| description | ioc | process |
|---|
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-oob.xrm-ms | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\sv_get.svg.id-C99AD10A.[[email protected]].NET | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\bun.png.id-C99AD10A.[[email protected]].NET | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_zh_CN.jar | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.OneConnect_2.1701.277.0_x64__8wekyb3d8bbwe\Assets\contrast-white\OneConnectAppList.targetsize-80.png | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16112.11621.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-32_contrast-black.png | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\HowToPlay\Spider\Tips_5.jpg | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub2019_eula.txt.id-C99AD10A.[[email protected]].NET | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.OneConnect_2.1701.277.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\OneConnectWideTile.scale-125.png | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\new_icons.png.id-C99AD10A.[[email protected]].NET | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\SpreadsheetIQ.Diagram.Resources.dll.id-C99AD10A.[[email protected]].NET | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File created | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Corbel.xml.id-C99AD10A.[[email protected]].NET | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\adobe_spinner_mini.gif | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-white\LargeTile.scale-200.png | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ppd.xrm-ms | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files\Common Files\System\Ole DB\sqloledb.dll | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BREEZE\THMBNAIL.PNG.id-C99AD10A.[[email protected]].NET | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\fonts\LucidaSansDemiBold.ttf.id-C99AD10A.[[email protected]].NET | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe.id-C99AD10A.[[email protected]].NET | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-oob.xrm-ms | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Flags\small\lc_16x11.png | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\en-US\delete.avi | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\progress.gif | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\msvcp120.dll.id-C99AD10A.[[email protected]].NET | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Configuration\card_security_terms_dict.txt.id-C99AD10A.[[email protected]].NET | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\SFMESSAGES.XML | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_zh_CN.jar.id-C99AD10A.[[email protected]].NET | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-white_targetsize-24.png | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-oob.xrm-ms | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LAYERS\LAYERS.INF.id-C99AD10A.[[email protected]].NET | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\jfr\profile.jfc.id-C99AD10A.[[email protected]].NET | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-oob.xrm-ms.id-C99AD10A.[[email protected]].NET | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\new_icons_retina.png.id-C99AD10A.[[email protected]].NET | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Flags\large\li_60x42.png | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_sortedby_up_hover_18.svg | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\pl-pl\ui-strings.js.id-C99AD10A.[[email protected]].NET | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul-oob.xrm-ms.id-C99AD10A.[[email protected]].NET | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ul-oob.xrm-ms.id-C99AD10A.[[email protected]].NET | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1702.333.0_x64__8wekyb3d8bbwe\Assets\TimerSmallTile.contrast-black_scale-200.png | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16112.11601.0_neutral_resources.scale-150_8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-150_contrast-black.png | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File created | C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_US\README_en_US.txt.id-C99AD10A.[[email protected]].NET | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-api.xml.id-C99AD10A.[[email protected]].NET | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-options_ja.jar.id-C99AD10A.[[email protected]].NET | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe\Assets\AppTiles\LiveTile\2px.png | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Messaging_3.26.24002.0_neutral_split.scale-150_8wekyb3d8bbwe\Assets\starttile.dualsim1.wink.scale-150.png | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\Themes\Jumbo\mask\12d.png | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\Themes\Jumbo\mask\12s.png | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1702.333.0_x64__8wekyb3d8bbwe\Assets\WorldClockWideTile.scale-200.png | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\eu-es\ui-strings.js.id-C99AD10A.[[email protected]].NET | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_ja.jar.id-C99AD10A.[[email protected]].NET | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1702.333.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-32_altform-unplated.png | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\arrow-down.gif.id-C99AD10A.[[email protected]].NET | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\plugins\rhp\editpdf-selector.js.id-C99AD10A.[[email protected]].NET | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-runtime-l1-1-0.dll.id-C99AD10A.[[email protected]].NET | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ui-strings.js.id-C99AD10A.[[email protected]].NET | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Configuration\card_terms_dict.txt | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-phn.xrm-ms.id-C99AD10A.[[email protected]].NET | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\HxMailBadge.scale-100.png | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File created | C:\Program Files\Microsoft Office\root\Office16\SAEXT.DLL.id-C99AD10A.[[email protected]].NET | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\ThemePreview\Effects\sakura.png | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\OARTODF.DLL.id-C99AD10A.[[email protected]].NET | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7ES.DLL | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\nl-nl\ui-strings.js.id-C99AD10A.[[email protected]].NET | a91157219713de5c5e716be9a4e8196e24a822cbb3367fb28887d9460bf90d30.exe |
