description	ioc	process
File opened for modification	\??\c:\program files\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\root\office16\1033\dataservices\DESKTOP.INI	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\f:\$recycle.bin\s-1-5-21-1815711207-1844170477-3539718864-1000\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\$recycle.bin\s-1-5-21-1815711207-1844170477-3539718864-1000\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe

description	ioc	process
File opened for modification	\??\c:\program files\dotnet\shared\microsoft.netcore.app\6.0.25\msquic.dll	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\pack200.exe	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\root\office16\1033\dataservices\DESKTOP.INI	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\root\office16\library\analysis\PROCDB.XLAM	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\css\ui-lightness\images\ui-icons_ffd27a_256x240.png	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File created	\??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\add-account\css\how_to_decrypt.hta	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\java\jdk-1.8\jre\bin\npt.dll	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\root\licenses16\ProfessionalR_Retail-ppd.xrm-ms	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\root\office16\bibliography\sort\YEAR.XSL	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\themes16\water\PREVIEW.GIF	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\dotnet\shared\microsoft.netcore.app\8.0.0\System.Collections.dll	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\root\licenses16\ProjectPro2019R_PrepidBypass-ul-oob.xrm-ms	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\videolan\vlc\locale\or\lc_messages\vlc.mo	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\videolan\vlc\plugins\stream_filter\libcache_read_plugin.dll	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\mozilla firefox\uninstall\uninstall.log	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\images\themes\dark\s_anonymoususer_18.svg	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\clicktorun\AppVClient.man	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\root\office16\1033\ONENOTE_F_COL.HXK	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\root\office16\addins\microsoft power query for excel integrated\bin\Microsoft.Spatial.NetFX35.V7.dll	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\root\office16\fpa_f3\FA000000003	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\root\office16\wordvisi.ttf	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\themes16\papyrus\PREVIEW.GIF	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\on-boarding\images\themeless\localized_images\fr-fr\PlayStore_icon.svg	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\on-boarding\images\themeless\pdf-ownership-rdr-ja_jp.gif	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\reference assemblies\microsoft\framework\v3.0\PresentationFramework.Royale.dll	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\RegisterLimit.dxf	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\videolan\vlc\vlc-cache-gen.exe	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\generic-rhp-app\images\themes\dark\rhp_world_icon.png	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-files\js\nls\nb-no\ui-strings.js	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\vsto\vstoee.dll	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\reference assemblies\microsoft\framework\v3.0\System.IO.Log.dll	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\dotnet\shared\microsoft.netcore.app\6.0.25\clrjit.dll	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\dotnet\shared\microsoft.netcore.app\8.0.0\System.Xml.XPath.XDocument.dll	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\java\jdk-1.8\bin\tnameserv.exe	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\office16\datamodel\cartridges\sybase.xsl	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\themes16\slate\PREVIEW.GIF	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\aicuc\js\nls\ui-strings.js	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\on-boarding\images\themeless\MobileScanCard_Dark.pdf	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File created	\??\c:\program files\videolan\vlc\locale\da\lc_messages\how_to_decrypt.hta	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File created	\??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\generic-rhp-app\js\nls\fi-fi\how_to_decrypt.hta	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File created	\??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-recent-files\js\nls\sl-si\how_to_decrypt.hta	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\common files\system\ado\it-it\msader15.dll.mui	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\videolan\vlc\locale\af\lc_messages\vlc.mo	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\adobe\acrobat reader dc\reader\plug_ins\DropboxStorage.api	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\adobe\acrobat reader dc\reader\tracker\forms_received.gif	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\images\themes\dark\ccloud.png	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\combinepdf\images\rhp_world_icon_hover_2x.png	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\ob-preview\js\nls\it-it\ui-strings.js	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\ink\fsdefinitions\keypad.xml	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File created	\??\c:\program files\google\chrome\application\106.0.5249.119\how_to_decrypt.hta	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\root\licenses16\O365ProPlusE5R_Subscription-ul-oob.xrm-ms	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\root\licenses16\ProjectPro2019DemoR_BypassTrial180-ppd.xrm-ms	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File created	\??\c:\program files\microsoft office\root\office16\odbc drivers\salesforce\how_to_decrypt.hta	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\reference assemblies\microsoft\framework\v3.5\es\System.Data.Entity.Design.Resources.dll	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\root\office16\sdxs\fa000000027\assets\icons\[email protected]	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\root\office16\sdxs\fa000000027\assets\icons\[email protected]	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\root\vfs\programfilesx64\microsoft analysis services\as oledb\140\dbghelp.dll	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\dialogs\error_window.html	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\view.html	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft office\root\office16\addins\powerpivot excel add-in\sqmapi.dll	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File created	\??\c:\program files\uninstall information\how_to_decrypt.hta	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\app\dev\nls\fr-ma\ui-strings.js	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads