| description | ioc | process |
|---|
| File opened for modification | \??\c:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxBlockMap.xml | sample.exe |
| File opened for modification | \??\c:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Archive.zip | sample.exe |
| File opened for modification | \??\c:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-30_altform-lightunplated.png | sample.exe |
| File opened for modification | \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\WindowsBase.resources.dll | sample.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-phn.xrm-ms | sample.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\vfs\Fonts\private\DUBAI-BOLD.TTF | sample.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\vreg\proof.fr-fr.msi.16.fr-fr.vreg.dat | sample.exe |
| File opened for modification | \??\c:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll | sample.exe |
| File created | \??\c:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\bg-BG\how_to_decrypt.hta | sample.exe |
| File opened for modification | \??\c:\Program Files\Java\jre-1.8\lib\security\policy\limited\US_export_policy.jar | sample.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ppd.xrm-ms | sample.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\DEEPBLUE\PREVIEW.GIF | sample.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\MSB1XTOR.DLL | sample.exe |
| File opened for modification | \??\c:\Program Files\Java\jre-1.8\bin\jp2iexp.dll | sample.exe |
| File created | \??\c:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\how_to_decrypt.hta | sample.exe |
| File opened for modification | \??\c:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\AppIcon.scale-125_contrast-white.png | sample.exe |
| File opened for modification | \??\c:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageSmallTile.scale-400.png | sample.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\NamedUrls.HxK | sample.exe |
| File opened for modification | \??\c:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsFormsIntegration.resources.dll | sample.exe |
| File opened for modification | \??\c:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-125_8wekyb3d8bbwe\resources.pri | sample.exe |
| File opened for modification | \??\c:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\WelcomeDialogContent.json | sample.exe |
| File opened for modification | \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll | sample.exe |
| File opened for modification | \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll | sample.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-ppd.xrm-ms | sample.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ul-oob.xrm-ms | sample.exe |
| File opened for modification | \??\c:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\BadgeLogo.scale-150_contrast-black.png | sample.exe |
| File created | \??\c:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\en-gb\locimages\how_to_decrypt.hta | sample.exe |
| File opened for modification | \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe | sample.exe |
| File opened for modification | \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-file-l1-1-0.dll | sample.exe |
| File created | \??\c:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\how_to_decrypt.hta | sample.exe |
| File opened for modification | \??\c:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\StoreLargeTile.scale-100.png | sample.exe |
| File opened for modification | \??\c:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-24_contrast-white.png | sample.exe |
| File opened for modification | \??\c:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-30_contrast-white.png | sample.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ppd.xrm-ms | sample.exe |
| File opened for modification | \??\c:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ComponentModel.DataAnnotations.dll | sample.exe |
| File opened for modification | \??\c:\Program Files\VideoLAN\VLC\lua\playlist\twitch.luac | sample.exe |
| File opened for modification | \??\c:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\AppPackageSmallTile.scale-100_contrast-white.png | sample.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\SQLENGINEMESSAGES.XML | sample.exe |
| File opened for modification | \??\c:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedWideTile.scale-100_contrast-black.png | sample.exe |
| File opened for modification | \??\c:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-32_altform-unplated_contrast-white.png | sample.exe |
| File opened for modification | \??\c:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\clrcompression.dll | sample.exe |
| File opened for modification | \??\c:\Program Files\7-Zip\Lang\ky.txt | sample.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-ul-oob.xrm-ms | sample.exe |
| File created | \??\c:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\how_to_decrypt.hta | sample.exe |
| File opened for modification | \??\c:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\SplashScreen.scale-125.png | sample.exe |
| File opened for modification | \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll | sample.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ul-oob.xrm-ms | sample.exe |
| File opened for modification | \??\c:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\vlc.mo | sample.exe |
| File opened for modification | \??\c:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\29.jpg | sample.exe |
| File opened for modification | \??\c:\Program Files\RepairOptimize.lnk | sample.exe |
| File created | \??\c:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\how_to_decrypt.hta | sample.exe |
| File opened for modification | \??\c:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveDrop32x32.gif | sample.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-phn.xrm-ms | sample.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ul-oob.xrm-ms | sample.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE | sample.exe |
| File created | \??\c:\Program Files\dotnet\host\fxr\6.0.25\how_to_decrypt.hta | sample.exe |
| File opened for modification | \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll | sample.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ppd.xrm-ms | sample.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-pl.xrm-ms | sample.exe |
| File created | \??\c:\Program Files\VideoLAN\VLC\plugins\text_renderer\how_to_decrypt.hta | sample.exe |
| File opened for modification | \??\c:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.scale-100.png | sample.exe |
| File opened for modification | \??\c:\Program Files\Common Files\microsoft shared\ink\ja-JP\InputPersonalization.exe.mui | sample.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ppd.xrm-ms | sample.exe |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL044.XML | sample.exe |
