program Files\Microsoft Games\Hearts\fr-FR\backup.exe
"C:\Program Files\Microsoft Games\Hearts\fr-FR\backup.exe" C:\Program Files\Microsoft Games\Hearts\fr-FR\
C:\Program Files (x86)\Common Files\microsoft shared\Stationery\System Restore.exe
"C:\Program Files (x86)\Common Files\microsoft shared\Stationery\System Restore.exe" C:\Program Files (x86)\Common Files\microsoft shared\Stationery\
C:\Program Files\Microsoft Games\Hearts\it-IT\backup.exe
"C:\Program Files\Microsoft Games\Hearts\it-IT\backup.exe" C:\Program Files\Microsoft Games\Hearts\it-IT\
C:\Program Files (x86)\Common Files\microsoft shared\TextConv\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\TextConv\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\
C:\Program Files (x86)\Common Files\microsoft shared\TextConv\de-DE\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\TextConv\de-DE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\de-DE\
C:\Program Files\Microsoft Games\Hearts\ja-JP\backup.exe
"C:\Program Files\Microsoft Games\Hearts\ja-JP\backup.exe" C:\Program Files\Microsoft Games\Hearts\ja-JP\
C:\Program Files (x86)\Common Files\microsoft shared\TextConv\en-US\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\TextConv\en-US\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\en-US\
C:\Program Files\Microsoft Games\Mahjong\backup.exe
"C:\Program Files\Microsoft Games\Mahjong\backup.exe" C:\Program Files\Microsoft Games\Mahjong\
C:\Program Files (x86)\Common Files\microsoft shared\TextConv\es-ES\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\TextConv\es-ES\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\es-ES\
C:\Program Files\Microsoft Games\Mahjong\de-DE\backup.exe
"C:\Program Files\Microsoft Games\Mahjong\de-DE\backup.exe" C:\Program Files\Microsoft Games\Mahjong\de-DE\
C:\Program Files (x86)\Common Files\microsoft shared\TextConv\fr-FR\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\TextConv\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\fr-FR\
C:\Program Files\Microsoft Games\Mahjong\en-US\System Restore.exe
"C:\Program Files\Microsoft Games\Mahjong\en-US\System Restore.exe" C:\Program Files\Microsoft Games\Mahjong\en-US\
C:\Program Files\Microsoft Games\Mahjong\es-ES\backup.exe
"C:\Program Files\Microsoft Games\Mahjong\es-ES\backup.exe" C:\Program Files\Microsoft Games\Mahjong\es-ES\
C:\Program Files (x86)\Common Files\microsoft shared\TextConv\it-IT\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\TextConv\it-IT\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\it-IT\
C:\Program Files\Microsoft Games\Mahjong\fr-FR\backup.exe
"C:\Program Files\Microsoft Games\Mahjong\fr-FR\backup.exe" C:\Program Files\Microsoft Games\Mahjong\fr-FR\
C:\Program Files (x86)\Common Files\microsoft shared\TextConv\ja-JP\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\TextConv\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\ja-JP\
C:\Program Files\Microsoft Games\Mahjong\it-IT\backup.exe
"C:\Program Files\Microsoft Games\Mahjong\it-IT\backup.exe" C:\Program Files\Microsoft Games\Mahjong\it-IT\
C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\
C:\Program Files\Microsoft Games\Mahjong\ja-JP\backup.exe
"C:\Program Files\Microsoft Games\Mahjong\ja-JP\backup.exe" C:\Program Files\Microsoft Games\Mahjong\ja-JP\
C:\Program Files\Microsoft Games\Minesweeper\backup.exe
"C:\Program Files\Microsoft Games\Minesweeper\backup.exe" C:\Program Files\Microsoft Games\Minesweeper\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AFTRNOON\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AFTRNOON\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AFTRNOON\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ARCTIC\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ARCTIC\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ARCTIC\
C:\Program Files\Microsoft Games\Minesweeper\de-DE\backup.exe
"C:\Program Files\Microsoft Games\Minesweeper\de-DE\backup.exe" C:\Program Files\Microsoft Games\Minesweeper\de-DE\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AXIS\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AXIS\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AXIS\
C:\Program Files\Microsoft Games\Minesweeper\en-US\backup.exe
"C:\Program Files\Microsoft Games\Minesweeper\en-US\backup.exe" C:\Program Files\Microsoft Games\Minesweeper\en-US\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLENDS\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLENDS\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLENDS\
C:\Program Files\Microsoft Games\Minesweeper\es-ES\update.exe
"C:\Program Files\Microsoft Games\Minesweeper\es-ES\update.exe" C:\Program Files\Microsoft Games\Minesweeper\es-ES\
C:\Program Files\Microsoft Games\Minesweeper\fr-FR\backup.exe
"C:\Program Files\Microsoft Games\Minesweeper\fr-FR\backup.exe" C:\Program Files\Microsoft Games\Minesweeper\fr-FR\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\
C:\Program Files\Microsoft Games\Minesweeper\it-IT\backup.exe
"C:\Program Files\Microsoft Games\Minesweeper\it-IT\backup.exe" C:\Program Files\Microsoft Games\Minesweeper\it-IT\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUEPRNT\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUEPRNT\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUEPRNT\
C:\Program Files\Microsoft Games\Minesweeper\ja-JP\backup.exe
"C:\Program Files\Microsoft Games\Minesweeper\ja-JP\backup.exe" C:\Program Files\Microsoft Games\Minesweeper\ja-JP\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BOLDSTRI\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BOLDSTRI\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BOLDSTRI\
C:\Program Files\Microsoft Games\More Games\backup.exe
"C:\Program Files\Microsoft Games\More Games\backup.exe" C:\Program Files\Microsoft Games\More Games\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BREEZE\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BREEZE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BREEZE\
C:\Program Files\Microsoft Games\More Games\de-DE\backup.exe
"C:\Program Files\Microsoft Games\More Games\de-DE\backup.exe" C:\Program Files\Microsoft Games\More Games\de-DE\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CANYON\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CANYON\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CANYON\
C:\Program Files\Microsoft Games\More Games\en-US\backup.exe
"C:\Program Files\Microsoft Games\More Games\en-US\backup.exe" C:\Program Files\Microsoft Games\More Games\en-US\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CAPSULES\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CAPSULES\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CAPSULES\
C:\Program Files\Microsoft Games\More Games\es-ES\backup.exe
"C:\Program Files\Microsoft Games\More Games\es-ES\backup.exe" C:\Program Files\Microsoft Games\More Games\es-ES\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CASCADE\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CASCADE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CASCADE\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\COMPASS\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\COMPASS\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\COMPASS\
C:\Program Files\Microsoft Games\More Games\fr-FR\backup.exe
"C:\Program Files\Microsoft Games\More Games\fr-FR\backup.exe" C:\Program Files\Microsoft Games\More Games\fr-FR\
C:\Program Files\Microsoft Games\More Games\it-IT\backup.exe
"C:\Program Files\Microsoft Games\More Games\it-IT\backup.exe" C:\Program Files\Microsoft Games\More Games\it-IT\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CONCRETE\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CONCRETE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CONCRETE\
C:\Program Files\Microsoft Games\More Games\ja-JP\backup.exe
"C:\Program Files\Microsoft Games\More Games\ja-JP\backup.exe" C:\Program Files\Microsoft Games\More Games\ja-JP\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\DEEPBLUE\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\DEEPBLUE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\DEEPBLUE\
C:\Program Files\Microsoft Games\Multiplayer\backup.exe
"C:\Program Files\Microsoft Games\Multiplayer\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECHO\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECHO\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECHO\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECLIPSE\update.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECLIPSE\update.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECLIPSE\
C:\Program Files\Microsoft Games\Multiplayer\Backgammon\backup.exe
"C:\Program Files\Microsoft Games\Multiplayer\Backgammon\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Backgammon\
C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\backup.exe
"C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EDGE\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EDGE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EDGE\
C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\backup.exe
"C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EVRGREEN\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EVRGREEN\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EVRGREEN\
C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\backup.exe
"C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EXPEDITN\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EXPEDITN\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EXPEDITN\
C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\backup.exe
"C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ICE\data.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ICE\data.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ICE\
C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\backup.exe
"C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\INDUST\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\INDUST\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\INDUST\
C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\backup.exe
"C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\IRIS\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\IRIS\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\IRIS\
C:\Program Files\Microsoft Games\Multiplayer\Checkers\backup.exe
"C:\Program Files\Microsoft Games\Multiplayer\Checkers\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Checkers\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\JOURNAL\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\JOURNAL\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\JOURNAL\
C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\backup.exe
"C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LAYERS\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LAYERS\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LAYERS\
C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\backup.exe
"C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LEVEL\System Restore.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LEVEL\System Restore.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LEVEL\
C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\backup.exe
"C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\NETWORK\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\NETWORK\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\NETWORK\
C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\backup.exe
"C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PAPYRUS\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PAPYRUS\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PAPYRUS\
C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\backup.exe
"C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PIXEL\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PIXEL\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PIXEL\
C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\backup.exe
"C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PROFILE\data.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PROFILE\data.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PROFILE\
C:\Program Files\Microsoft Games\Multiplayer\Spades\backup.exe
"C:\Program Files\Microsoft Games\Multiplayer\Spades\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Spades\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\QUAD\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\QUAD\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\QUAD\
C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\backup.exe
"C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RADIAL\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RADIAL\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RADIAL\
C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\backup.exe
"C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\REFINED\data.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\REFINED\data.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\REFINED\
C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\System Restore.exe
"C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\System Restore.exe" C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RICEPAPR\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RICEPAPR\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RICEPAPR\
C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\backup.exe
"C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RIPPLE\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RIPPLE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RIPPLE\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RMNSQUE\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RMNSQUE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RMNSQUE\
C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\update.exe
"C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\update.exe" C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SATIN\data.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SATIN\data.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SATIN\
C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\backup.exe
"C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\backup.exe" C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SKY\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SKY\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SKY\
C:\Program Files\Microsoft Games\Purble Place\backup.exe
"C:\Program Files\Microsoft Games\Purble Place\backup.exe" C:\Program Files\Microsoft Games\Purble Place\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SLATE\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SLATE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SLATE\
C:\Program Files\Microsoft Games\Purble Place\de-DE\backup.exe
"C:\Program Files\Microsoft Games\Purble Place\de-DE\backup.exe" C:\Program Files\Microsoft Games\Purble Place\de-DE\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SONORA\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SONORA\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SONORA\
C:\Program Files\Microsoft Games\Purble Place\en-US\backup.exe
"C:\Program Files\Microsoft Games\Purble Place\en-US\backup.exe" C:\Program Files\Microsoft Games\Purble Place\en-US\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SPRING\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SPRING\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SPRING\
C:\Program Files\Microsoft Games\Purble Place\es-ES\backup.exe
"C:\Program Files\Microsoft Games\Purble Place\es-ES\backup.exe" C:\Program Files\Microsoft Games\Purble Place\es-ES\
C:\Program Files\Microsoft Games\Purble Place\fr-FR\backup.exe
"C:\Program Files\Microsoft Games\Purble Place\fr-FR\backup.exe" C:\Program Files\Microsoft Games\Purble Place\fr-FR\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\STRTEDGE\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\STRTEDGE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\STRTEDGE\
C:\Program Files\Microsoft Games\Purble Place\it-IT\backup.exe
"C:\Program Files\Microsoft Games\Purble Place\it-IT\backup.exe" C:\Program Files\Microsoft Games\Purble Place\it-IT\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\STUDIO\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\STUDIO\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\STUDIO\
C:\Program Files\Microsoft Games\Purble Place\ja-JP\backup.exe
"C:\Program Files\Microsoft Games\Purble Place\ja-JP\backup.exe" C:\Program Files\Microsoft Games\Purble Place\ja-JP\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SUMIPNTG\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SUMIPNTG\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SUMIPNTG\
C:\Program Files\Microsoft Games\Solitaire\backup.exe
"C:\Program Files\Microsoft Games\Solitaire\backup.exe" C:\Program Files\Microsoft Games\Solitaire\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATER\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATER\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATER\
C:\Program Files\Microsoft Games\Solitaire\de-DE\backup.exe
"C:\Program Files\Microsoft Games\Solitaire\de-DE\backup.exe" C:\Program Files\Microsoft Games\Solitaire\de-DE\
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATERMAR\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATERMAR\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATERMAR\
C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\
C:\Program Files\Microsoft Games\Solitaire\en-US\backup.exe
"C:\Program Files\Microsoft Games\Solitaire\en-US\backup.exe" C:\Program Files\Microsoft Games\Solitaire\en-US\
C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ARFR\data.exe
"C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ARFR\data.exe" C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ARFR\
C:\Program Files\Microsoft Games\Solitaire\es-ES\backup.exe
"C:\Program Files\Microsoft Games\Solitaire\es-ES\backup.exe" C:\Program Files\Microsoft Games\Solitaire\es-ES\
C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENES\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENES\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENES\
C:\Program Files\Microsoft Games\Solitaire\fr-FR\backup.exe
"C:\Program Files\Microsoft Games\Solitaire\fr-FR\backup.exe" C:\Program Files\Microsoft Games\Solitaire\fr-FR\
C:\Program Files\Microsoft Games\Solitaire\it-IT\backup.exe
"C:\Program Files\Microsoft Games\Solitaire\it-IT\backup.exe" C:\Program Files\Microsoft Games\Solitaire\it-IT\
C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENFR\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENFR\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENFR\
C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ESEN\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ESEN\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ESEN\
C:\Program Files\Microsoft Games\Solitaire\ja-JP\backup.exe
"C:\Program Files\Microsoft Games\Solitaire\ja-JP\backup.exe" C:\Program Files\Microsoft Games\Solitaire\ja-JP\
C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\FRAR\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\FRAR\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\FRAR\
C:\Program Files\Microsoft Games\SpiderSolitaire\backup.exe
"C:\Program Files\Microsoft Games\SpiderSolitaire\backup.exe" C:\Program Files\Microsoft Games\SpiderSolitaire\
C:\Program Files\Microsoft Games\SpiderSolitaire\de-DE\backup.exe
"C:\Program Files\Microsoft Games\SpiderSolitaire\de-DE\backup.exe" C:\Program Files\Microsoft Games\SpiderSolitaire\de-DE\
C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\FREN\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\FREN\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\FREN\
C:\Program Files (x86)\Common Files\microsoft shared\Triedit\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\Triedit\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Triedit\
C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\backup.exe
"C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\backup.exe" C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\
C:\Program Files\Microsoft Games\SpiderSolitaire\es-ES\backup.exe
"C:\Program Files\Microsoft Games\SpiderSolitaire\es-ES\backup.exe" C:\Program Files\Microsoft Games\SpiderSolitaire\es-ES\
C:\Program Files (x86)\Common Files\microsoft shared\Triedit\de-DE\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\Triedit\de-DE\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Triedit\de-DE\
C:\Program Files\Microsoft Games\SpiderSolitaire\fr-FR\backup.exe
"C:\Program Files\Microsoft Games\SpiderSolitaire\fr-FR\backup.exe" C:\Program Files\Microsoft Games\SpiderSolitaire\fr-FR\
C:\Program Files (x86)\Common Files\microsoft shared\Triedit\en-US\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\Triedit\en-US\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Triedit\en-US\
C:\Program Files (x86)\Common Files\microsoft shared\Triedit\es-ES\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\Triedit\es-ES\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Triedit\es-ES\
C:\Program Files\Microsoft Games\SpiderSolitaire\it-IT\backup.exe
"C:\Program Files\Microsoft Games\SpiderSolitaire\it-IT\backup.exe" C:\Program Files\Microsoft Games\SpiderSolitaire\it-IT\
C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\backup.exe
"C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\backup.exe" C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\
C:\Program Files (x86)\Common Files\microsoft shared\Triedit\fr-FR\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\Triedit\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Triedit\fr-FR\
C:\Program Files (x86)\Common Files\microsoft shared\Triedit\it-IT\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\Triedit\it-IT\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Triedit\it-IT\
C:\Program Files\Microsoft Office\backup.exe
"C:\Program Files\Microsoft Office\backup.exe" C:\Program Files\Microsoft Office\
C:\Program Files (x86)\Common Files\microsoft shared\Triedit\ja-JP\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\Triedit\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Triedit\ja-JP\
C:\Program Files\Microsoft Office\Office14\backup.exe
"C:\Program Files\Microsoft Office\Office14\backup.exe" C:\Program Files\Microsoft Office\Office14\
C:\Program Files\Microsoft Office\Office14\1033\backup.exe
"C:\Program Files\Microsoft Office\Office14\1033\backup.exe" C:\Program Files\Microsoft Office\Office14\1033\
C:\Program Files (x86)\Common Files\microsoft shared\VBA\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\VBA\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\VBA\
C:\Program Files\Mozilla Firefox\update.exe
"C:\Program Files\Mozilla Firefox\update.exe" C:\Program Files\Mozilla Firefox\
C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA6\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA6\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA6\
C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA7\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA7\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA7\
C:\Program Files\Mozilla Firefox\browser\data.exe
"C:\Program Files\Mozilla Firefox\browser\data.exe" C:\Program Files\Mozilla Firefox\browser\
C:\Program Files\Mozilla Firefox\browser\features\backup.exe
"C:\Program Files\Mozilla Firefox\browser\features\backup.exe" C:\Program Files\Mozilla Firefox\browser\features\
C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA7\1033\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA7\1033\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA7\1033\
C:\Program Files\Mozilla Firefox\browser\VisualElements\backup.exe
"C:\Program Files\Mozilla Firefox\browser\VisualElements\backup.exe" C:\Program Files\Mozilla Firefox\browser\VisualElements\
C:\Program Files (x86)\Common Files\microsoft shared\VC\data.exe
"C:\Program Files (x86)\Common Files\microsoft shared\VC\data.exe" C:\Program Files (x86)\Common Files\microsoft shared\VC\
C:\Program Files (x86)\Common Files\microsoft shared\VGX\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\VGX\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\VGX\
C:\Program Files\Mozilla Firefox\defaults\backup.exe
"C:\Program Files\Mozilla Firefox\defaults\backup.exe" C:\Program Files\Mozilla Firefox\defaults\
C:\Program Files\Mozilla Firefox\defaults\pref\backup.exe
"C:\Program Files\Mozilla Firefox\defaults\pref\backup.exe" C:\Program Files\Mozilla Firefox\defaults\pref\
C:\Program Files (x86)\Common Files\microsoft shared\VSTA\update.exe
"C:\Program Files (x86)\Common Files\microsoft shared\VSTA\update.exe" C:\Program Files (x86)\Common Files\microsoft shared\VSTA\
C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\
C:\Program Files\Mozilla Firefox\fonts\backup.exe
"C:\Program Files\Mozilla Firefox\fonts\backup.exe" C:\Program Files\Mozilla Firefox\fonts\
C:\Program Files\Mozilla Firefox\gmp-clearkey\backup.exe
"C:\Program Files\Mozilla Firefox\gmp-clearkey\backup.exe" C:\Program Files\Mozilla Firefox\gmp-clearkey\
C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\x86\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\x86\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\x86\
C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\
C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\backup.exe
"C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\backup.exe" C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\
C:\Program Files\Mozilla Firefox\uninstall\data.exe
"C:\Program Files\Mozilla Firefox\uninstall\data.exe" C:\Program Files\Mozilla Firefox\uninstall\
C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\update.exe
"C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\update.exe" C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\
C:\Program Files\MSBuild\backup.exe
"C:\Program Files\MSBuild\backup.exe" C:\Program Files\MSBuild\
C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\
C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInSideAdapters\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInSideAdapters\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInSideAdapters\
C:\Program Files\MSBuild\Microsoft\backup.exe
"C:\Program Files\MSBuild\Microsoft\backup.exe" C:\Program Files\MSBuild\Microsoft\
C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInViews\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInViews\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInViews\
C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\backup.exe
"C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\backup.exe" C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\
C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\backup.exe
"C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\backup.exe" C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\
C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\
C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\System Restore.exe
"C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\System Restore.exe" C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\
C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\HostSideAdapters\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\HostSideAdapters\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\HostSideAdapters\
C:\Program Files\Reference Assemblies\backup.exe
"C:\Program Files\Reference Assemblies\backup.exe" C:\Program Files\Reference Assemblies\
C:\Program Files (x86)\Common Files\microsoft shared\VSTO\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\VSTO\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\VSTO\
C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\
C:\Program Files\Reference Assemblies\Microsoft\backup.exe
"C:\Program Files\Reference Assemblies\Microsoft\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\
C:\Program Files\Reference Assemblies\Microsoft\Framework\backup.exe
"C:\Program Files\Reference Assemblies\Microsoft\Framework\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\
C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\
C:\Users\backup.exe
C:\Users\backup.exe C:\Users\
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\backup.exe
"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\
C:\Users\Admin\update.exe
C:\Users\Admin\update.exe C:\Users\Admin\
C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\backup.exe
"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\
C:\Users\Admin\Contacts\backup.exe
C:\Users\Admin\Contacts\backup.exe C:\Users\Admin\Contacts\
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\backup.exe
"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\
C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\1033\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\1033\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\1033\
C:\Users\Admin\Desktop\backup.exe
C:\Users\Admin\Desktop\backup.exe C:\Users\Admin\Desktop\
C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\backup.exe
"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\
C:\Users\Admin\Documents\backup.exe
C:\Users\Admin\Documents\backup.exe C:\Users\Admin\Documents\
C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\backup.exe
"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\
C:\Users\Admin\Downloads\backup.exe
C:\Users\Admin\Downloads\backup.exe C:\Users\Admin\Downloads\
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\backup.exe
"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\
C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\BIN\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\BIN\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\BIN\
C:\Users\Admin\Favorites\backup.exe
C:\Users\Admin\Favorites\backup.exe C:\Users\Admin\Favorites\
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\backup.exe
"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\
C:\Users\Admin\Links\backup.exe
C:\Users\Admin\Links\backup.exe C:\Users\Admin\Links\
C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\BIN\1033\backup.exe
"C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\BIN\1033\backup.exe" C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\BIN\1033\
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\backup.exe
"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\
C:\Users\Admin\Music\backup.exe
C:\Users\Admin\Music\backup.exe C:\Users\Admin\Music\
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\backup.exe
"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\
C:\Program Files (x86)\Common Files\Services\backup.exe
"C:\Program Files (x86)\Common Files\Services\backup.exe" C:\Program Files (x86)\Common Files\Services\
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\backup.exe
"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\
C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe
"C:\Program Files (x86)\Common Files\SpeechEngines\backup.exe" C:\Program Files (x86)\Common Files\SpeechEngines\
C:\Users\Admin\Pictures\backup.exe
C:\Users\Admin\Pictures\backup.exe C:\Users\Admin\Pictures\
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\backup.exe
"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\
C:\Users\Admin\Saved Games\backup.exe
"C:\Users\Admin\Saved Games\backup.exe" C:\Users\Admin\Saved Games\
C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\System Restore.exe
"C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\System Restore.exe" C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\backup.exe
"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\
C:\Program Files (x86)\Common Files\System\backup.exe
"C:\Program Files (x86)\Common Files\System\backup.exe" C:\Program Files (x86)\Common Files\System\
C:\Users\Admin\Searches\System Restore.exe
"C:\Users\Admin\Searches\System Restore.exe" C:\Users\Admin\Searches\
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\backup.exe
"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\
C:\Users\Admin\Videos\backup.exe
C:\Users\Admin\Videos\backup.exe C:\Users\Admin\Videos\
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\backup.exe
"C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\backup.exe" C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\
C:\Program Files (x86)\Common Files\System\ado\backup.exe
"C:\Program Files (x86)\Common Files\System\ado\backup.exe" C:\Program Files (x86)\Common Files\System\ado\
C:\Users\Public\backup.exe
C:\Users\Public\backup.exe C:\Users\Public\
C:\Program Files (x86)\Common Files\System\ado\de-DE\backup.exe
"C:\Program Files (x86)\Common Files\System\ado\de-DE\backup.exe" C:\Program Files (x86)\Common Files\System\ado\de-DE\
C:\Program Files\VideoLAN\backup.exe
"C:\Program Files\VideoLAN\backup.exe" C:\Program Files\VideoLAN\
C:\Program Files (x86)\Common Files\System\ado\en-US\backup.exe
"C:\Program Files (x86)\Common Files\System\ado\en-US\backup.exe" C:\Program Files (x86)\Common Files\System\ado\en-US\
C:\Users\Public\Documents\data.exe
C:\Users\Public\Documents\data.exe C:\Users\Public\Documents\
C:\Program Files\VideoLAN\VLC\backup.exe
"C:\Program Files\VideoLAN\VLC\backup.exe" C:\Program Files\VideoLAN\VLC\
C:\Program Files (x86)\Common Files\System\ado\es-ES\backup.exe
"C:\Program Files (x86)\Common Files\System\ado\es-ES\backup.exe" C:\Program Files (x86)\Common Files\System\ado\es-ES\
C:\Program Files\VideoLAN\VLC\hrtfs\backup.exe
"C:\Program Files\VideoLAN\VLC\hrtfs\backup.exe" C:\Program Files\VideoLAN\VLC\hrtfs\
C:\Users\Public\Downloads\backup.exe
C:\Users\Public\Downloads\backup.exe C:\Users\Public\Downloads\
C:\Program Files (x86)\Common Files\System\ado\fr-FR\backup.exe
"C:\Program Files (x86)\Common Files\System\ado\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\System\ado\fr-FR\
C:\Program Files\VideoLAN\VLC\locale\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\backup.exe" C:\Program Files\VideoLAN\VLC\locale\
C:\Users\Public\Music\backup.exe
C:\Users\Public\Music\backup.exe C:\Users\Public\Music\
C:\Program Files (x86)\Common Files\System\ado\it-IT\backup.exe
"C:\Program Files (x86)\Common Files\System\ado\it-IT\backup.exe" C:\Program Files (x86)\Common Files\System\ado\it-IT\
C:\Program Files\VideoLAN\VLC\locale\ach\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\ach\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ach\
C:\Users\Public\Music\Sample Music\backup.exe
"C:\Users\Public\Music\Sample Music\backup.exe" C:\Users\Public\Music\Sample Music\
C:\Program Files (x86)\Common Files\System\ado\ja-JP\backup.exe
"C:\Program Files (x86)\Common Files\System\ado\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\System\ado\ja-JP\
C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\
C:\Program Files (x86)\Common Files\System\de-DE\backup.exe
"C:\Program Files (x86)\Common Files\System\de-DE\backup.exe" C:\Program Files (x86)\Common Files\System\de-DE\
C:\Users\Public\Pictures\backup.exe
C:\Users\Public\Pictures\backup.exe C:\Users\Public\Pictures\
C:\Program Files\VideoLAN\VLC\locale\af\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\af\backup.exe" C:\Program Files\VideoLAN\VLC\locale\af\
C:\Program Files (x86)\Common Files\System\en-US\backup.exe
"C:\Program Files (x86)\Common Files\System\en-US\backup.exe" C:\Program Files (x86)\Common Files\System\en-US\
C:\Users\Public\Pictures\Sample Pictures\backup.exe
"C:\Users\Public\Pictures\Sample Pictures\backup.exe" C:\Users\Public\Pictures\Sample Pictures\
C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\
C:\Program Files (x86)\Common Files\System\es-ES\backup.exe
"C:\Program Files (x86)\Common Files\System\es-ES\backup.exe" C:\Program Files (x86)\Common Files\System\es-ES\
C:\Users\Public\Recorded TV\backup.exe
"C:\Users\Public\Recorded TV\backup.exe" C:\Users\Public\Recorded TV\
C:\Program Files (x86)\Common Files\System\fr-FR\backup.exe
"C:\Program Files (x86)\Common Files\System\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\System\fr-FR\
C:\Program Files\VideoLAN\VLC\locale\am\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\am\backup.exe" C:\Program Files\VideoLAN\VLC\locale\am\
C:\Users\Public\Recorded TV\Sample Media\backup.exe
"C:\Users\Public\Recorded TV\Sample Media\backup.exe" C:\Users\Public\Recorded TV\Sample Media\
C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\update.exe
"C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\update.exe" C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\
C:\Program Files (x86)\Common Files\System\it-IT\backup.exe
"C:\Program Files (x86)\Common Files\System\it-IT\backup.exe" C:\Program Files (x86)\Common Files\System\it-IT\
C:\Users\Public\Videos\backup.exe
C:\Users\Public\Videos\backup.exe C:\Users\Public\Videos\
C:\Program Files\VideoLAN\VLC\locale\am_ET\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\am_ET\backup.exe" C:\Program Files\VideoLAN\VLC\locale\am_ET\
C:\Users\Public\Videos\Sample Videos\backup.exe
"C:\Users\Public\Videos\Sample Videos\backup.exe" C:\Users\Public\Videos\Sample Videos\
C:\Program Files (x86)\Common Files\System\ja-JP\backup.exe
"C:\Program Files (x86)\Common Files\System\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\System\ja-JP\
C:\Program Files\VideoLAN\VLC\locale\am_ET\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\am_ET\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\am_ET\LC_MESSAGES\
C:\Windows\backup.exe
C:\Windows\backup.exe C:\Windows\
C:\Program Files\VideoLAN\VLC\locale\an\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\an\backup.exe" C:\Program Files\VideoLAN\VLC\locale\an\
C:\Program Files (x86)\Common Files\System\msadc\backup.exe
"C:\Program Files (x86)\Common Files\System\msadc\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\
C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\
C:\Windows\addins\backup.exe
C:\Windows\addins\backup.exe C:\Windows\addins\
C:\Program Files (x86)\Common Files\System\msadc\de-DE\backup.exe
"C:\Program Files (x86)\Common Files\System\msadc\de-DE\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\de-DE\
C:\Program Files\VideoLAN\VLC\locale\ar\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\ar\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ar\
C:\Windows\AppCompat\backup.exe
C:\Windows\AppCompat\backup.exe C:\Windows\AppCompat\
C:\Program Files (x86)\Common Files\System\msadc\en-US\backup.exe
"C:\Program Files (x86)\Common Files\System\msadc\en-US\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\en-US\
C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\
C:\Windows\AppPatch\backup.exe
C:\Windows\AppPatch\backup.exe C:\Windows\AppPatch\
C:\Program Files (x86)\Common Files\System\msadc\es-ES\System Restore.exe
"C:\Program Files (x86)\Common Files\System\msadc\es-ES\System Restore.exe" C:\Program Files (x86)\Common Files\System\msadc\es-ES\
C:\Program Files\VideoLAN\VLC\locale\as_IN\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\as_IN\backup.exe" C:\Program Files\VideoLAN\VLC\locale\as_IN\
C:\Windows\AppPatch\AppPatch64\backup.exe
C:\Windows\AppPatch\AppPatch64\backup.exe C:\Windows\AppPatch\AppPatch64\
C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\
C:\Program Files (x86)\Common Files\System\msadc\fr-FR\backup.exe
"C:\Program Files (x86)\Common Files\System\msadc\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\fr-FR\
C:\Windows\AppPatch\Custom\update.exe
C:\Windows\AppPatch\Custom\update.exe C:\Windows\AppPatch\Custom\
C:\Program Files (x86)\Common Files\System\msadc\it-IT\backup.exe
"C:\Program Files (x86)\Common Files\System\msadc\it-IT\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\it-IT\
C:\Program Files\VideoLAN\VLC\locale\ast\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\ast\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ast\
C:\Windows\AppPatch\Custom\Custom64\backup.exe
C:\Windows\AppPatch\Custom\Custom64\backup.exe C:\Windows\AppPatch\Custom\Custom64\
C:\Windows\AppPatch\de-DE\backup.exe
C:\Windows\AppPatch\de-DE\backup.exe C:\Windows\AppPatch\de-DE\
C:\Program Files (x86)\Common Files\System\msadc\ja-JP\backup.exe
"C:\Program Files (x86)\Common Files\System\msadc\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\System\msadc\ja-JP\
C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\
C:\Program Files (x86)\Common Files\System\MSMAPI\backup.exe
"C:\Program Files (x86)\Common Files\System\MSMAPI\backup.exe" C:\Program Files (x86)\Common Files\System\MSMAPI\
C:\Windows\AppPatch\en-US\backup.exe
C:\Windows\AppPatch\en-US\backup.exe C:\Windows\AppPatch\en-US\
C:\Program Files\VideoLAN\VLC\locale\be\System Restore.exe
"C:\Program Files\VideoLAN\VLC\locale\be\System Restore.exe" C:\Program Files\VideoLAN\VLC\locale\be\
C:\Program Files (x86)\Common Files\System\MSMAPI\1033\backup.exe
"C:\Program Files (x86)\Common Files\System\MSMAPI\1033\backup.exe" C:\Program Files (x86)\Common Files\System\MSMAPI\1033\
C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\System Restore.exe
"C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\System Restore.exe" C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\
C:\Windows\AppPatch\es-ES\backup.exe
C:\Windows\AppPatch\es-ES\backup.exe C:\Windows\AppPatch\es-ES\
C:\Program Files (x86)\Common Files\System\Ole DB\backup.exe
"C:\Program Files (x86)\Common Files\System\Ole DB\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\
C:\Program Files\VideoLAN\VLC\locale\bg\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\bg\backup.exe" C:\Program Files\VideoLAN\VLC\locale\bg\
C:\Program Files (x86)\Common Files\System\Ole DB\de-DE\backup.exe
"C:\Program Files (x86)\Common Files\System\Ole DB\de-DE\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\de-DE\
C:\Windows\AppPatch\fr-FR\backup.exe
C:\Windows\AppPatch\fr-FR\backup.exe C:\Windows\AppPatch\fr-FR\
C:\Program Files (x86)\Common Files\System\Ole DB\en-US\backup.exe
"C:\Program Files (x86)\Common Files\System\Ole DB\en-US\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\en-US\
C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\
C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\backup.exe
"C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\
C:\Windows\AppPatch\it-IT\backup.exe
C:\Windows\AppPatch\it-IT\backup.exe C:\Windows\AppPatch\it-IT\
C:\Program Files (x86)\Common Files\System\Ole DB\fr-FR\backup.exe
"C:\Program Files (x86)\Common Files\System\Ole DB\fr-FR\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\fr-FR\
C:\Program Files\VideoLAN\VLC\locale\bn\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\bn\backup.exe" C:\Program Files\VideoLAN\VLC\locale\bn\
C:\Windows\AppPatch\ja-JP\backup.exe
C:\Windows\AppPatch\ja-JP\backup.exe C:\Windows\AppPatch\ja-JP\
C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\backup.exe
"C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\
C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\
C:\Windows\assembly\backup.exe
C:\Windows\assembly\backup.exe C:\Windows\assembly\
C:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\backup.exe
"C:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\backup.exe" C:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\
C:\Program Files (x86)\Google\update.exe
"C:\Program Files (x86)\Google\update.exe" C:\Program Files (x86)\Google\
C:\Program Files\VideoLAN\VLC\locale\bn_IN\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\bn_IN\backup.exe" C:\Program Files\VideoLAN\VLC\locale\bn_IN\
C:\Windows\assembly\GAC\backup.exe
C:\Windows\assembly\GAC\backup.exe C:\Windows\assembly\GAC\
C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\
C:\Windows\assembly\GAC\ADODB\backup.exe
C:\Windows\assembly\GAC\ADODB\backup.exe C:\Windows\assembly\GAC\ADODB\
C:\Program Files (x86)\Google\CrashReports\backup.exe
"C:\Program Files (x86)\Google\CrashReports\backup.exe" C:\Program Files (x86)\Google\CrashReports\
C:\Program Files\VideoLAN\VLC\locale\br\data.exe
"C:\Program Files\VideoLAN\VLC\locale\br\data.exe" C:\Program Files\VideoLAN\VLC\locale\br\
C:\Program Files (x86)\Google\Temp\backup.exe
"C:\Program Files (x86)\Google\Temp\backup.exe" C:\Program Files (x86)\Google\Temp\
C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\backup.exe
C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\
C:\Program Files (x86)\Google\Update\backup.exe
"C:\Program Files (x86)\Google\Update\backup.exe" C:\Program Files (x86)\Google\Update\
C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\
C:\Windows\assembly\GAC\Extensibility\backup.exe
C:\Windows\assembly\GAC\Extensibility\backup.exe C:\Windows\assembly\GAC\Extensibility\
C:\Program Files (x86)\Google\Update\1.3.36.151\backup.exe
"C:\Program Files (x86)\Google\Update\1.3.36.151\backup.exe" C:\Program Files (x86)\Google\Update\1.3.36.151\
C:\Program Files\VideoLAN\VLC\locale\brx\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\brx\backup.exe" C:\Program Files\VideoLAN\VLC\locale\brx\
C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\backup.exe
C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\
C:\Program Files (x86)\Google\Update\Download\backup.exe
"C:\Program Files (x86)\Google\Update\Download\backup.exe" C:\Program Files (x86)\Google\Update\Download\
C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\backup.exe
"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\backup.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\
C:\Windows\assembly\GAC\Microsoft.Ink\backup.exe
C:\Windows\assembly\GAC\Microsoft.Ink\backup.exe C:\Windows\assembly\GAC\Microsoft.Ink\
C:\Program Files\VideoLAN\VLC\locale\bs\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\bs\backup.exe" C:\Program Files\VideoLAN\VLC\locale\bs\
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\backup.exe
"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\backup.exe" C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\
C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\
C:\Windows\assembly\GAC\Microsoft.Ink\1.0.2201.0__31bf3856ad364e35\backup.exe
C:\Windows\assembly\GAC\Microsoft.Ink\1.0.2201.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC\Microsoft.Ink\1.0.2201.0__31bf3856ad364e35\
C:\Program Files\VideoLAN\VLC\locale\ca\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\ca\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ca\
C:\Program Files (x86)\Google\Update\Install\backup.exe
"C:\Program Files (x86)\Google\Update\Install\backup.exe" C:\Program Files (x86)\Google\Update\Install\
C:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\backup.exe
C:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\
C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\
C:\Program Files (x86)\Google\Update\Install\{0AC99519-0FE0-4797-A0D6-2C21B93D4350}\backup.exe
"C:\Program Files (x86)\Google\Update\Install\{0AC99519-0FE0-4797-A0D6-2C21B93D4350}\backup.exe" C:\Program Files (x86)\Google\Update\Install\{0AC99519-0FE0-4797-A0D6-2C21B93D4350}\
C:\Windows\assembly\GAC\Microsoft.mshtml\backup.exe
C:\Windows\assembly\GAC\Microsoft.mshtml\backup.exe C:\Windows\assembly\GAC\Microsoft.mshtml\
C:\Program Files (x86)\Google\Update\Offline\update.exe
"C:\Program Files (x86)\Google\Update\Offline\update.exe" C:\Program Files (x86)\Google\Update\Offline\
C:\Program Files\VideoLAN\VLC\locale\ca@valencia\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\ca@valencia\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ca@valencia\
C:\Program Files (x86)\Internet Explorer\System Restore.exe
"C:\Program Files (x86)\Internet Explorer\System Restore.exe" C:\Program Files (x86)\Internet Explorer\
C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\backup.exe
C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\
C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe
"C:\Program Files (x86)\Internet Explorer\de-DE\backup.exe" C:\Program Files (x86)\Internet Explorer\de-DE\
C:\Program Files\VideoLAN\VLC\locale\ca@valencia\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\ca@valencia\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ca@valencia\LC_MESSAGES\
C:\Windows\assembly\GAC\Microsoft.StdFormat\backup.exe
C:\Windows\assembly\GAC\Microsoft.StdFormat\backup.exe C:\Windows\assembly\GAC\Microsoft.StdFormat\
C:\Program Files (x86)\Internet Explorer\en-US\backup.exe
"C:\Program Files (x86)\Internet Explorer\en-US\backup.exe" C:\Program Files (x86)\Internet Explorer\en-US\
C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\backup.exe
C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\
C:\Program Files\VideoLAN\VLC\locale\cgg\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\cgg\backup.exe" C:\Program Files\VideoLAN\VLC\locale\cgg\
C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe
"C:\Program Files (x86)\Internet Explorer\es-ES\backup.exe" C:\Program Files (x86)\Internet Explorer\es-ES\
C:\Windows\assembly\GAC\mscomctl\backup.exe
C:\Windows\assembly\GAC\mscomctl\backup.exe C:\Windows\assembly\GAC\mscomctl\
C:\Program Files (x86)\Internet Explorer\fr-FR\backup.exe
"C:\Program Files (x86)\Internet Explorer\fr-FR\backup.exe" C:\Program Files (x86)\Internet Explorer\fr-FR\
C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\
C:\Windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\backup.exe
C:\Windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\
C:\Program Files (x86)\Internet Explorer\it-IT\backup.exe
"C:\Program Files (x86)\Internet Explorer\it-IT\backup.exe" C:\Program Files (x86)\Internet Explorer\it-IT\
C:\Windows\assembly\GAC\MSDATASRC\backup.exe
C:\Windows\assembly\GAC\MSDATASRC\backup.exe C:\Windows\assembly\GAC\MSDATASRC\
C:\Program Files (x86)\Internet Explorer\ja-JP\System Restore.exe
"C:\Program Files (x86)\Internet Explorer\ja-JP\System Restore.exe" C:\Program Files (x86)\Internet Explorer\ja-JP\
C:\Program Files\VideoLAN\VLC\locale\co\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\co\backup.exe" C:\Program Files\VideoLAN\VLC\locale\co\
C:\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\backup.exe
C:\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\
C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\
C:\Program Files (x86)\Internet Explorer\SIGNUP\backup.exe
"C:\Program Files (x86)\Internet Explorer\SIGNUP\backup.exe" C:\Program Files (x86)\Internet Explorer\SIGNUP\
C:\Windows\assembly\GAC\stdole\backup.exe
C:\Windows\assembly\GAC\stdole\backup.exe C:\Windows\assembly\GAC\stdole\
C:\Program Files\VideoLAN\VLC\locale\cs\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\cs\backup.exe" C:\Program Files\VideoLAN\VLC\locale\cs\
C:\Program Files (x86)\Microsoft Analysis Services\backup.exe
"C:\Program Files (x86)\Microsoft Analysis Services\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\
C:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\backup.exe
C:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\
C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\
C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\data.exe
"C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\data.exe" C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\
C:\Program Files\VideoLAN\VLC\locale\cy\System Restore.exe
"C:\Program Files\VideoLAN\VLC\locale\cy\System Restore.exe" C:\Program Files\VideoLAN\VLC\locale\cy\
C:\Windows\assembly\GAC_32\backup.exe
C:\Windows\assembly\GAC_32\backup.exe C:\Windows\assembly\GAC_32\
C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\
C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\backup.exe
"C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\
C:\Windows\assembly\GAC_32\AuditPolicyGPManagedStubs.Interop\backup.exe
C:\Windows\assembly\GAC_32\AuditPolicyGPManagedStubs.Interop\backup.exe C:\Windows\assembly\GAC_32\AuditPolicyGPManagedStubs.Interop\
C:\Program Files\VideoLAN\VLC\locale\da\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\da\backup.exe" C:\Program Files\VideoLAN\VLC\locale\da\
C:\Windows\assembly\GAC_32\AuditPolicyGPManagedStubs.Interop\6.1.0.0__31bf3856ad364e35\backup.exe
C:\Windows\assembly\GAC_32\AuditPolicyGPManagedStubs.Interop\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\AuditPolicyGPManagedStubs.Interop\6.1.0.0__31bf3856ad364e35\
C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\backup.exe
"C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\
C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\
C:\Windows\assembly\GAC_32\BDATunePIA\backup.exe
C:\Windows\assembly\GAC_32\BDATunePIA\backup.exe C:\Windows\assembly\GAC_32\BDATunePIA\
C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\data.exe
"C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\data.exe" C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\
C:\Program Files\VideoLAN\VLC\locale\de\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\de\backup.exe" C:\Program Files\VideoLAN\VLC\locale\de\
C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\backup.exe
"C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\backup.exe" C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\
C:\Windows\assembly\GAC_32\BDATunePIA\6.1.0.0__31bf3856ad364e35\backup.exe
C:\Windows\assembly\GAC_32\BDATunePIA\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\BDATunePIA\6.1.0.0__31bf3856ad364e35\
C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\
C:\Windows\assembly\GAC_32\CustomMarshalers\backup.exe
C:\Windows\assembly\GAC_32\CustomMarshalers\backup.exe C:\Windows\assembly\GAC_32\CustomMarshalers\
C:\Program Files (x86)\Microsoft Office\backup.exe
"C:\Program Files (x86)\Microsoft Office\backup.exe" C:\Program Files (x86)\Microsoft Office\
C:\Program Files\VideoLAN\VLC\locale\el\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\el\backup.exe" C:\Program Files\VideoLAN\VLC\locale\el\
C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\backup.exe
C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\
C:\Program Files (x86)\Microsoft Office\CLIPART\update.exe
"C:\Program Files (x86)\Microsoft Office\CLIPART\update.exe" C:\Program Files (x86)\Microsoft Office\CLIPART\
C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\
C:\Windows\assembly\GAC_32\ehexthost32\backup.exe
C:\Windows\assembly\GAC_32\ehexthost32\backup.exe C:\Windows\assembly\GAC_32\ehexthost32\
C:\Program Files\VideoLAN\VLC\locale\en_GB\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\en_GB\backup.exe" C:\Program Files\VideoLAN\VLC\locale\en_GB\
C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\backup.exe
"C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\backup.exe" C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\
C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\
C:\Windows\assembly\GAC_32\ehexthost32\6.1.0.0__31bf3856ad364e35\backup.exe
C:\Windows\assembly\GAC_32\ehexthost32\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\ehexthost32\6.1.0.0__31bf3856ad364e35\
C:\Program Files\VideoLAN\VLC\locale\eo\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\eo\backup.exe" C:\Program Files\VideoLAN\VLC\locale\eo\
C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\backup.exe
"C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\backup.exe" C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\
C:\Program Files\VideoLAN\VLC\locale\eo\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\eo\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\eo\LC_MESSAGES\
C:\Windows\assembly\GAC_32\ISymWrapper\backup.exe
C:\Windows\assembly\GAC_32\ISymWrapper\backup.exe C:\Windows\assembly\GAC_32\ISymWrapper\
C:\Program Files\VideoLAN\VLC\locale\es\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\es\backup.exe" C:\Program Files\VideoLAN\VLC\locale\es\
C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\backup.exe
C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\
C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\backup.exe
"C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\backup.exe" C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\
C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\System Restore.exe
"C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\System Restore.exe" C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\
C:\Program Files (x86)\Microsoft Office\Document Themes 14\backup.exe
"C:\Program Files (x86)\Microsoft Office\Document Themes 14\backup.exe" C:\Program Files (x86)\Microsoft Office\Document Themes 14\
C:\Windows\assembly\GAC_32\mcstoredb\backup.exe
C:\Windows\assembly\GAC_32\mcstoredb\backup.exe C:\Windows\assembly\GAC_32\mcstoredb\
C:\Program Files\VideoLAN\VLC\locale\es_MX\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\es_MX\backup.exe" C:\Program Files\VideoLAN\VLC\locale\es_MX\
C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\backup.exe
"C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\backup.exe" C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\
C:\Program Files\VideoLAN\VLC\locale\es_MX\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\es_MX\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\es_MX\LC_MESSAGES\
C:\Windows\assembly\GAC_32\mcstoredb\6.1.0.0__31bf3856ad364e35\backup.exe
C:\Windows\assembly\GAC_32\mcstoredb\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\mcstoredb\6.1.0.0__31bf3856ad364e35\
C:\Program Files\VideoLAN\VLC\locale\et\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\et\backup.exe" C:\Program Files\VideoLAN\VLC\locale\et\
C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\backup.exe
"C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\backup.exe" C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\backup.exe
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\backup.exe C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\
C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\
C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\backup.exe
"C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\backup.exe" C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\6.1.0.0__31bf3856ad364e35\backup.exe
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\6.1.0.0__31bf3856ad364e35\
C:\Program Files\VideoLAN\VLC\locale\eu\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\eu\backup.exe" C:\Program Files\VideoLAN\VLC\locale\eu\
C:\Program Files (x86)\Microsoft Office\MEDIA\backup.exe
"C:\Program Files (x86)\Microsoft Office\MEDIA\backup.exe" C:\Program Files (x86)\Microsoft Office\MEDIA\
C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\
C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\backup.exe
"C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\backup.exe" C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\backup.exe
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\backup.exe C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\
C:\Program Files\VideoLAN\VLC\locale\fa\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\fa\backup.exe" C:\Program Files\VideoLAN\VLC\locale\fa\
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_de_31bf3856ad364e35\backup.exe
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_de_31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_de_31bf3856ad364e35\
C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\1033\backup.exe
"C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\1033\backup.exe" C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\1033\
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_en_31bf3856ad364e35\backup.exe
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_en_31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_en_31bf3856ad364e35\
C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_es_31bf3856ad364e35\backup.exe
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_es_31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_es_31bf3856ad364e35\
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\backup.exe
"C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\backup.exe" C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\
C:\Program Files\VideoLAN\VLC\locale\ff\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\ff\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ff\
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_fr_31bf3856ad364e35\backup.exe
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_fr_31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_fr_31bf3856ad364e35\
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\1033\backup.exe
"C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\1033\backup.exe" C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\1033\
C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\backup.exe
"C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\backup.exe" C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_it_31bf3856ad364e35\backup.exe
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_it_31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_it_31bf3856ad364e35\
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\backup.exe
"C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\backup.exe" C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_ja_31bf3856ad364e35\backup.exe
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_ja_31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_ja_31bf3856ad364e35\
C:\Program Files\VideoLAN\VLC\locale\fi\System Restore.exe
"C:\Program Files\VideoLAN\VLC\locale\fi\System Restore.exe" C:\Program Files\VideoLAN\VLC\locale\fi\
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\backup.exe
"C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\backup.exe" C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.Interop\backup.exe
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.Interop\backup.exe C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.Interop\
C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.Interop\2.0.0.0__31bf3856ad364e35\backup.exe
C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.Interop\2.0.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.Interop\2.0.0.0__31bf3856ad364e35\
C:\Program Files (x86)\Microsoft Office\Office14\backup.exe
"C:\Program Files (x86)\Microsoft Office\Office14\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\
C:\Program Files\VideoLAN\VLC\locale\fr\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\fr\backup.exe" C:\Program Files\VideoLAN\VLC\locale\fr\
C:\Windows\assembly\GAC_32\Microsoft.Ink\backup.exe
C:\Windows\assembly\GAC_32\Microsoft.Ink\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Ink\
C:\Program Files (x86)\Microsoft Office\Office14\1033\backup.exe
"C:\Program Files (x86)\Microsoft Office\Office14\1033\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\
C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\data.exe
"C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\data.exe" C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\
C:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\backup.exe
C:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\
C:\Program Files\VideoLAN\VLC\locale\fur\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\fur\backup.exe" C:\Program Files\VideoLAN\VLC\locale\fur\
C:\Program Files (x86)\Microsoft Office\Office14\1033\Bibliography\backup.exe
"C:\Program Files (x86)\Microsoft Office\Office14\1033\Bibliography\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\Bibliography\
C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\backup.exe
C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\
C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\backup.exe
"C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\
C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\
C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\backup.exe
C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\backup.exe
"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\
C:\Program Files\VideoLAN\VLC\locale\fy\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\fy\backup.exe" C:\Program Files\VideoLAN\VLC\locale\fy\
C:\Windows\assembly\GAC_32\Microsoft.Office.Access.BusinessDataCatalog\backup.exe
C:\Windows\assembly\GAC_32\Microsoft.Office.Access.BusinessDataCatalog\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Office.Access.BusinessDataCatalog\
C:\Windows\assembly\GAC_32\Microsoft.Office.Access.BusinessDataCatalog\14.0.0.0__71e9bce111e9429c\backup.exe
C:\Windows\assembly\GAC_32\Microsoft.Office.Access.BusinessDataCatalog\14.0.0.0__71e9bce111e9429c\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Office.Access.BusinessDataCatalog\14.0.0.0__71e9bce111e9429c\
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\backup.exe
"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\
C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\
C:\Windows\assembly\GAC_32\Microsoft.Office.BusinessData\backup.exe
C:\Windows\assembly\GAC_32\Microsoft.Office.BusinessData\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Office.BusinessData\
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Americana\backup.exe
"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Americana\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Americana\
C:\Program Files\VideoLAN\VLC\locale\ga\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\ga\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ga\
C:\Windows\assembly\GAC_32\Microsoft.Office.BusinessData\14.0.0.0__71e9bce111e9429c\backup.exe
C:\Windows\assembly\GAC_32\Microsoft.Office.BusinessData\14.0.0.0__71e9bce111e9429c\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Office.BusinessData\14.0.0.0__71e9bce111e9429c\
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\backup.exe
"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\
C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\
C:\Windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\backup.exe
C:\Windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\
C:\Program Files\VideoLAN\VLC\locale\gd\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\gd\backup.exe" C:\Program Files\VideoLAN\VLC\locale\gd\
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\backup.exe
"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\
C:\Windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\14.0.0.0__71e9bce111e9429c\backup.exe
C:\Windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\14.0.0.0__71e9bce111e9429c\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\14.0.0.0__71e9bce111e9429c\
C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\
C:\Windows\assembly\GAC_32\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\backup.exe
C:\Windows\assembly\GAC_32\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\backup.exe
"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\
C:\Windows\assembly\GAC_32\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\6.1.0.0__31bf3856ad364e35\backup.exe
C:\Windows\assembly\GAC_32\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\6.1.0.0__31bf3856ad364e35\
C:\Program Files\VideoLAN\VLC\locale\gl\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\gl\backup.exe" C:\Program Files\VideoLAN\VLC\locale\gl\
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\backup.exe
"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\
C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\
C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\backup.exe
C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\backup.exe C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Desert\backup.exe
"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Desert\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Desert\
C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\14.0.0.0__71e9bce111e9429c\backup.exe
C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\14.0.0.0__71e9bce111e9429c\backup.exe C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\14.0.0.0__71e9bce111e9429c\
C:\Program Files\VideoLAN\VLC\locale\gu\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\gu\backup.exe" C:\Program Files\VideoLAN\VLC\locale\gu\
C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\
C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\backup.exe
C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\GrayCheck\backup.exe
"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\GrayCheck\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\GrayCheck\
C:\Program Files\VideoLAN\VLC\locale\he\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\he\backup.exe" C:\Program Files\VideoLAN\VLC\locale\he\
C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\backup.exe
C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Lime\backup.exe
"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Lime\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Lime\
C:\Windows\assembly\GAC_32\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\backup.exe
C:\Windows\assembly\GAC_32\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\backup.exe C:\Windows\assembly\GAC_32\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Oasis\backup.exe
"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Oasis\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Oasis\
C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\update.exe
"C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\update.exe" C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\
C:\Windows\assembly\GAC_32\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\8.0.0.0__b03f5f7f11d50a3a\update.exe
C:\Windows\assembly\GAC_32\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\8.0.0.0__b03f5f7f11d50a3a\update.exe C:\Windows\assembly\GAC_32\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\8.0.0.0__b03f5f7f11d50a3a\
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Slate\backup.exe
"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Slate\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Slate\
C:\Program Files\VideoLAN\VLC\locale\hi\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\hi\backup.exe" C:\Program Files\VideoLAN\VLC\locale\hi\
C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\backup.exe
C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SoftBlue\backup.exe
"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SoftBlue\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SoftBlue\
C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\backup.exe
C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\
C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\
C:\Windows\assembly\GAC_32\MSBuild\backup.exe
C:\Windows\assembly\GAC_32\MSBuild\backup.exe C:\Windows\assembly\GAC_32\MSBuild\
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\backup.exe
"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\
C:\Program Files\VideoLAN\VLC\locale\hr\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\hr\backup.exe" C:\Program Files\VideoLAN\VLC\locale\hr\
C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\backup.exe
C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\backup.exe C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SpringGreen\backup.exe
"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SpringGreen\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SpringGreen\
C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\System Restore.exe
"C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\System Restore.exe" C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\STS2\backup.exe
"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\STS2\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\STS2\
C:\Windows\assembly\GAC_32\mscorlib\data.exe
C:\Windows\assembly\GAC_32\mscorlib\data.exe C:\Windows\assembly\GAC_32\mscorlib\
C:\Program Files\VideoLAN\VLC\locale\hu\data.exe
"C:\Program Files\VideoLAN\VLC\locale\hu\data.exe" C:\Program Files\VideoLAN\VLC\locale\hu\
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl\backup.exe
"C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl\
C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\backup.exe
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\backup.exe C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\
C:\Program Files\VideoLAN\VLC\locale\hy\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\hy\backup.exe" C:\Program Files\VideoLAN\VLC\locale\hy\
C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\backup.exe
"C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\
C:\Windows\assembly\GAC_32\napcrypt\backup.exe
C:\Windows\assembly\GAC_32\napcrypt\backup.exe C:\Windows\assembly\GAC_32\napcrypt\
C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\
C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\backup.exe
"C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\
C:\Windows\assembly\GAC_32\napcrypt\6.1.0.0__31bf3856ad364e35\backup.exe
C:\Windows\assembly\GAC_32\napcrypt\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\napcrypt\6.1.0.0__31bf3856ad364e35\
C:\Program Files\VideoLAN\VLC\locale\id\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\id\backup.exe" C:\Program Files\VideoLAN\VLC\locale\id\
C:\Program Files (x86)\Microsoft Office\Office14\1033\QuickStyles\backup.exe
"C:\Program Files (x86)\Microsoft Office\Office14\1033\QuickStyles\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1033\QuickStyles\
C:\Windows\assembly\GAC_32\naphlpr\System Restore.exe
"C:\Windows\assembly\GAC_32\naphlpr\System Restore.exe" C:\Windows\assembly\GAC_32\naphlpr\
C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\
C:\Program Files (x86)\Microsoft Office\Office14\1036\backup.exe
"C:\Program Files (x86)\Microsoft Office\Office14\1036\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\1036\
C:\Windows\assembly\GAC_32\naphlpr\6.1.0.0__31bf3856ad364e35\backup.exe
C:\Windows\assembly\GAC_32\naphlpr\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\naphlpr\6.1.0.0__31bf3856ad364e35\
C:\Program Files (x86)\Microsoft Office\Office14\3082\backup.exe
"C:\Program Files (x86)\Microsoft Office\Office14\3082\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\3082\
C:\Program Files\VideoLAN\VLC\locale\ie\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\ie\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ie\
C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\System Restore.exe
"C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\System Restore.exe" C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\
C:\Program Files (x86)\Microsoft Office\Office14\AccessWeb\backup.exe
"C:\Program Files (x86)\Microsoft Office\Office14\AccessWeb\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\AccessWeb\
C:\Program Files\VideoLAN\VLC\locale\ie\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\ie\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ie\LC_MESSAGES\
C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\backup.exe
C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\
C:\Program Files\VideoLAN\VLC\locale\is\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\is\backup.exe" C:\Program Files\VideoLAN\VLC\locale\is\
C:\Program Files (x86)\Microsoft Office\Office14\ACCWIZ\System Restore.exe
"C:\Program Files (x86)\Microsoft Office\Office14\ACCWIZ\System Restore.exe" C:\Program Files (x86)\Microsoft Office\Office14\ACCWIZ\
C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\
C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\backup.exe
C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\backup.exe C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\
C:\Program Files\VideoLAN\VLC\locale\it\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\it\backup.exe" C:\Program Files\VideoLAN\VLC\locale\it\
C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\backup.exe
"C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\
C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\
C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\backup.exe
C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\
C:\Program Files\VideoLAN\VLC\locale\ja\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\ja\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ja\
C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\backup.exe
"C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\
C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\backup.exe
C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\backup.exe C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\
C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\
C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\backup.exe
C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\
C:\Program Files\VideoLAN\VLC\locale\ka\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\ka\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ka\
C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Sort\backup.exe
"C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Sort\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Sort\
C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\backup.exe
C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\backup.exe C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\
C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\backup.exe
"C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\backup.exe" C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\
C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\backup.exe
"C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\backup.exe" C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\
C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\backup.exe
C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\backup.exe C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\
Network
Files
memory/2464-0-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2464-7-0x0000000000810000-0x0000000000811000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\temp.zip
| MD5 | 76cdb2bad9582d23c1f6f4d868218d6c |
| SHA1 | b04f3ee8f5e43fa3b162981b50bb72fe1acabb33 |
| SHA256 | 8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85 |
| SHA512 | 5e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f |
C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\temp.zip
| MD5 | bb7ddc5a0e5bf2e8df7d604a6604aa5e |
| SHA1 | 6caf7ba1f25945149cbe8a3d68ed030663f79a30 |
| SHA256 | d9290983aaa1fcf0b58f7940de4ff93d717f2729d94e269f274ab1e54e938c89 |
| SHA512 | 99d2a0c874caf4c3914131f4f8e116cd1df2fb9afecc0cda7eba5657066655e2f1fa69613954d55bf3944f646d2233f4308d3083f71c5a91103ba0fa305cdd8e |
C:\backup.exe
| MD5 | bfe077ecdd6fce40a22d10f3fd893593 |
| SHA1 | 63427270f8261e1dd3a305c2bdb4b63f33276c10 |
| SHA256 | 8bcd26d7095cf4b638f89fab876695093bc13c1584e669b8f6b4cefbd91c7e08 |
| SHA512 | aac199e8c2d9367a88a9c0fbbd9f4d11d566d336d76cb335197bfecf7a861f0963230cca851627aaeb02ed3db75dd53d7077a90d0c2284eaa0acd3fc03622187 |
memory/2464-25-0x00000000026D0000-0x00000000026E5000-memory.dmp
\PerfLogs\backup.exe
| MD5 | 158488438e73a03cf9bba81a9e1e8cb2 |
| SHA1 | c6cf9b0de1620489dee8b2cdcbb8c1538f13beec |
| SHA256 | 8912d62f2a84bfd7388c9e22831cc1a6011f5239ea264b58a615db37d16b4ccd |
| SHA512 | 2737f3aac21fe355105f2273735e1bc32c16ff3b85beea9df278eb007309155a7b2add435e759f9acd5f447b2c1756bd9303bd58950db162936c81d76952d24d |
memory/2768-38-0x00000000002E0000-0x00000000002F5000-memory.dmp
\PerfLogs\Admin\backup.exe
| MD5 | 2d3ed7e323e33c9ec9690f52911e1ee9 |
| SHA1 | ad6244b0b3e7355567fb95eb360af8497700d226 |
| SHA256 | 8a597fb653719148aa5b85bc4834ca379255c6742d2deaba09065fabe6410a3d |
| SHA512 | 2a5d56f75fc13c4fae900744d8867f39cbbe8e52a989054498051a841b2ac36a5b28fa68d5b0a3c6fb20110c14efd91297eff00d37441d101319d5dad5709bdc |
memory/1448-50-0x0000000000320000-0x0000000000335000-memory.dmp
memory/1448-51-0x0000000000320000-0x0000000000335000-memory.dmp
memory/2464-57-0x0000000000810000-0x0000000000811000-memory.dmp
memory/1448-55-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2664-65-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2768-64-0x00000000002E0000-0x00000000002F5000-memory.dmp
memory/2664-77-0x0000000000360000-0x0000000000375000-memory.dmp
memory/2664-78-0x0000000000360000-0x0000000000375000-memory.dmp
\Program Files\7-Zip\Lang\backup.exe
| MD5 | 1a57298688d6ad84163fecabd3f9f485 |
| SHA1 | 5c8ac12f2a43a098c947fa00633992a31e4744fe |
| SHA256 | d45402b218ffe4a721045a8b3aea1159b4040e9b5dbfcd832f5a928e367d2f69 |
| SHA512 | 2bf0824bb8caa3f40214d74a1b7a16a4fe60f53ef8ad0b2e2bbf7a762d8dbe44154a52e9d221dedfab50838c7340a0495659dab14d5b8fdb5aac682ce71cd778 |
memory/2224-89-0x0000000001D70000-0x0000000001D85000-memory.dmp
memory/1572-94-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2664-103-0x0000000000360000-0x0000000000375000-memory.dmp
memory/2224-97-0x0000000000400000-0x0000000000415000-memory.dmp
memory/1720-115-0x0000000000390000-0x00000000003A5000-memory.dmp
\Program Files\Common Files\Microsoft Shared\Filters\backup.exe
| MD5 | 93395f1c6eae43b99875552478fae56e |
| SHA1 | 44b93938ec9b3440081d428737ed5f507e6e9f41 |
| SHA256 | ffdf67d439e9f3a37c420c8c22cc0d46dfce7fb9372720a5a8fdaa7d6960eb66 |
| SHA512 | 72545398191df41d43428215a0384e5b1dcfdbb57f9b355738dcccf57e07dc63823d02158d2ddf3f7eb4017382dcae33768ecf747d919e92a8de0e2a893714ba |
memory/1960-128-0x0000000000310000-0x0000000000325000-memory.dmp
memory/1960-127-0x0000000000310000-0x0000000000325000-memory.dmp
\Program Files\Common Files\Microsoft Shared\ink\backup.exe
| MD5 | 18138b51bfcfb611986515843b84339a |
| SHA1 | 3248b6951789f79348913cd3e5f1dff4c3da5cef |
| SHA256 | 5c0be8f1318b70bc01c71be24928d69c59420aad7846b30e4d73646acf59c1e5 |
| SHA512 | 5262799167b693bcb8b4558844d23225d97b1a3ad8b475ba1da94f3384b148cb2f06583cdaf4fb770d83656874ea919aed8fb62b9cc01347237ee95db1402621 |
memory/1960-140-0x0000000000310000-0x0000000000325000-memory.dmp
memory/2984-133-0x0000000000400000-0x0000000000415000-memory.dmp
\Program Files\Common Files\Microsoft Shared\ink\ar-SA\backup.exe
| MD5 | 747a64f317d99024ed51b46240e5c102 |
| SHA1 | 216b58459efe8f5e0770b097559ab3c8e15e7d9f |
| SHA256 | 03787efda57ae549bf5515b88d644a8cad594feae11f740f064c063763d070f7 |
| SHA512 | 16a6e230dfbcb6620e1acbf97b59a0679a13b47f071e3454d40549ee8f555539afc8d126bbad172ab593621447802b5899590547501a3d63f6d3a20afbce7ed9 |
memory/2384-152-0x00000000005B0000-0x00000000005C5000-memory.dmp
memory/2372-158-0x0000000000400000-0x0000000000415000-memory.dmp
memory/1252-173-0x0000000000400000-0x0000000000415000-memory.dmp
memory/588-180-0x0000000000400000-0x0000000000415000-memory.dmp
memory/1420-189-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2384-197-0x00000000005B0000-0x00000000005C5000-memory.dmp
memory/2360-203-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2384-209-0x00000000005B0000-0x00000000005C5000-memory.dmp
memory/1944-213-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2384-221-0x00000000005B0000-0x00000000005C5000-memory.dmp
memory/2384-220-0x00000000005B0000-0x00000000005C5000-memory.dmp
memory/2384-234-0x00000000005B0000-0x00000000005C5000-memory.dmp
memory/316-228-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2608-238-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2384-246-0x00000000005B0000-0x00000000005C5000-memory.dmp
memory/1748-259-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2384-264-0x00000000005B0000-0x00000000005C5000-memory.dmp
memory/2384-273-0x00000000005B0000-0x00000000005C5000-memory.dmp
memory/2384-272-0x00000000005B0000-0x00000000005C5000-memory.dmp
memory/800-282-0x00000000003E0000-0x00000000003F5000-memory.dmp
memory/800-281-0x00000000003E0000-0x00000000003F5000-memory.dmp
memory/800-292-0x00000000003E0000-0x00000000003F5000-memory.dmp
memory/2316-291-0x0000000000400000-0x0000000000415000-memory.dmp
memory/800-290-0x00000000003E0000-0x00000000003F5000-memory.dmp
memory/800-301-0x00000000003E0000-0x00000000003F5000-memory.dmp
memory/1188-300-0x0000000000400000-0x0000000000415000-memory.dmp
memory/868-306-0x0000000000400000-0x0000000000415000-memory.dmp
memory/800-310-0x00000000003E0000-0x00000000003F5000-memory.dmp
memory/2232-314-0x0000000000400000-0x0000000000415000-memory.dmp
memory/800-319-0x00000000003E0000-0x00000000003F5000-memory.dmp
memory/800-327-0x00000000003E0000-0x00000000003F5000-memory.dmp
memory/1580-328-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2180-332-0x0000000000400000-0x0000000000415000-memory.dmp
memory/800-337-0x00000000003E0000-0x00000000003F5000-memory.dmp
memory/2152-345-0x0000000000400000-0x0000000000415000-memory.dmp
memory/800-354-0x00000000003E0000-0x00000000003F5000-memory.dmp
memory/2868-350-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2960-358-0x0000000000400000-0x0000000000415000-memory.dmp
memory/800-359-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2384-365-0x00000000005B0000-0x00000000005C5000-memory.dmp
memory/2464-361-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2464-373-0x00000000026D0000-0x00000000026E5000-memory.dmp
memory/2464-374-0x00000000026D0000-0x00000000026E5000-memory.dmp
memory/2768-382-0x0000000000400000-0x0000000000415000-memory.dmp
memory/1796-386-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2384-391-0x00000000005B0000-0x00000000005C5000-memory.dmp
memory/1856-400-0x0000000000400000-0x0000000000415000-memory.dmp
memory/1952-396-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2276-408-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2664-410-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2768-409-0x00000000002E0000-0x00000000002F5000-memory.dmp
memory/1376-415-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2384-420-0x00000000005B0000-0x00000000005C5000-memory.dmp
memory/2664-419-0x0000000000360000-0x0000000000375000-memory.dmp
memory/2384-428-0x00000000005B0000-0x00000000005C5000-memory.dmp
memory/1720-437-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2208-436-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2204-441-0x0000000000400000-0x0000000000415000-memory.dmp
memory/1720-443-0x0000000000390000-0x00000000003A5000-memory.dmp
memory/1960-447-0x0000000000400000-0x0000000000415000-memory.dmp
memory/1960-455-0x0000000000310000-0x0000000000325000-memory.dmp
memory/2384-462-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2384-464-0x00000000005B0000-0x00000000005C5000-memory.dmp
memory/2384-479-0x00000000005B0000-0x00000000005C5000-memory.dmp
memory/1592-494-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2364-502-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2384-503-0x00000000005B0000-0x00000000005C5000-memory.dmp
memory/2384-511-0x00000000005B0000-0x00000000005C5000-memory.dmp
memory/2384-520-0x00000000005B0000-0x00000000005C5000-memory.dmp
memory/2536-515-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2528-524-0x0000000000400000-0x0000000000415000-memory.dmp
memory/1632-536-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2384-552-0x00000000005B0000-0x00000000005C5000-memory.dmp
memory/2384-551-0x00000000005B0000-0x00000000005C5000-memory.dmp
memory/1068-555-0x0000000000400000-0x0000000000415000-memory.dmp
memory/940-2345-0x0000000000220000-0x0000000000230000-memory.dmp
memory/804-2414-0x0000000000250000-0x0000000000260000-memory.dmp
memory/1760-2473-0x0000000000020000-0x0000000000035000-memory.dmp
memory/592-2560-0x0000000000250000-0x0000000000260000-memory.dmp
memory/2360-2620-0x0000000000230000-0x0000000000240000-memory.dmp
memory/1728-2842-0x0000000000300000-0x0000000000310000-memory.dmp
memory/1876-3360-0x0000000000220000-0x0000000000230000-memory.dmp
memory/988-3975-0x0000000000220000-0x0000000000230000-memory.dmp
memory/1124-4208-0x00000000001B0000-0x00000000001C0000-memory.dmp
memory/2680-4275-0x00000000002A0000-0x00000000002B0000-memory.dmp
memory/2680-4276-0x00000000002A0000-0x00000000002B0000-memory.dmp
memory/2208-4438-0x0000000000230000-0x0000000000240000-memory.dmp
memory/1736-4567-0x00000000001B0000-0x00000000001C0000-memory.dmp
memory/2848-4622-0x0000000000220000-0x0000000000230000-memory.dmp
memory/2684-4636-0x0000000000230000-0x0000000000240000-memory.dmp
memory/896-4748-0x0000000000220000-0x0000000000230000-memory.dmp
memory/896-4744-0x0000000000220000-0x0000000000230000-memory.dmp
memory/2372-4762-0x0000000000260000-0x0000000000270000-memory.dmp
memory/1684-4828-0x0000000000220000-0x0000000000230000-memory.dmp
memory/2148-5124-0x0000000000220000-0x0000000000230000-memory.dmp
memory/2148-5123-0x0000000000220000-0x0000000000230000-memory.dmp
memory/2148-5405-0x0000000000260000-0x0000000000270000-memory.dmp
memory/2148-5404-0x0000000000260000-0x0000000000270000-memory.dmp
memory/2820-5494-0x00000000003D0000-0x00000000003E0000-memory.dmp
memory/2304-5550-0x00000000001B0000-0x00000000001C0000-memory.dmp
memory/1424-5564-0x00000000001B0000-0x00000000001C0000-memory.dmp
memory/2844-5776-0x0000000000220000-0x0000000000230000-memory.dmp
memory/2168-5866-0x0000000000220000-0x0000000000230000-memory.dmp
memory/2168-5864-0x0000000000220000-0x0000000000230000-memory.dmp
memory/2200-5922-0x00000000001E0000-0x00000000001F0000-memory.dmp
memory/2216-5961-0x00000000001B0000-0x00000000001C0000-memory.dmp
memory/2216-5960-0x00000000001B0000-0x00000000001C0000-memory.dmp
memory/988-6003-0x00000000001B0000-0x00000000001C0000-memory.dmp
memory/988-6001-0x00000000001B0000-0x00000000001C0000-memory.dmp
memory/272-6109-0x0000000000220000-0x0000000000230000-memory.dmp
memory/1416-6155-0x0000000000220000-0x0000000000230000-memory.dmp
memory/2180-6227-0x00000000001B0000-0x00000000001C0000-memory.dmp
memory/1912-6319-0x00000000001E0000-0x00000000001F0000-memory.dmp
memory/1700-6459-0x0000000000260000-0x0000000000270000-memory.dmp
memory/2716-6571-0x00000000001B0000-0x00000000001C0000-memory.dmp
memory/2716-6572-0x00000000001B0000-0x00000000001C0000-memory.dmp
memory/2248-6655-0x00000000001B0000-0x00000000001C0000-memory.dmp
memory/2248-6656-0x00000000001B0000-0x00000000001C0000-memory.dmp
memory/1700-6728-0x0000000000220000-0x0000000000230000-memory.dmp
memory/2648-6726-0x0000000000230000-0x0000000000240000-memory.dmp
memory/2648-6725-0x0000000000230000-0x0000000000240000-memory.dmp
memory/996-6934-0x0000000000220000-0x0000000000230000-memory.dmp
memory/2752-7062-0x00000000001B0000-0x00000000001C0000-memory.dmp
memory/2752-7063-0x00000000001B0000-0x00000000001C0000-memory.dmp
memory/2932-7089-0x00000000003B0000-0x00000000003C0000-memory.dmp
memory/2932-7090-0x00000000003B0000-0x00000000003C0000-memory.dmp
memory/996-7201-0x0000000000220000-0x0000000000230000-memory.dmp
memory/996-7202-0x0000000000220000-0x0000000000230000-memory.dmp
memory/1524-7216-0x0000000000220000-0x0000000000230000-memory.dmp
memory/2676-7315-0x0000000000220000-0x0000000000230000-memory.dmp
memory/1804-7299-0x0000000000220000-0x0000000000230000-memory.dmp
memory/2676-7314-0x0000000000220000-0x0000000000230000-memory.dmp
memory/1804-7300-0x0000000000220000-0x0000000000230000-memory.dmp
memory/2096-7465-0x00000000001B0000-0x00000000001C0000-memory.dmp
memory/2096-7466-0x00000000001B0000-0x00000000001C0000-memory.dmp
Analysis: behavioral16
Detonation Overview
Submitted
2024-11-16 22:34
Reported
2024-11-16 22:37
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
153s
Command Line
Signatures
Detects MyDoom family
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
MyDoom
Mydoom family
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\services.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Flyagent.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" | C:\Windows\services.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Flyagent.exe | N/A |
| File created | C:\Windows\java.exe | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Flyagent.exe | N/A |
| File created | C:\Windows\services.exe | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Flyagent.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Flyagent.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\services.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2468 wrote to memory of 2344 | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Flyagent.exe | C:\Windows\services.exe |
| PID 2468 wrote to memory of 2344 | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Flyagent.exe | C:\Windows\services.exe |
| PID 2468 wrote to memory of 2344 | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Flyagent.exe | C:\Windows\services.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Flyagent.exe
"C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\Flyagent.exe"
C:\Windows\services.exe
"C:\Windows\services.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 10.0.77.20:1034 | tcp | |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| N/A | 172.16.1.116:1034 | tcp | |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| N/A | 172.16.1.5:1034 | tcp | |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| N/A | 10.6.70.182:1034 | tcp | |
| N/A | 172.16.1.126:1034 | tcp | |
| US | 8.8.8.8:53 | 134.130.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| N/A | 172.16.1.116:1034 | tcp | |
| US | 8.8.8.8:53 | m-ou.se | udp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | acm.org | udp |
| GB | 64.233.166.27:25 | aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | mail.mailroute.net | udp |
| US | 8.8.8.8:53 | cs.stanford.edu | udp |
| US | 199.89.1.120:25 | mail.mailroute.net | tcp |
| US | 8.8.8.8:53 | smtp1.cs.stanford.edu | udp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | mx.burtleburtle.net | udp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| US | 65.254.254.50:25 | mx.burtleburtle.net | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 8.8.8.8:53 | alumni-caltech-edu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 52.101.41.24:25 | alumni-caltech-edu.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | gzip.org | udp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | search.lycos.com | udp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.100.82.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.254.202.209.in-addr.arpa | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| GB | 88.221.134.89:80 | r11.o.lencr.org | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | 89.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.21.192.23.in-addr.arpa | udp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | www.altavista.com | udp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| N/A | 10.150.78.55:1034 | tcp | |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:80 | search.lycos.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| US | 209.202.254.10:443 | search.lycos.com | tcp |
| IE | 212.82.100.137:443 | www.altavista.com | tcp |
| IE | 212.82.100.137:80 | www.altavista.com | tcp |
| US | 171.64.64.25:25 | smtp1.cs.stanford.edu | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| GB | 172.217.16.228:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | alt2.aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | acm.org | udp |
| DE | 142.251.9.27:25 | alt2.aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | smtp2.cs.stanford.edu | udp |
| US | 104.17.79.30:25 | acm.org | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 171.64.64.26:25 | smtp2.cs.stanford.edu | tcp |
| US | 8.8.8.8:53 | burtleburtle.net | udp |
| US | 65.254.227.224:25 | burtleburtle.net | tcp |
| US | 8.8.8.8:53 | alumni.caltech.edu | udp |
| US | 204.13.239.180:25 | alumni.caltech.edu | tcp |
| US | 85.187.148.2:25 | gzip.org | tcp |
| N/A | 10.218.249.159:1034 | tcp | |
| US | 8.8.8.8:53 | 25.73.42.20.in-addr.arpa | udp |
Files
memory/2468-0-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2344-5-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Windows\services.exe
| MD5 | b0fe74719b1b647e2056641931907f4a |
| SHA1 | e858c206d2d1542a79936cb00d85da853bfc95e2 |
| SHA256 | bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c |
| SHA512 | 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2 |
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2468-13-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2344-15-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2344-16-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2344-21-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2344-26-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2344-28-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2344-33-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2344-38-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2344-40-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2344-45-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2344-50-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2344-52-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2468-56-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2344-57-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2468-61-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2344-62-0x0000000000400000-0x0000000000408000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zincite.log
| MD5 | b81234702ac98fd7bf1d6f339b41f86a |
| SHA1 | 4d3eaaefa21cba6898c8f4ec0fe3ca8179a2b000 |
| SHA256 | 7958cdc163d3c3ade4fd7c03cb71eb978e41ee39227359cffef8c835b4941f98 |
| SHA512 | a146d5c77f2b5d2a649b9195ac05b2a85afb45a2e8d4986dfdd7a470e2078b471e16560df00d5a78c45f48a7dbaff916c818523cb61d5c961b32de5e8c8ceb54 |
C:\Users\Admin\AppData\Local\Temp\tmp9DAD.tmp
| MD5 | 243961aa882e8f8c4d0e18e2a9f4ead5 |
| SHA1 | 811759a7bd2f4fc1dc75d8562ee4dd2e370d6097 |
| SHA256 | 29d5fc260625d0898f2898b073d9df7560a4565bf0240dfc42f304731bc54e3a |
| SHA512 | f779f0907822ea2a91faceaff840d7114200a7c9bb9efad956828b2d85907a4156570dfa3db4c898290b8f9c3aa96fc5206f4b72280f9e2acb224ddd9a1f9e29 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PTWQX4L2\search[1].htm
| MD5 | 8ba61a16b71609a08bfa35bc213fce49 |
| SHA1 | 8374dddcc6b2ede14b0ea00a5870a11b57ced33f |
| SHA256 | 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1 |
| SHA512 | 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1 |
memory/2468-153-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2344-154-0x0000000000400000-0x0000000000408000-memory.dmp
memory/2468-174-0x0000000000500000-0x0000000000510200-memory.dmp
memory/2344-175-0x0000000000400000-0x0000000000408000-memory.dmp
Analysis: behavioral21
Detonation Overview
Submitted
2024-11-16 22:34
Reported
2024-11-16 22:37
Platform
win7-20240903-en
Max time kernel
122s
Max time network
126s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\sfx1\_bbg.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MulDrop.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MulDrop.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\sfx1\_bbg.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\sfx1\_bbg.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 352 wrote to memory of 2024 | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MulDrop.exe | C:\Users\Admin\AppData\Local\Temp\sfx1\_bbg.exe |
| PID 352 wrote to memory of 2024 | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MulDrop.exe | C:\Users\Admin\AppData\Local\Temp\sfx1\_bbg.exe |
| PID 352 wrote to memory of 2024 | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MulDrop.exe | C:\Users\Admin\AppData\Local\Temp\sfx1\_bbg.exe |
| PID 352 wrote to memory of 2024 | N/A | C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MulDrop.exe | C:\Users\Admin\AppData\Local\Temp\sfx1\_bbg.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MulDrop.exe
"C:\Users\Admin\AppData\Local\Temp\17-10-2024 #20\MulDrop.exe"
C:\Users\Admin\AppData\Local\Temp\sfx1\_bbg.exe
C:\Users\Admin\AppData\Local\Temp\sfx1\_bbg.exe /sfxv:3.1
Network
Files
\Users\Admin\AppData\Local\Temp\sfx1\_bbg.exe
| MD5 | f7a897d1732db96df3339644257ffdf5 |
| SHA1 | ff844b877dea6f74978067c606c6ef4b161e9afc |
| SHA256 | 7761b022a2f03d7965c189d28a7c5cfc773e691a4dd20af23ed8ec2b73c9e199 |
| SHA512 | 0958e6ad3925178a5ff67f174b1f29f510c84a99840b8d97f0538f625666baa6363bfdedc66f2d2d8b566c36b192cd39d5984738675a59ad153db5871789f8d9 |
\??\c:\Users\Admin\AppData\Local\Temp\sfx1\BB40eng.dix
| MD5 | a8ffd569876199f144568bb7767d2b6f |
| SHA1 | 517dc551ba76d5565a4b2dac49951073553af265 |
| SHA256 | 845bdef261b041fddd45a44b3b05b52bd16d4b9f423b5e52654a168452ec2930 |
| SHA512 | 5abd433d8f97ce5a3686333ced77c0e5cc02147874fdecb08c3b2352b9840b3ac4dccfae242fdf0f8a5e5a41c4ba64f9dd9c840b9fd4a2607e656d6f60fbc473 |
\??\c:\Users\Admin\AppData\Local\Temp\sfx1\tex_def.jpg
| MD5 | 8a8fa3d4bcbaa146d6d992cb41a17cb6 |
| SHA1 | ba029352f097f5091cbe7edd16f596f0e648472d |
| SHA256 | 03a9b3d2b445a8e4aeae2076c550d6acff401cbc331d29928ab4a33e0e7fda0a |
| SHA512 | c776834e5613a62a3361a82c9c5cf1bef8e6c1f774a696315c05c2f17e13a3cc30db167b7696f57c134a232efc7e0feb2f8dc9a91522b4aee9b6417acba8dc80 |
\??\c:\users\admin\appdata\local\temp\sfx1\bbgift.puz
| MD5 | 200648833c230b76686bda1c0df905e5 |
| SHA1 | 85f83493ecdd04dcce193f710b39a8475474e084 |
| SHA256 | a6e044bf66f82c2f2e669f7402704a16a35e5703c25fc2deafb077976e677934 |
| SHA512 | d61808f1c408a047646ed9fd49785f99dead9a601b28df17fb72c79ffb468d3898c4176364dd46b0b825415406271269fb49afd0d4bbc2993c349a4e78d5e68c |