| description | ioc | process |
|---|
| File opened for modification | \??\c:\program files\dotnet\shared\microsoft.netcore.app\6.0.25\msquic.dll | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\java\jre-1.8\bin\pack200.exe | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\microsoft office\root\office16\1033\dataservices\DESKTOP.INI | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\microsoft office\root\office16\library\analysis\PROCDB.XLAM | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\videolan\vlc\lua\http\css\ui-lightness\images\ui-icons_ffd27a_256x240.png | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File created | \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\add-account\css\how_to_decrypt.hta | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\java\jdk-1.8\jre\bin\npt.dll | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\microsoft office\root\licenses16\ProfessionalR_Retail-ppd.xrm-ms | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\microsoft office\root\office16\bibliography\sort\YEAR.XSL | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\themes16\water\PREVIEW.GIF | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\dotnet\shared\microsoft.netcore.app\8.0.0\System.Collections.dll | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\microsoft office\root\licenses16\ProjectPro2019R_PrepidBypass-ul-oob.xrm-ms | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\videolan\vlc\locale\or\lc_messages\vlc.mo | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\videolan\vlc\plugins\stream_filter\libcache_read_plugin.dll | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\mozilla firefox\uninstall\uninstall.log | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\images\themes\dark\s_anonymoususer_18.svg | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\common files\microsoft shared\clicktorun\AppVClient.man | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\microsoft office\root\office16\1033\ONENOTE_F_COL.HXK | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\microsoft office\root\office16\addins\microsoft power query for excel integrated\bin\Microsoft.Spatial.NetFX35.V7.dll | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\microsoft office\root\office16\fpa_f3\FA000000003 | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\microsoft office\root\office16\wordvisi.ttf | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\themes16\papyrus\PREVIEW.GIF | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\on-boarding\images\themeless\localized_images\fr-fr\PlayStore_icon.svg | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\on-boarding\images\themeless\pdf-ownership-rdr-ja_jp.gif | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\common files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\reference assemblies\microsoft\framework\v3.0\PresentationFramework.Royale.dll | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\RegisterLimit.dxf | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\videolan\vlc\vlc-cache-gen.exe | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\generic-rhp-app\images\themes\dark\rhp_world_icon.png | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-files\js\nls\nb-no\ui-strings.js | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\common files\microsoft shared\vsto\vstoee.dll | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\reference assemblies\microsoft\framework\v3.0\System.IO.Log.dll | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\dotnet\shared\microsoft.netcore.app\6.0.25\clrjit.dll | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\dotnet\shared\microsoft.netcore.app\8.0.0\System.Xml.XPath.XDocument.dll | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\java\jdk-1.8\bin\tnameserv.exe | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\office16\datamodel\cartridges\sybase.xsl | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\themes16\slate\PREVIEW.GIF | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\aicuc\js\nls\ui-strings.js | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\on-boarding\images\themeless\MobileScanCard_Dark.pdf | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File created | \??\c:\program files\videolan\vlc\locale\da\lc_messages\how_to_decrypt.hta | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File created | \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\generic-rhp-app\js\nls\fi-fi\how_to_decrypt.hta | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File created | \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-recent-files\js\nls\sl-si\how_to_decrypt.hta | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\common files\system\ado\it-it\msader15.dll.mui | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\videolan\vlc\locale\af\lc_messages\vlc.mo | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files (x86)\adobe\acrobat reader dc\reader\plug_ins\DropboxStorage.api | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files (x86)\adobe\acrobat reader dc\reader\tracker\forms_received.gif | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\images\themes\dark\ccloud.png | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\combinepdf\images\rhp_world_icon_hover_2x.png | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\js\nls\it-it\ui-strings.js | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\common files\microsoft shared\ink\fsdefinitions\keypad.xml | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File created | \??\c:\program files\google\chrome\application\106.0.5249.119\how_to_decrypt.hta | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\microsoft office\root\licenses16\O365ProPlusE5R_Subscription-ul-oob.xrm-ms | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\microsoft office\root\licenses16\ProjectPro2019DemoR_BypassTrial180-ppd.xrm-ms | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File created | \??\c:\program files\microsoft office\root\office16\odbc drivers\salesforce\how_to_decrypt.hta | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\reference assemblies\microsoft\framework\v3.5\es\System.Data.Entity.Design.Resources.dll | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\microsoft office\root\office16\sdxs\fa000000027\assets\icons\[email protected] | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\microsoft office\root\office16\sdxs\fa000000027\assets\icons\[email protected] | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\microsoft office\root\vfs\programfilesx64\microsoft analysis services\as oledb\140\dbghelp.dll | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\videolan\vlc\lua\http\dialogs\error_window.html | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\videolan\vlc\lua\http\view.html | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\microsoft office\root\office16\addins\powerpivot excel add-in\sqmapi.dll | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File created | \??\c:\program files\uninstall information\how_to_decrypt.hta | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\app\dev\nls\fr-ma\ui-strings.js | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
| File opened for modification | \??\c:\program files\java\jre-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll | f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe |
