| description | ioc | process |
|---|
| File opened for modification | C:\Windows\assembly\GAC_MSIL\ComSvcConfig\3.0.0.0__b03f5f7f11d50a3a\ComSvcConfig.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\wow_helper.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\dfsvc.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe$ | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\AssignedAccessLockApp.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\assembly\GAC_MSIL\WsatConfig\v4.0_4.0.0.0__b03f5f7f11d50a3a\WsatConfig.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v4.0.30319\WsatConfig.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ComSvcConfig.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\acrotextextractor.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe$ | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v3.5\DataSvcUtil.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File created | C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\AppLaunch.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File created | C:\Windows\assembly\GAC_MSIL\ComSvcConfig\3.0.0.0__b03f5f7f11d50a3a\ComSvcConfig.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\logtransport2.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\RegAsm.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\assembly\GAC_MSIL\ComSvcConfig\3.0.0.0__b03f5f7f11d50a3a\ComSvcConfig.exe$ | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\assembly\GAC_MSIL\WsatConfig\3.0.0.0__b03f5f7f11d50a3a\WsatConfig.exe$ | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v3.5\AddInProcess.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regsql.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe$ | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\reader_sl.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMConfigInstaller.exe$ | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WsatConfig.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\PrintDialog\PrintDialog.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\SystemApps\Microsoft.Windows.AddSuggestedFoldersToLibraryDialog_cw5n1h2txyewy\AddSuggestedFoldersToLibraryDialog.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_MSIL\dfsvc\v4.0_4.0.0.0__b03f5f7f11d50a3a\dfsvc.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMSvcHost\v4.0_4.0.0.0__b03f5f7f11d50a3a\SMSvcHost.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMSvcHost\v4.0_4.0.0.0__b03f5f7f11d50a3a\SMSvcHost.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\NETFXSBS10.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelReg.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\acrobroker.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\SystemApps\Microsoft.BioEnrollment_cw5n1h2txyewy\BioEnrollmentHost.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_MSIL\WsatConfig\v4.0_4.0.0.0__b03f5f7f11d50a3a\WsatConfig.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Ldr64.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regsql.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File created | C:\Windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | 3c023fe3610175309e314dce46858a49_JaffaCakes118.exe |
