description	ioc	process
File opened for modification	\??\c:\users\admin\appdata\roaming\microsoft\internet explorer\quick launch\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\public\libraries\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\public\videos\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\admin\searches\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\default\appdata\roaming\microsoft\internet explorer\quick launch\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\public\downloads\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\common files\microsoft shared\stationery\Desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\admin\desktop\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\admin\downloads\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\admin\favorites\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\stationery\Desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\admin\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\admin\contacts\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\public\desktop\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\admin\onedrive\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\admin\videos\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\f:\$recycle.bin\s-1-5-21-721438792-2341338383-2410509276-1000\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\$recycle.bin\s-1-5-21-721438792-2341338383-2410509276-1000\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\root\office16\1033\dataservices\DESKTOP.INI	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\public\accountpictures\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\admin\music\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\admin\pictures\camera roll\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\admin\pictures\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\admin\documents\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\admin\favorites\links\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\admin\saved games\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\public\music\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\public\pictures\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\admin\links\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\admin\pictures\saved pictures\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\public\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\public\documents\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe

description	ioc	process
File opened for modification	\??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\reviews\js\nls\hu-hu\ui-strings.js	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\common files\microsoft shared\ink\penchs.dll	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\ink\fr-fr\mip.exe.mui	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\root\office16\1033\officeinventoryagentlogon.xml	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\reference assemblies\microsoft\framework\v3.0\de\PresentationBuildTasks.resources.dll	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\images\A12_Spinner.gif	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File created	\??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\activity-badge\js\nls\hu-hu\how_to_decrypt.hta	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File created	\??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\on-boarding\js\nls\nl-nl\how_to_decrypt.hta	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\root\licenses16\ProPlus2019R_Trial2-pl.xrm-ms	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\reference assemblies\microsoft\framework\v3.0\fr\PresentationBuildTasks.resources.dll	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\videolan\vlc\plugins\codec\liblpcm_plugin.dll	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File created	\??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\desktop-connector-files\js\nls\nl-nl\how_to_decrypt.hta	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File created	\??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\reviews\js\nls\zh-cn\how_to_decrypt.hta	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\packagemanifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\root\licenses16\WordR_Grace-ppd.xrm-ms	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\root\office16\logoimages\ExcelLogo.contrast-white_scale-80.png	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\root\office16\OUTLFLTR.DLL	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\desktop-connector-files\js\nls\ja-jp\ui-strings.js	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-computer-select\css\main-selector.css	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\root\office16\1033\offsymk.ttf	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\root\office16\logoimages\PowerPntLogoSmall.contrast-black_scale-100.png	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\office16\datamodel\tmtransactions_xl.dll	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\office16\Mso20win32client.dll	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\mozilla firefox\updater.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File created	\??\c:\program files (x86)\common files\microsoft shared\stationery\how_to_decrypt.hta	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\root\licenses16\PersonalR_OEM_Perp-ul-oob.xrm-ms	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\office16\datamodel\Microsoft.Data.ConnectionUI.Dialog.dll	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\root\vreg\powerpointmui.msi.16.en-us.vreg.dat	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\images\s_gridview_selected-hover.svg	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\common files\system\msadc\es-es\msaddsr.dll.mui	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\java\jdk-1.8\jre\legal\jdk\unicode.md	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\java\jdk-1.8\jre\lib\deploy\[email protected]	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\images\s_sortedby_up_selected_18.svg	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\ja-jp\ui-strings.js	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File created	\??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\scan-files\js\nls\en-ae\how_to_decrypt.hta	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\root\licenses16\Word2019VL_MAK_AE-pl.xrm-ms	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\videolan\vlc\plugins\demux\libdemuxdump_plugin.dll	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File created	\??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\createpdfupsell-app\js\nls\ko-kr\how_to_decrypt.hta	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\createpdfupsell-app\js\nls\ru-ru\ui-strings.js	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\dcf\Microsoft.Vbe.Interop.dll	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\images\themes\dark\s_filterselected-dark-focus_32.svg	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\on-boarding\images\themeless\pdf-ownership-rdr-en_us.gif	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\videolan\vlc\plugins\access\libsmb_plugin.dll	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\images\file_types\hi_contrast\aic_file_icons_retina_thumb_highContrast_bow.png	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\common files\system\msadc\msdaremr.dll	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\root\office16\sdxs\fa000000018\cardview\lib\native-common\assets\[email protected]	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\root\office16\sdxs\fa000000027\assets\icons\[email protected]	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File created	\??\c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\dcf\1033\how_to_decrypt.hta	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\videolan\vlc\locale\sk\lc_messages\vlc.mo	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\dialogs\stream_window.html	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File created	\??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\createpdfupsell-app\js\nls\sl-sl\how_to_decrypt.hta	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File created	\??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\scan-files\js\nls\en-gb\how_to_decrypt.hta	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\unified-share\js\nls\pl-pl\ui-strings.js	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\uss-search\js\nls\ja-jp\ui-strings.js	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\internet explorer\IEShims.dll	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\root\office16\RTC.DLL	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\root\vfs\systemx86\vcruntime140.dll	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\sample-files\js\nls\nb-no\ui-strings.js	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\root\vfs\common appdata\microsoft help\MS.ONENOTE.16.1033.hxn	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File created	\??\c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\themes16\network\how_to_decrypt.hta	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\common files\system\msadc\es-es\msdaremr.dll.mui	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\google\chrome\application\106.0.5249.119\locales\ja.pak	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\java\jdk-1.8\legal\javafx\jpeg_fx.md	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\root\licenses16\MondoR_SubTest-pl.xrm-ms	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads