description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\001B25EFC4A2115F1D37D22ABFFEB099 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe"	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\0F822B87ADB1535E28D1CF9F297E0E02 = "c:\\users\\admin\\appdata\\local\\temp\\how_to_decrypt.hta"	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe

description	ioc	process
File opened for modification	\??\c:\users\public\libraries\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\public\music\sample music\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\public\pictures\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\public\pictures\sample pictures\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\admin\documents\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\admin\appdata\local\microsoft\feeds cache\2c0uxhxx\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\admin\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\admin\desktop\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\admin\videos\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\public\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\public\downloads\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft games\spidersolitaire\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\public\music\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\admin\music\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\public\recorded tv\sample media\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\common files\microsoft shared\stationery\Desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\admin\appdata\local\microsoft\feeds cache\o0n2l68z\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\admin\contacts\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft games\hearts\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\microsoft office\office14\1033\dataservices\DESKTOP.INI	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\admin\appdata\local\microsoft\feeds cache\zzbgi5of\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\admin\downloads\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\admin\saved games\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\public\desktop\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\public\documents\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft games\solitaire\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft games\freecell\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft games\purble place\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\admin\appdata\local\microsoft\feeds cache\d2nlq5qt\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\admin\appdata\local\microsoft\feeds cache\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\admin\favorites\links for united states\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\admin\pictures\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\public\recorded tv\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\stationery\Desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\default\appdata\roaming\microsoft\internet explorer\quick launch\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\public\videos\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\public\videos\sample videos\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\f:\$recycle.bin\s-1-5-21-3427588347-1492276948-3422228430-1000\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft games\chess\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft games\mahjong\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\admin\appdata\roaming\microsoft\internet explorer\quick launch\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\admin\favorites\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\admin\favorites\links\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\admin\links\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\users\admin\searches\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\$recycle.bin\s-1-5-21-3427588347-1492276948-3422228430-1000\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe

description	ioc	process
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File created	\??\c:\program files (x86)\common files\system\ole db\es-es\how_to_decrypt.hta	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File created	\??\c:\program files (x86)\how_to_decrypt.hta	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File created	\??\c:\program files\common files\system\ado\ja-jp\how_to_decrypt.hta	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\common files\system\msadc\adcvbs.inc	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\java\jre7\lib\zi\america\Havana	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\mozilla firefox\crashreporter.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\microsoft office\media\office14\bullets\BD10297_.GIF	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\microsoft office\office14\1033\OUTLPERF.H	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File created	\??\c:\program files (x86)\microsoft office\office14\borders\how_to_decrypt.hta	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\microsoft office\office14\pubwiz\STORYBB.POC	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\dvd maker\offset.ax	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\config\modules\org-netbeans-core-output2.xml_hidden	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\config\modules\org-netbeans-lib-uihandler.xml_hidden	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\java\jre7\lib\currency.data	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\java\jre7\lib\zi\africa\Abidjan	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\videolan\vlc\plugins\gui\libskins2_plugin.dll	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\jre\lib\zi\africa\Ndjamena	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\adobe\reader 9.0\reader\plug_ins3d\tesselate.x3d	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\adobe\reader 9.0\resource\cmap\Identity-V	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\common files\adobe\updater6\AdobeUpdater.cer	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\microsoft office\clipart\pub60cor\HH00524_.WMF	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\microsoft office\office14\media\EXPLODE.WAV	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs-nio2.jar	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\common files\microsoft shared\themes14\slate\PREVIEW.GIF	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\jvm.lib	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-api.jar	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\jre\bin\msvcr100.dll	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_zh_4.4.0.v20140623020002.jar	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\microsoft office\office14\1033\OIS_K_COL.HXK	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\db\lib\derbyLocale_cs.jar	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\jre\bin\javacpl.exe	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File created	\??\c:\program files\microsoft games\minesweeper\es-es\how_to_decrypt.hta	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\videolan\vlc\plugins\codec\libaom_plugin.dll	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\microsoft office\clipart\pub60cor\DD01168_.WMF	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\microsoft office\clipart\pub60cor\SY00170_.WMF	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\microsoft office\clipart\pub60cor\J0099189.JPG	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\microsoft office\clipart\pub60cor\PE00578_.WMF	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\microsoft office\media\cagcat10\J0297551.WMF	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\microsoft office\office14\1033\pubspapr\PDIR35B.GIF	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\microsoft office\office14\1033\GROOVE_COL.HXC	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\FormsFormTemplate.html	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\common files\system\ado\msadomd.dll	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File created	\??\c:\program files\java\jdk1.7.0_80\db\how_to_decrypt.hta	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\microsoft games\chess\desktop.ini	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\reference assemblies\microsoft\framework\v3.5\es\System.Data.Services.resources.dll	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\videolan\vlc\plugins\packetizer\libpacketizer_flac_plugin.dll	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\common files\microsoft shared\translat\esen\MSB1ESEN.ITS	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\ink\ja-jp\InkObj.dll.mui	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\microsoft office\clipart\pub60cor\J0285462.WMF	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\reference assemblies\microsoft\framework\v3.5\es\System.Xml.Linq.Resources.dll	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ja_5.5.0.165303.jar	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\reference assemblies\microsoft\framework\v3.5\it\System.Data.Services.resources.dll	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File created	\??\c:\program files\videolan\vlc\locale\bg\lc_messages\how_to_decrypt.hta	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File created	\??\c:\program files (x86)\common files\microsoft shared\themes14\eclipse\how_to_decrypt.hta	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\microsoft office\office14\1033\pubspapr\PDIR32B.GIF	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\americana\TAB_OFF.GIF	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\microsoft office\office14\1033\pubspapr\PAPERS.INI	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\microsoft office\office14\PPTIRM.XML	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\ink\es-es\rtscom.dll.mui	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\ink\hwresmlm.dat	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File created	\??\c:\program files\common files\system\ole db\how_to_decrypt.hta	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files\reference assemblies\microsoft\framework\v3.0\PresentationCore.dll	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
File opened for modification	\??\c:\program files (x86)\microsoft office\clipart\pub60cor\J0105376.WMF	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe

description	pid	process	target process
PID 2124 wrote to memory of 8384	2124	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe	mshta.exe
PID 2124 wrote to memory of 8384	2124	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe	mshta.exe
PID 2124 wrote to memory of 8384	2124	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe	mshta.exe
PID 2124 wrote to memory of 8384	2124	f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe	mshta.exe

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads