Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WINDOWSDEFENDER' = '%APPDATA%\WindowsDefender\{846ee340-7039-11de-9d20-806e6f6e6963}\1195700.exe'
- iexplore.exe
- %APPDATA%\windowsdefender\{846ee340-7039-11de-9d20-806e6f6e6963}\1195700.exe
- %APPDATA%\windowsdefender\{846ee340-7039-11de-9d20-806e6f6e6963}\vromm.exe
- ClassName: 'ConsoleWindowClass' WindowName: ''
- '%APPDATA%\windowsdefender\{846ee340-7039-11de-9d20-806e6f6e6963}\1195700.exe'
- '%ProgramFiles(x86)%\internet explorer\iexplore.exe'