| description | ioc | process |
|---|
| File opened for modification | C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\bbbbd997a1621cf1e739f922fe653459\Accessibility.ni.dll | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v3.5\MSBuild.exe | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\Backup\x86_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_he-il_d3a012aba7980adc_comdlg32.dll.mui_ac8e62f4 | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\FileMaps\$$_system32_ime_imekr8_dicts_4b36d5aba5194cae.cdf-ms | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-iis-metabase_31bf3856ad364e35_6.1.7601.17514_none_9757fd443892abe7\metadata.dll | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-netshell_31bf3856ad364e35_6.1.7601.17514_none_33a9704224aa536e\office_32.bin | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_6.1.7600.16385_none_70644a8bdb0d9303_app857.fon_e51c02f4 | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\Manifests\amd64_microsoft-windows-u..oyment-languagepack_31bf3856ad364e35_7.1.7601.16492_zh-cn_d19f8e0194d8706a.manifest | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\webAdmin.master | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\App_LocalResources\default.aspx.resx | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\servicing\Packages\Package_1_for_KB2872035~31bf3856ad364e35~amd64~~6.1.1.0.mum | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\servicing\Packages\Server-Help-Package.ClientUltimate~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\Manifests\amd64_netrtx64.inf_31bf3856ad364e35_6.1.7600.16385_none_aa7bee9a02fd3a89.manifest | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-g..-currency.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2d7749943fcc6ea3\gadget.xml | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..converter.resources_31bf3856ad364e35_8.0.7600.16385_en-us_659f28693168f6d9.manifest | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\x86_microsoft-windows-m..ents-mdac-oledb-jvs_31bf3856ad364e35_6.1.7600.16385_none_f4451c405d22eaee\oledbjvs.inc | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\Manifests\wow64_microsoft-windows-iis-w3svc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d682417a74f73fad.manifest | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\Manifests\wow64_microsoft-windows-installer-engine_31bf3856ad364e35_6.1.7601.17514_none_6bf52decfe850b3d.manifest | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\Manifests\x86_microsoft-windows-accessibilitycpl_31bf3856ad364e35_6.1.7601.17514_none_5b652abeb21da986.manifest | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-m..ntationsettings-adm_31bf3856ad364e35_6.1.7600.16385_none_beb16d1f6f065720\MobilePCPresentationSettings.admx | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_he-il_f7a58af1e8c52611\tipresx.dll.mui | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\amd64_prnin003.inf_31bf3856ad364e35_6.1.7600.16385_none_11a5503ce5abb7ec\Amd64\IF60006.GPD | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_6.1.7600.16385_none_59590e92c817a4e0_vga866.fon_08f91131 | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\amd64_prnhp003.inf_31bf3856ad364e35_6.1.7600.16385_none_2fd781a76c9dcc13\Amd64\hpoa820t.gpd | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\servicing\Packages\Package_for_KB4019990_RTM~31bf3856ad364e35~amd64~~6.1.1.2.mum | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-speechcommonnoia64_31bf3856ad364e35_6.1.7600.16385_none_5e9e78a6dd413413\sapisvr.exe | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\Manifests\amd64_microsoft-windows-w..ion-twaincomponents_31bf3856ad364e35_6.1.7600.16385_none_e52725ef75e1ac75.manifest | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\Manifests\wow64_microsoft-windows-n..essprotection-agent_31bf3856ad364e35_6.1.7601.17514_none_6f12e4df3881433f.manifest | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-uianimation.resources_31bf3856ad364e35_7.1.7601.16492_en-us_26c646437cfad63b\UIAnimation.dll.mui | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\Manifests\x86_microsoft-windows-netutils_31bf3856ad364e35_6.1.7601.17514_none_3220778aa85afd05.manifest | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\x86_microsoft-windows-m..xe-common.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5b98d9b84461de76\msinfo32.exe.mui | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_655452efe0fb810b\drvstore.dll | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\Backup\wow64_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.1.7601.17514_none_da00ad1949e715ad_perfhost.exe_df3332ad | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\Manifests\amd64_win7-microsoft-wind..oyment-languagepack_31bf3856ad364e35_7.1.7601.16492_hu-hu_71ce306e4cce182c.manifest | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\Catalogs\88b03fe13d2710ad787d5d96cd0e5cbeda3a61c2a0a2bdc0c0984a48365242e2.cat | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\Manifests\wow64_microsoft-windows-i..-wow64-setupdll0012_31bf3856ad364e35_6.1.7600.16385_none_4a948a3cc9a258d5.manifest | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\Manifests\x86_microsoft-windows-m..codepage-translator_31bf3856ad364e35_6.1.7600.16385_none_9f1126b3087c2a1e.manifest | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.DataSetExtensions.dll | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Http.dll | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-ciphersuiteorder-adm_31bf3856ad364e35_6.1.7600.16385_none_5094a717453be501\CipherSuiteOrder.admx | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\Backup\amd64_microsoft-windows-mprmsg_31bf3856ad364e35_6.1.7600.16385_none_6f82e5f16d1409ef_mprmsg.dll_6fff912a | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\Catalogs\0912a4aa2c0469dcf1aaedcd5b3ecfd0a0da1ccb806570a23bb8d1f098333410.cat | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\Manifests\amd64_microsoft-windows-t..aceruntimeproxystub_31bf3856ad364e35_6.1.7600.16385_none_752bb27b7805f09f.manifest | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\msil_microsoft.vsa_b03f5f7f11d50a3a_6.1.7600.16385_none_3cd6766af66d6f0e\Microsoft.Vsa.dll | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.1.7601.17514_nl-nl_02354b58460a7e0e\msimsg.dll.mui | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be\SampleRes.dll | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-winocr-ocrengines_31bf3856ad364e35_6.1.7600.16385_none_ff3a08834cc21b39\danish.lng | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7601.17514_none_a6ac5425ae72a584\USBSTOR.SYS | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\Manifests\amd64_microsoft-windows-fde.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ea7c6d7b127d845f.manifest | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\Manifests\amd64_microsoft-windows-p..oyment-languagepack_31bf3856ad364e35_6.1.7600.16385_en-us_9679a34217f441ab.manifest | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\Manifests\wow64_microsoft-windows-i..l-keyboard-00040409_31bf3856ad364e35_6.1.7600.16385_none_dd9109d87a461b48.manifest | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\diagnostics\system\Printer\TS_NoPrinterInstalled.ps1 | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-msf_31bf3856ad364e35_6.1.7600.16385_none_04782099750e6ed7\WinSync.dll | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft.powershell.dsc_31bf3856ad364e35_7.2.7601.16406_none_fd6b01d489239060\PSDesiredStateConfiguration.psm1 | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\FileMaps\programdata_microsoft_crypto_dss_machinekeys_43de8c451bf80cb4.cdf-ms | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-msf.resources_31bf3856ad364e35_6.1.7601.17514_en-us_810c155fd815ebfc\WinSync.rll.mui | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\Backup\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_6.1.7601.17514_none_2fd7b56967fc5c76_osknumpadbase.xml_7f05a37a | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\x86_microsoft-windows-gdi-painting_31bf3856ad364e35_6.1.7600.16385_none_77422e3e7d5fa732\msimg32.dll | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\amd64_prnbr005.inf_31bf3856ad364e35_6.1.7600.16385_none_4b6471420f8b03d9\Amd64\BRMF549C.GPD | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\Backup\amd64_microsoft-windows-winbio.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f7cfb58904f20330.manifest | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\Manifests\amd64_monitor.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aaddae437320dd38.manifest | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\Manifests\wow64_microsoft-windows-icm-ui_31bf3856ad364e35_6.1.7600.16385_none_a0a25363eee12f40.manifest | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\amd64_microsoft-windows-dxptasks-ringtone_31bf3856ad364e35_6.1.7601.17514_none_0cb2f60328a1fa24\DXPTaskRingtone.dll | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
| File opened for modification | C:\Windows\winsxs\Manifests\amd64_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7601.17514_none_e5c0334cfcbb6f1f.manifest | 95a0cdecb7f933ee8768acf2c04718c3d02c10d10e580bd85786252c1091706e.exe |
