Analysis
-
max time kernel
36s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
18-04-2024 00:16
Static task
static1
Behavioral task
behavioral1
Sample
f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe
Resource
win10v2004-20240412-en
General
-
Target
f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe
-
Size
305KB
-
MD5
f6e2893312dc8bb664c183fcc93990bb
-
SHA1
72c03600b7fcab33db83644153a9376f6aae5914
-
SHA256
369e794e05e0d7c9bba6dde5009848087a2cd5e8bf77583d391e0e51d21a52cd
-
SHA512
dbe72bd9d0851176e20091842b1505e650034ce4b1a98dfc13d09cbb92cc45a8db67418ff7db88a4a5451363c74189bf86efe227ec52b6901e1b188bae07baf0
-
SSDEEP
6144:qrPvxOIE9jeOn3jEapL6wAOGNGE81/2I/TYtCC:qbvx+9jZoDwmGRuIhC
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 64 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe -
Adds Run key to start application 2 TTPs 64 IoCs
Processes:
reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VLC Media Player = "C:\\Users\\Admin\\AppData\\Local\\VLC Media Player.exe" reg.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.execmd.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.execmd.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.execmd.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.execmd.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.execmd.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.execmd.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.execmd.exef6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exedescription pid process target process PID 4912 wrote to memory of 4892 4912 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe cmd.exe PID 4912 wrote to memory of 4892 4912 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe cmd.exe PID 4912 wrote to memory of 4892 4912 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe cmd.exe PID 4912 wrote to memory of 5096 4912 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe PID 4912 wrote to memory of 5096 4912 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe PID 4912 wrote to memory of 5096 4912 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe PID 4892 wrote to memory of 1344 4892 cmd.exe reg.exe PID 4892 wrote to memory of 1344 4892 cmd.exe reg.exe PID 4892 wrote to memory of 1344 4892 cmd.exe reg.exe PID 5096 wrote to memory of 4328 5096 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe cmd.exe PID 5096 wrote to memory of 4328 5096 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe cmd.exe PID 5096 wrote to memory of 4328 5096 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe cmd.exe PID 5096 wrote to memory of 3956 5096 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe PID 5096 wrote to memory of 3956 5096 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe PID 5096 wrote to memory of 3956 5096 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe PID 4328 wrote to memory of 672 4328 cmd.exe reg.exe PID 4328 wrote to memory of 672 4328 cmd.exe reg.exe PID 4328 wrote to memory of 672 4328 cmd.exe reg.exe PID 3956 wrote to memory of 4588 3956 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe cmd.exe PID 3956 wrote to memory of 4588 3956 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe cmd.exe PID 3956 wrote to memory of 4588 3956 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe cmd.exe PID 3956 wrote to memory of 5108 3956 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe PID 3956 wrote to memory of 5108 3956 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe PID 3956 wrote to memory of 5108 3956 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe PID 4588 wrote to memory of 8 4588 cmd.exe reg.exe PID 4588 wrote to memory of 8 4588 cmd.exe reg.exe PID 4588 wrote to memory of 8 4588 cmd.exe reg.exe PID 5108 wrote to memory of 3032 5108 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe cmd.exe PID 5108 wrote to memory of 3032 5108 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe cmd.exe PID 5108 wrote to memory of 3032 5108 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe cmd.exe PID 5108 wrote to memory of 4476 5108 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe PID 5108 wrote to memory of 4476 5108 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe PID 5108 wrote to memory of 4476 5108 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe PID 3032 wrote to memory of 3952 3032 cmd.exe reg.exe PID 3032 wrote to memory of 3952 3032 cmd.exe reg.exe PID 3032 wrote to memory of 3952 3032 cmd.exe reg.exe PID 4476 wrote to memory of 2268 4476 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe cmd.exe PID 4476 wrote to memory of 2268 4476 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe cmd.exe PID 4476 wrote to memory of 2268 4476 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe cmd.exe PID 4476 wrote to memory of 3708 4476 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe PID 4476 wrote to memory of 3708 4476 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe PID 4476 wrote to memory of 3708 4476 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe PID 2268 wrote to memory of 2144 2268 cmd.exe reg.exe PID 2268 wrote to memory of 2144 2268 cmd.exe reg.exe PID 2268 wrote to memory of 2144 2268 cmd.exe reg.exe PID 3708 wrote to memory of 860 3708 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe cmd.exe PID 3708 wrote to memory of 860 3708 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe cmd.exe PID 3708 wrote to memory of 860 3708 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe cmd.exe PID 3708 wrote to memory of 4364 3708 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe PID 3708 wrote to memory of 4364 3708 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe PID 3708 wrote to memory of 4364 3708 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe PID 860 wrote to memory of 5048 860 cmd.exe reg.exe PID 860 wrote to memory of 5048 860 cmd.exe reg.exe PID 860 wrote to memory of 5048 860 cmd.exe reg.exe PID 4364 wrote to memory of 4812 4364 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe cmd.exe PID 4364 wrote to memory of 4812 4364 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe cmd.exe PID 4364 wrote to memory of 4812 4364 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe cmd.exe PID 4364 wrote to memory of 3584 4364 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe PID 4364 wrote to memory of 3584 4364 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe PID 4364 wrote to memory of 3584 4364 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe PID 4812 wrote to memory of 1652 4812 cmd.exe reg.exe PID 4812 wrote to memory of 1652 4812 cmd.exe reg.exe PID 4812 wrote to memory of 1652 4812 cmd.exe reg.exe PID 3584 wrote to memory of 1968 3584 f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4912 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"2⤵
- Suspicious use of WriteProcessMemory
PID:4892 -
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"3⤵PID:1344
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"2⤵
- Suspicious use of WriteProcessMemory
PID:5096 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"3⤵
- Suspicious use of WriteProcessMemory
PID:4328 -
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"4⤵
- Adds Run key to start application
PID:672 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"3⤵
- Suspicious use of WriteProcessMemory
PID:3956 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"4⤵
- Suspicious use of WriteProcessMemory
PID:4588 -
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"5⤵PID:8
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"4⤵
- Suspicious use of WriteProcessMemory
PID:5108 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"5⤵
- Suspicious use of WriteProcessMemory
PID:3032 -
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"6⤵
- Adds Run key to start application
PID:3952 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"5⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4476 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"6⤵
- Suspicious use of WriteProcessMemory
PID:2268 -
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"7⤵PID:2144
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"6⤵
- Suspicious use of WriteProcessMemory
PID:3708 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"7⤵
- Suspicious use of WriteProcessMemory
PID:860 -
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"8⤵PID:5048
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"7⤵
- Suspicious use of WriteProcessMemory
PID:4364 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"8⤵
- Suspicious use of WriteProcessMemory
PID:4812 -
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"9⤵PID:1652
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"8⤵
- Suspicious use of WriteProcessMemory
PID:3584 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"9⤵PID:1968
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"10⤵PID:3360
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"9⤵PID:4136
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"10⤵PID:2848
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"11⤵
- Adds Run key to start application
PID:3764 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"10⤵PID:2476
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"11⤵PID:644
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"12⤵
- Adds Run key to start application
PID:4944 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"11⤵PID:684
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"12⤵PID:1852
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"13⤵
- Adds Run key to start application
PID:1896 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"12⤵
- Checks computer location settings
PID:1444 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"13⤵PID:4864
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"14⤵PID:4328
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"13⤵PID:736
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"14⤵PID:4468
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"15⤵PID:4940
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"14⤵
- Checks computer location settings
PID:2180 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"15⤵PID:3272
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"16⤵PID:1228
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"15⤵
- Checks computer location settings
PID:800 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"16⤵PID:4044
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"17⤵
- Adds Run key to start application
PID:2868 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"16⤵
- Checks computer location settings
PID:4104 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"17⤵PID:3692
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"18⤵PID:2760
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"17⤵
- Checks computer location settings
PID:1832 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"18⤵PID:2972
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"19⤵PID:3544
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"18⤵PID:3120
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"19⤵PID:3908
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"20⤵PID:4436
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"19⤵PID:3096
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"20⤵PID:1820
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"21⤵
- Adds Run key to start application
PID:2848 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"20⤵
- Checks computer location settings
PID:1796 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"21⤵PID:4768
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"22⤵
- Adds Run key to start application
PID:1804 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"21⤵
- Checks computer location settings
PID:4944 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"22⤵PID:4504
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"23⤵PID:3760
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"22⤵PID:4820
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"23⤵PID:4548
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"24⤵
- Adds Run key to start application
PID:4072 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"23⤵
- Checks computer location settings
PID:1468 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"24⤵PID:4940
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"25⤵
- Adds Run key to start application
PID:2212 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"24⤵
- Checks computer location settings
PID:1764 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"25⤵PID:760
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"26⤵PID:3032
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"25⤵PID:556
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"26⤵PID:2868
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"27⤵PID:868
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"26⤵PID:2844
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"27⤵PID:2720
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"28⤵PID:4664
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"27⤵
- Checks computer location settings
PID:4284 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"28⤵PID:3956
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"29⤵PID:832
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"28⤵PID:404
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"29⤵PID:3304
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"30⤵
- Adds Run key to start application
PID:2296 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"29⤵PID:3256
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"30⤵PID:1436
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"31⤵PID:5104
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"30⤵PID:4136
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"31⤵PID:4256
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"32⤵PID:4944
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"31⤵PID:4768
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"32⤵PID:1344
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"33⤵PID:4820
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"32⤵
- Checks computer location settings
PID:840 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"33⤵PID:5092
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"34⤵
- Adds Run key to start application
PID:1468 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"33⤵PID:2264
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"34⤵PID:4468
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"35⤵PID:3296
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"34⤵
- Checks computer location settings
PID:2524 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"35⤵PID:1132
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV136⤵PID:1228
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"36⤵PID:2492
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"35⤵PID:4860
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"36⤵PID:1356
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"37⤵
- Adds Run key to start application
PID:2820 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"36⤵
- Checks computer location settings
PID:4104 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"37⤵PID:2652
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"38⤵PID:2384
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"37⤵
- Checks computer location settings
PID:4312 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"38⤵PID:2700
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"39⤵
- Adds Run key to start application
PID:2296 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"38⤵PID:4336
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"39⤵PID:2624
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"40⤵PID:2808
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"39⤵PID:3644
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"40⤵PID:4992
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"41⤵
- Adds Run key to start application
PID:2476 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"40⤵PID:1804
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"41⤵PID:2520
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"42⤵PID:4892
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"41⤵
- Checks computer location settings
PID:2096 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"42⤵PID:2380
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"43⤵PID:3804
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"42⤵
- Checks computer location settings
PID:3488 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"43⤵PID:1660
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"44⤵
- Adds Run key to start application
PID:4940 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"43⤵PID:4392
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"44⤵PID:3676
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"45⤵PID:3548
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"44⤵PID:4592
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"45⤵PID:1132
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"46⤵
- Adds Run key to start application
PID:2900 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"45⤵PID:1340
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"46⤵PID:2312
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"47⤵
- Adds Run key to start application
PID:2676 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"46⤵
- Checks computer location settings
PID:2420 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"47⤵PID:2720
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"48⤵PID:3292
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"47⤵PID:3248
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"48⤵PID:972
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"49⤵PID:632
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"48⤵PID:3956
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"49⤵PID:1904
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"50⤵PID:4944
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"49⤵PID:4748
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"50⤵PID:644
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"51⤵
- Adds Run key to start application
PID:524 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"50⤵PID:3144
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"51⤵PID:2304
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV152⤵PID:3760
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"52⤵PID:1776
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"51⤵PID:672
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"52⤵PID:1748
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"53⤵PID:4864
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"52⤵
- Checks computer location settings
PID:3232 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"53⤵PID:3188
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"54⤵PID:2180
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"53⤵
- Checks computer location settings
PID:3236 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"54⤵PID:3640
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV155⤵PID:760
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"55⤵PID:540
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"54⤵PID:4596
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"55⤵PID:4908
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"56⤵
- Adds Run key to start application
PID:4020 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"55⤵PID:2900
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"56⤵PID:4104
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"57⤵
- Adds Run key to start application
PID:1832 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"56⤵PID:2084
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"57⤵PID:3692
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV158⤵PID:3120
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"58⤵PID:4312
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"57⤵PID:3292
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"58⤵PID:4956
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"59⤵PID:2808
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"58⤵PID:3168
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"59⤵PID:4520
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"60⤵
- Adds Run key to start application
PID:4460 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"59⤵PID:1824
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"60⤵PID:4208
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV161⤵PID:1804
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"61⤵
- Adds Run key to start application
PID:4496 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"60⤵
- Checks computer location settings
PID:1524 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"61⤵PID:3804
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"62⤵
- Adds Run key to start application
PID:1852 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"61⤵PID:4768
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"62⤵PID:5092
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"63⤵PID:2456
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"62⤵PID:2616
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"63⤵PID:3912
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"64⤵PID:4172
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"63⤵
- Checks computer location settings
PID:828 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"64⤵PID:2868
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"65⤵
- Adds Run key to start application
PID:2712 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"64⤵PID:2524
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"65⤵PID:1356
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV166⤵PID:4044
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"66⤵PID:3672
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"65⤵
- Checks computer location settings
PID:1924 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"66⤵PID:2312
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"67⤵PID:2384
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"66⤵PID:3904
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"67⤵PID:3344
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"68⤵PID:2652
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"67⤵PID:832
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"68⤵PID:3292
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"69⤵
- Adds Run key to start application
PID:1628 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"68⤵PID:4872
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"69⤵PID:3168
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV170⤵PID:2848
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"70⤵PID:524
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"69⤵
- Checks computer location settings
PID:4444 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"70⤵PID:4820
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"71⤵
- Adds Run key to start application
PID:4384 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"70⤵PID:4120
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"71⤵PID:1524
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV172⤵PID:2520
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"72⤵
- Adds Run key to start application
PID:672 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"71⤵
- Checks computer location settings
PID:3000 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"72⤵PID:4480
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"73⤵PID:2776
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"72⤵PID:2456
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"73⤵PID:1948
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"74⤵PID:3952
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"73⤵
- Checks computer location settings
PID:4172 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"74⤵PID:4764
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"75⤵PID:2868
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"74⤵PID:388
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"75⤵PID:2524
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV176⤵PID:2844
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"76⤵
- Adds Run key to start application
PID:4780 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"75⤵PID:2732
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"76⤵PID:3788
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"77⤵PID:2312
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"76⤵PID:1544
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"77⤵PID:208
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"78⤵PID:1972
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"77⤵PID:4668
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"78⤵PID:4832
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"79⤵PID:2972
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"78⤵PID:1628
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"79⤵PID:972
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"80⤵PID:3456
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"79⤵
- Checks computer location settings
PID:524 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"80⤵PID:4144
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"81⤵PID:3948
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"80⤵
- Checks computer location settings
PID:4492 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"81⤵PID:2476
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"82⤵
- Adds Run key to start application
PID:4208 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"81⤵PID:2308
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"82⤵PID:4120
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"83⤵
- Adds Run key to start application
PID:3388 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"82⤵PID:4932
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"83⤵PID:3804
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"84⤵
- Adds Run key to start application
PID:3320 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"83⤵PID:2776
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"84⤵PID:2456
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"85⤵PID:2272
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"84⤵PID:3188
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"85⤵PID:1764
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"86⤵PID:4764
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"85⤵PID:2868
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"86⤵PID:1040
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"87⤵
- Adds Run key to start application
PID:3556 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"86⤵
- Checks computer location settings
PID:4780 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"87⤵PID:2416
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV188⤵PID:2732
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"88⤵PID:3544
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"87⤵
- Checks computer location settings
PID:3304 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"88⤵PID:2420
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"89⤵PID:2084
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"88⤵PID:1972
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"89⤵PID:3080
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"90⤵PID:2700
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"89⤵PID:2972
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"90⤵PID:2848
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"91⤵
- Adds Run key to start application
PID:2668 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"90⤵
- Checks computer location settings
PID:4520 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"91⤵PID:524
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"92⤵
- Adds Run key to start application
PID:2640 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"91⤵PID:4980
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"92⤵PID:4492
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV193⤵PID:4820
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"93⤵PID:4776
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"92⤵
- Checks computer location settings
PID:2300 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"93⤵PID:468
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"94⤵PID:4968
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"93⤵PID:1148
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"94⤵PID:1852
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"95⤵
- Adds Run key to start application
PID:4540 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"94⤵
- Checks computer location settings
PID:3320 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"95⤵PID:4072
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"96⤵
- Adds Run key to start application
PID:4392 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"95⤵PID:3952
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"96⤵PID:3188
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"97⤵PID:556
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"96⤵PID:3640
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"97⤵PID:2868
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV198⤵PID:1132
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"98⤵
- Adds Run key to start application
PID:2060 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"97⤵
- Checks computer location settings
PID:4664 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"98⤵PID:5088
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV199⤵PID:2900
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"99⤵PID:3736
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"98⤵PID:3544
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"99⤵PID:836
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"100⤵PID:3248
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"99⤵
- Checks computer location settings
PID:208 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"100⤵PID:3692
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1101⤵PID:2296
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"101⤵PID:632
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"100⤵PID:4108
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"101⤵PID:1056
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"102⤵
- Adds Run key to start application
PID:4872 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"101⤵PID:2796
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"102⤵PID:3956
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1103⤵PID:3032
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"103⤵PID:1052
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"102⤵PID:2624
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"103⤵PID:4684
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"104⤵PID:4384
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"103⤵PID:3644
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"104⤵PID:4440
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"105⤵PID:2096
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"104⤵PID:4444
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"105⤵PID:4768
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"106⤵PID:8
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"105⤵PID:2720
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"106⤵PID:4480
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"107⤵PID:4524
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"106⤵
- Checks computer location settings
PID:3272 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"107⤵PID:4984
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"108⤵
- Adds Run key to start application
PID:1764 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"107⤵PID:4548
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"108⤵PID:3820
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"109⤵PID:1040
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"108⤵
- Checks computer location settings
PID:1664 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"109⤵PID:2844
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"110⤵
- Adds Run key to start application
PID:3736 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"109⤵PID:4476
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"110⤵PID:3140
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"111⤵PID:4500
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"110⤵PID:2312
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"111⤵PID:4336
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"112⤵PID:1368
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"111⤵PID:2420
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"112⤵PID:3264
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"113⤵
- Adds Run key to start application
PID:1684 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"112⤵
- Checks computer location settings
PID:1652 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"113⤵PID:4460
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"114⤵PID:5060
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"113⤵
- Checks computer location settings
PID:3168 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"114⤵PID:3240
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"115⤵PID:3144
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"114⤵
- Checks computer location settings
PID:4520 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"115⤵PID:4256
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"116⤵PID:316
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"115⤵PID:4216
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"116⤵PID:1524
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"117⤵
- Adds Run key to start application
PID:4328 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"116⤵PID:2300
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"117⤵PID:4204
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1118⤵PID:4768
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"118⤵PID:2776
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"117⤵
- Checks computer location settings
PID:3236 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"118⤵PID:3320
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"119⤵PID:2820
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"118⤵
- Checks computer location settings
PID:4392 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"119⤵PID:4592
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"120⤵PID:4548
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"119⤵
- Checks computer location settings
PID:2712 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"120⤵PID:2100
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"121⤵PID:4364
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"120⤵PID:716
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"121⤵PID:4044
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"122⤵
- Adds Run key to start application
PID:3120 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"121⤵PID:4860
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"122⤵PID:3708
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"123⤵PID:1368
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"122⤵
- Checks computer location settings
PID:836 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"123⤵PID:3344
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"124⤵PID:2700
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"123⤵
- Checks computer location settings
PID:3692 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"124⤵PID:2296
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"125⤵PID:3292
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"124⤵PID:1056
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"125⤵PID:2848
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"126⤵PID:4208
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"125⤵PID:2796
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"126⤵PID:2444
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"127⤵
- Adds Run key to start application
PID:4200 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"126⤵
- Checks computer location settings
PID:4384 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"127⤵PID:1804
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"128⤵PID:4084
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"127⤵PID:1776
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"128⤵PID:4444
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"129⤵PID:956
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"128⤵PID:3388
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"129⤵PID:1192
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"130⤵
- Adds Run key to start application
PID:4864 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"129⤵
- Checks computer location settings
PID:4100 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"130⤵PID:4480
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"131⤵PID:2760
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"130⤵PID:3272
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"131⤵PID:2212
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"132⤵PID:3820
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"131⤵
- Checks computer location settings
PID:3296 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"132⤵PID:4020
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"133⤵PID:612
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"132⤵PID:388
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"133⤵PID:1356
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"134⤵PID:860
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"133⤵
- Checks computer location settings
PID:3076 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"134⤵PID:3708
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"135⤵PID:2700
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"134⤵
- Checks computer location settings
PID:224 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"135⤵PID:2088
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"136⤵
- Adds Run key to start application
PID:5104 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"135⤵PID:3584
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"136⤵PID:3256
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"137⤵
- Adds Run key to start application
PID:4820 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"136⤵PID:3132
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"137⤵PID:4828
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"138⤵
- Adds Run key to start application
PID:1796 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"137⤵
- Checks computer location settings
PID:3516 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"138⤵PID:2896
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"139⤵PID:4328
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"138⤵
- Checks computer location settings
PID:2228 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"139⤵PID:1804
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1140⤵PID:4492
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"140⤵PID:2168
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"139⤵
- Checks computer location settings
PID:2304 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"140⤵PID:2448
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"141⤵PID:3968
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"140⤵
- Checks computer location settings
PID:4456 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"141⤵PID:4768
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"142⤵PID:4068
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"141⤵PID:2720
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"142⤵PID:3320
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"143⤵PID:3640
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"142⤵
- Checks computer location settings
PID:3328 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"143⤵PID:2712
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1144⤵PID:828
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"144⤵PID:4500
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"143⤵PID:2340
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"144⤵PID:2524
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"145⤵PID:3140
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"144⤵PID:736
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"145⤵PID:2676
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"146⤵PID:4748
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"145⤵PID:3260
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"146⤵PID:2084
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"147⤵
- Adds Run key to start application
PID:1652 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"146⤵PID:4284
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"147⤵PID:1968
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"148⤵
- Adds Run key to start application
PID:2040 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"147⤵PID:2624
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"148⤵PID:2684
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1149⤵PID:4520
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"149⤵
- Adds Run key to start application
PID:4504 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"148⤵
- Checks computer location settings
PID:4496 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"149⤵PID:2032
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"150⤵PID:1804
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"149⤵
- Checks computer location settings
PID:644 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"150⤵PID:1976
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"151⤵PID:4444
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"150⤵PID:3488
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"151⤵PID:4864
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"152⤵
- Adds Run key to start application
PID:1192 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"151⤵PID:3828
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"152⤵PID:4548
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1153⤵PID:3232
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"153⤵
- Adds Run key to start application
PID:3272 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"152⤵PID:2560
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"153⤵PID:4592
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"154⤵PID:2656
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"153⤵PID:4476
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"154⤵PID:1004
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"155⤵PID:2384
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"154⤵PID:388
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"155⤵PID:4992
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"156⤵
- Adds Run key to start application
PID:3588 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"155⤵PID:3360
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"156⤵PID:2312
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"157⤵PID:3464
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"156⤵PID:4336
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"157⤵PID:4888
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"158⤵PID:2040
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"157⤵PID:224
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"158⤵PID:2388
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"159⤵PID:4220
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"158⤵PID:4460
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"159⤵PID:4440
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"160⤵
- Adds Run key to start application
PID:3108 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"159⤵PID:1820
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"160⤵PID:3368
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"161⤵PID:2116
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"160⤵PID:672
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"161⤵PID:1904
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"162⤵PID:2456
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"161⤵PID:400
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"162⤵PID:4104
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"163⤵PID:3272
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"162⤵
- Checks computer location settings
PID:4864 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"163⤵PID:3788
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1164⤵PID:4908
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"164⤵PID:4764
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"163⤵PID:4984
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"164⤵PID:3120
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"165⤵
- Adds Run key to start application
PID:4476 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"164⤵
- Checks computer location settings
PID:3296 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"165⤵PID:868
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"166⤵PID:3736
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"165⤵PID:1004
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"166⤵PID:3248
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1167⤵PID:4956
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"167⤵
- Adds Run key to start application
PID:3360 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"166⤵PID:3764
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"167⤵PID:3536
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"168⤵PID:2972
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"167⤵PID:3260
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"168⤵PID:2632
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1169⤵PID:2084
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"169⤵
- Adds Run key to start application
PID:4208 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"168⤵PID:1056
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"169⤵PID:2388
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"170⤵PID:4328
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"169⤵PID:4084
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"170⤵PID:2168
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"171⤵
- Adds Run key to start application
PID:4684 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"170⤵
- Checks computer location settings
PID:2228 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"171⤵PID:2300
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"172⤵PID:3388
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"171⤵PID:3040
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"172⤵PID:468
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"173⤵PID:4104
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"172⤵PID:3952
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"173⤵PID:4480
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"174⤵
- Adds Run key to start application
PID:3556 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"173⤵PID:1748
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"174⤵PID:2560
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"175⤵PID:4592
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"174⤵PID:4020
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"175⤵PID:2712
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"176⤵PID:4044
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"175⤵PID:2416
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"176⤵PID:2524
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"177⤵
- Adds Run key to start application
PID:1972 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"176⤵
- Checks computer location settings
PID:3464 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"177⤵PID:3196
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"178⤵PID:4848
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"177⤵
- Checks computer location settings
PID:2420 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"178⤵PID:3752
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"179⤵PID:3460
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"178⤵
- Checks computer location settings
PID:1264 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"179⤵PID:4464
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"180⤵
- Adds Run key to start application
PID:3584 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"179⤵PID:1444
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"180⤵PID:3132
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"181⤵PID:2308
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"180⤵PID:2116
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"181⤵PID:1820
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"182⤵
- Adds Run key to start application
PID:3384 -
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"181⤵PID:1976
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"182⤵PID:2616
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"183⤵PID:4524
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"182⤵PID:3040
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"183⤵PID:4932
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"184⤵PID:1480
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"183⤵PID:4436
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"184⤵PID:3820
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"185⤵PID:5104
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"184⤵PID:4472
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"185⤵PID:4664
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1186⤵PID:3640
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"186⤵PID:4228
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"185⤵PID:2384
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"186⤵PID:3544
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"187⤵PID:3604
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"186⤵PID:2700
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"187⤵PID:4832
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"188⤵PID:3692
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"187⤵PID:3764
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"188⤵PID:5048
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"189⤵PID:2636
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"188⤵PID:4388
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"189⤵PID:3080
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"190⤵PID:1468
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"189⤵PID:3492
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"190⤵PID:2632
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"191⤵PID:448
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"190⤵PID:2724
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"191⤵PID:316
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"192⤵PID:3132
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"191⤵PID:4968
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"192⤵PID:1816
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"193⤵PID:3516
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"192⤵PID:4816
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"193⤵PID:840
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1194⤵PID:3804
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"194⤵PID:4204
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"193⤵PID:5112
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"194⤵PID:1764
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"195⤵PID:2180
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"194⤵PID:1340
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"195⤵PID:2964
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"196⤵PID:4548
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"195⤵PID:4944
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"196⤵PID:4592
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"197⤵PID:4500
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"196⤵PID:2844
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"197⤵PID:1368
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"198⤵PID:2340
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"197⤵PID:1972
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"198⤵PID:4680
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1199⤵PID:1832
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"199⤵PID:736
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"198⤵PID:3360
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"199⤵PID:4668
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1200⤵PID:832
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"200⤵PID:3196
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"199⤵PID:3896
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"200⤵PID:4336
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"201⤵PID:4820
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"200⤵PID:1456
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"201⤵PID:3460
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"202⤵PID:4504
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"201⤵PID:3752
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"202⤵PID:1804
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"203⤵PID:3104
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"202⤵PID:2724
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"203⤵PID:4684
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"204⤵PID:392
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"203⤵PID:4624
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"204⤵PID:1904
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1205⤵PID:672
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"205⤵PID:4072
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"204⤵PID:956
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"205⤵PID:4104
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"206⤵PID:3760
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"205⤵PID:4988
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"206⤵PID:1228
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"207⤵PID:4548
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"206⤵PID:3232
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"207⤵PID:2212
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"208⤵PID:4500
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"207⤵PID:5104
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"208⤵PID:4228
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"209⤵PID:4780
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"208⤵PID:4044
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"209⤵PID:1368
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1210⤵PID:3140
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"210⤵PID:4848
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"209⤵PID:3344
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"210⤵PID:1652
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"211⤵PID:4920
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"210⤵PID:4116
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"211⤵PID:3248
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1212⤵PID:4668
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"212⤵PID:4820
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"211⤵PID:2896
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"212⤵PID:4336
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"213⤵PID:4328
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"212⤵PID:3256
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"213⤵PID:4464
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"214⤵PID:2776
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"213⤵PID:1524
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"214⤵PID:3972
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"215⤵PID:2456
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"214⤵PID:316
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"215⤵PID:3024
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"216⤵PID:2032
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"215⤵PID:3384
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"216⤵PID:2448
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"217⤵PID:4524
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"216⤵PID:644
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"217⤵PID:2296
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"218⤵PID:884
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"217⤵PID:4764
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"218⤵PID:612
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1219⤵PID:4480
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"219⤵PID:3328
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"218⤵PID:2232
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"219⤵PID:3912
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"220⤵PID:4664
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"219⤵PID:4536
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"220⤵PID:860
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"221⤵PID:4748
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"220⤵PID:2876
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"221⤵PID:4728
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"222⤵PID:4920
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"221⤵PID:4860
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"222⤵PID:1684
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"223⤵PID:3216
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"222⤵PID:1924
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"223⤵PID:224
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1224⤵PID:4460
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"224⤵PID:2088
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"223⤵PID:4420
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"224⤵PID:1968
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"225⤵PID:4208
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"224⤵PID:3492
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"225⤵PID:1852
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"226⤵PID:3512
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"225⤵PID:4496
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"226⤵PID:3972
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"227⤵PID:3516
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"226⤵PID:2796
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"227⤵PID:2392
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"228⤵PID:4524
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"227⤵PID:400
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"228⤵PID:4540
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"229⤵PID:2720
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"228⤵PID:956
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"229⤵PID:1764
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"230⤵PID:1340
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"229⤵PID:3040
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"230⤵PID:3320
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"231⤵PID:4020
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"230⤵PID:1664
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"231⤵PID:4592
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"232⤵PID:1356
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"231⤵PID:5104
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"232⤵PID:2440
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"233⤵PID:4940
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"232⤵PID:3016
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"233⤵PID:1972
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1234⤵PID:2524
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"234⤵PID:4860
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"233⤵PID:2640
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"234⤵PID:1240
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"235⤵PID:4300
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"234⤵PID:3080
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"235⤵PID:2668
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"236⤵PID:4420
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"235⤵PID:2888
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"236⤵PID:2420
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1237⤵PID:3132
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"237⤵PID:2724
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"236⤵PID:3752
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"237⤵PID:4384
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"238⤵PID:4680
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"237⤵PID:3852
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"238⤵PID:4684
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"239⤵PID:2796
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"238⤵PID:4072
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"239⤵PID:2228
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"240⤵PID:3384
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"239⤵PID:2392
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"240⤵PID:1568
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"241⤵PID:2020
-
C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe"240⤵PID:1752
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe" "C:\Users\%username%\AppData\Local\VLC Media Player.exe" & REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\%username%\AppData\Local\VLC Media Player.exe"241⤵PID:3788
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "VLC Media Player" /t REG_SZ /F /D "C:\Users\Admin\AppData\Local\VLC Media Player.exe"242⤵PID:3672