| description | ioc | process |
|---|
| File opened for modification | \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\vi.pak | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Licenses16\c2rpridslicensefiles_auto.xml | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-pl.xrm-ms | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\vlc.mo | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File created | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\en-il\how_to_decrypt.hta | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\zh-cn\PlayStore_icon.svg | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Client\concrt140.dll | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File created | \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\System\how_to_decrypt.hta | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\dbghelp.dll | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File created | \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\how_to_decrypt.hta | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Trust Protection Lists\Sigma\Staging.DATA | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Office16\ONBttnWD.dll | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-80.png | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\sign-in-2x.png | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\vi_get.svg | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ppd.xrm-ms | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Office16\OsfTaskengine.dll | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-environment-l1-1-0.dll | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\SearchEmail2x.png | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\SearchEmail2x.png | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File created | \??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\WidevineCdm\_platform_specific\how_to_decrypt.hta | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Licenses16\Personal2019DemoR_BypassTrial180-ul-oob.xrm-ms | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONENGINE.DLL | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\[email protected] | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\eu-es\ui-strings.js | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\en-ae\ui-strings.js | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files\Java\jre-1.8\bin\sunmscapi.dll | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files\Java\jre-1.8\lib\cmm\sRGB.pf | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ppd.xrm-ms | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LEVEL\THMBNAIL.PNG | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\vfs\SystemX86\mfcm140u.dll | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\themes\dark\example_icons2x.png | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Office16\1033\XLSLICER.DLL | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File created | \??\c:\Program Files\VideoLAN\VLC\plugins\d3d11\how_to_decrypt.hta | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File created | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\how_to_decrypt.hta | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Locales\bs.pak | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ul-phn.xrm-ms | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files\VideoLAN\VLC\skins\fonts\FreeSans.ttf | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\System\msadc\msadcor.dll | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Entity.Design.Resources.dll | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\hu-hu\ui-strings.js | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Serialization.Xml.dll | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-sysinfo-l1-1-0.dll | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ppd.xrm-ms | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-pl.xrm-ms | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Office15\pidgenx.dll | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteNames.gpd | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.181.5\MicrosoftEdgeUpdateSetup_X86_1.3.181.5.exe | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File created | \??\c:\Program Files\Common Files\microsoft shared\ink\ar-SA\how_to_decrypt.hta | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files\Java\jdk-1.8\README.html | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\EXP_XPS.DLL | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ul-oob.xrm-ms | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-180.png | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File created | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\how_to_decrypt.hta | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\next-arrow-disabled.svg | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files\Java\jdk-1.8\lib\sa-jdi.jar | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-core-file-l2-1-0.dll | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File created | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\how_to_decrypt.hta | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\en-gb\ui-strings.js | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
| File created | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\en-ae\how_to_decrypt.hta | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe |
