| description | ioc | process |
|---|
| File opened for modification | C:\Windows\Cursors\aero_ew_l.cur | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\debug\PASSWD.LOG | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\GAC_64\AuditPolicyGPManagedStubs.Interop\6.1.0.0__31bf3856ad364e35\AuditPolicyGPManagedStubs.Interop.dll | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\GAC_MSIL\system.workflow.runtime.resources\3.0.0.0_de_31bf3856ad364e35\System.Workflow.Runtime.resources.dll | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3e357e76593a8cc5346dc0431f4cdaa9\PresentationCFFRasterizer.ni.dll | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\Boot\Fonts\jpn_boot.ttf | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\3bfcfe12488f0a2285f5f08274cbc13f\UIAutomationProvider.ni.dll.aux | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\diagnostics\system\AERO\fr-FR\CL_LocalizationData.psd1 | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\GAC_MSIL\Microsoft.GroupPolicy.Reporting.Resources\2.0.0.0_de_31bf3856ad364e35\Microsoft.GroupPolicy.Reporting.Resources.dll | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\GAC_MSIL\System.Configuration.Install.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.Configuration.Install.Resources.dll | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\GAC_MSIL\system.workflow.componentmodel.resources\3.0.0.0_de_31bf3856ad364e35\System.Workflow.ComponentModel.resources.dll | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_64\LoadMxf\d09b54cd68bc772b3be3832926e940d4\LoadMxf.ni.exe | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\56ccdabce54219b23bc4b6477d98b45c\System.Data.DataSetExtensions.ni.dll | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\diagnostics\system\Networking\en-US\LocalizationData.psd1 | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\diagnostics\system\Audio\TS_LowVolume.ps1 | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\ehome\de-DE\ehmsas.exe.mui | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\ehome\mcepg.dll | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\GAC_MSIL\UIAutomationProvider.resources\3.0.0.0_fr_31bf3856ad364e35\UIAutomationProvider.resources.dll | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.GroupPoli#\0261a298f938ba71a7aab6f91dad326d\Microsoft.GroupPolicy.Reporting.ni.dll | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web\5fc5747c2c5a8c9903788db8973ea28a\System.Web.ni.dll | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\Boot\PCAT\de-DE\memtest.exe.mui | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\diagnostics\system\PCW\en-US\DiagPackage.dll.mui | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\diagnostics\system\Performance\TS_PowerMode.ps1 | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.Interop\2.0.0.0__31bf3856ad364e35\Microsoft.GroupPolicy.Interop.dll | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Con#\8d64f031cf429f4ce79642e8be267d2d\Microsoft.Build.Conversion.v3.5.ni.dll | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data86569bbf#\98a4068512ff6a2566204bc1e759b0be\System.Data.OracleClient.ni.dll | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xaml.Hosting\fd6b42e0bdca1f3ed4dfde2639e39004\System.Xaml.Hosting.ni.dll.aux | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Confe64a9051#\29e00d9446b0496db6e145d3bdfc365a\System.Configuration.Install.ni.dll | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Compba577418#\dee98e5b0e1a766ada50708c26bad1aa\System.ComponentModel.Composition.ni.dll.aux | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Wind412bbddf#\418ff63c16dbcd3fe88f72c485129eea\System.Windows.Controls.Ribbon.ni.dll.aux | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\Boot\EFI\pt-BR\bootmgfw.efi.mui | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\diagnostics\system\Device\ja-JP\CL_LocalizationData.psd1 | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\GAC_MSIL\WindowsBase.resources\3.0.0.0_ja_31bf3856ad364e35\WindowsBase.resources.dll | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\a6155c70b3df6c860303ffee7b560ade\System.EnterpriseServices.Wrapper.dll | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\5ac17cc5b92efda83e2925857f4fa655\System.Numerics.ni.dll | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt93d54979#\da2c6b516aa1681ed943b187b9c36c05\System.Runtime.DurableInstancing.ni.dll | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\a9f43923aab0d83b93cbf10ac1dfd0b5\Microsoft.MediaCenter.iTv.ni.dll | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Compba577418#\dee98e5b0e1a766ada50708c26bad1aa\System.ComponentModel.Composition.ni.dll | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Ente96d83b35#\bcab827b24e870428fcdda58e1ebec20\System.EnterpriseServices.ni.dll | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\diagnostics\system\Audio\RS_EnableInCPL.ps1 | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\GAC_MSIL\System.Data.Services.Design.resources\3.5.0.0_it_b77a5c561934e089\System.Data.Services.Design.resources.dll | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.resources\2.0.0.0_ja_b03f5f7f11d50a3a\System.DirectoryServices.Resources.dll | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\678932d0c6c5ff6417c634eea99931f0\CustomMarshalers.ni.dll | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\diagnostics\system\Performance\fr-FR\CL_LocalizationData.psd1 | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\NativeImages_v4.0.30319_64\System.AddI3d71a354#\e9b555ea0ea297aaf786f05eefd6e5a9\System.AddIn.Contract.ni.dll | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web.9c7998a9#\ab42fe6c2d968bf5eef442b19382be06\System.Web.DynamicData.Design.ni.dll.aux | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\Boot\EFI\zh-CN\bootmgr.efi.mui | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\GAC_MSIL\mcepg\6.1.0.0__31bf3856ad364e35\mcepg.dll | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_fr_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper.dll | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\GAC_MSIL\System.EnterpriseServices.resources\2.0.0.0_ja_b03f5f7f11d50a3a\System.EnterpriseServices.Resources.dll | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\154860df057d588035a8c66a65ea31e7\Microsoft.MediaCenter.Interop.ni.dll | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\diagnostics\scheduled\Maintenance\RS_AdminDiagnosticHistory.ps1 | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\diagnostics\system\Networking\es-ES\DiagPackage.dll.mui | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.resources\2.0.0.0_es_b03f5f7f11d50a3a\Microsoft.Build.Tasks.resources.dll | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\GAC_MSIL\system.io.log.resources\3.0.0.0_it_b03f5f7f11d50a3a\System.IO.Log.Resources.dll | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\GAC_MSIL\System.Web.Entity.resources\3.5.0.0_fr_b77a5c561934e089\System.Web.Entity.Resources.dll | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\Boot\PCAT\zh-TW\bootmgr.exe.mui | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
| File opened for modification | C:\Windows\assembly\GAC_MSIL\Microsoft.BusinessData\14.0.0.0__71e9bce111e9429c\Microsoft.BusinessData.dll | 6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe |
