Malware Analysis Report

2024-08-06 18:56

Sample ID 240620-1crkfsxgkd
Target 0975b9801f11cfcffe33e71abb517357_JaffaCakes118
SHA256 82c8702c12b5d967f4447c2a257435682e15a61be76128563b04956e800c8e24
Tags
upx z0mbý3 darkcomet evasion persistence rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

82c8702c12b5d967f4447c2a257435682e15a61be76128563b04956e800c8e24

Threat Level: Known bad

The file 0975b9801f11cfcffe33e71abb517357_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

upx z0mbý3 darkcomet evasion persistence rat trojan

Modifies WinLogon for persistence

Darkcomet family

Darkcomet

Sets file to hidden

Executes dropped EXE

Loads dropped DLL

UPX packed file

Checks computer location settings

Drops desktop.ini file(s)

Adds Run key to start application

Drops file in System32 directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Views/modifies file attributes

Runs ping.exe

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Winlogon Helper DLL
T1547.004
Privilege Escalation
TA0004
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Winlogon Helper DLL
T1547.004
Defense Evasion
TA0005
Modify Registry
T1112
Hide Artifacts
T1564
Hidden Files and Directories
T1564.001
Credential Access
TA0006
Discovery
TA0007
System Information Discovery
T1082
Remote System Discovery
T1018
Query Registry
T1012
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-20 21:30

Signatures

Darkcomet family

darkcomet

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-20 21:30

Reported

2024-06-20 21:33

Platform

win7-20240611-en

Max time kernel

49s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe"

Signatures

Darkcomet

trojan rat darkcomet

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A

Sets file to hidden

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
File created C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
File created C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
File created C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\ C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
File created C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n C:\Windows\SysWOW64\attrib.exe N/A
File created C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\attrib.exe N/A
File created C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A

Enumerates physical storage devices

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: 34 N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2944 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2944 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2944 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2944 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2944 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2944 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2944 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2944 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2944 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2944 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2944 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2944 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2152 wrote to memory of 2688 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 2152 wrote to memory of 2688 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 2152 wrote to memory of 2688 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 2152 wrote to memory of 2688 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 2620 wrote to memory of 2648 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 2620 wrote to memory of 2648 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 2620 wrote to memory of 2648 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 2620 wrote to memory of 2648 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 2704 wrote to memory of 2500 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2704 wrote to memory of 2500 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2704 wrote to memory of 2500 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2704 wrote to memory of 2500 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2944 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe
PID 2944 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe
PID 2944 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe
PID 2944 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe
PID 2772 wrote to memory of 2164 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\cmd.exe
PID 2772 wrote to memory of 2164 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\cmd.exe
PID 2772 wrote to memory of 2164 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\cmd.exe
PID 2772 wrote to memory of 2164 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\cmd.exe
PID 2772 wrote to memory of 2392 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\cmd.exe
PID 2772 wrote to memory of 2392 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\cmd.exe
PID 2772 wrote to memory of 2392 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\cmd.exe
PID 2772 wrote to memory of 2392 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\cmd.exe
PID 2772 wrote to memory of 3044 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\cmd.exe
PID 2772 wrote to memory of 3044 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\cmd.exe
PID 2772 wrote to memory of 3044 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\cmd.exe
PID 2772 wrote to memory of 3044 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\cmd.exe
PID 2164 wrote to memory of 2472 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 2164 wrote to memory of 2472 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 2164 wrote to memory of 2472 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 2164 wrote to memory of 2472 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 2392 wrote to memory of 668 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 2392 wrote to memory of 668 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 2392 wrote to memory of 668 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 2392 wrote to memory of 668 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 3044 wrote to memory of 264 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 3044 wrote to memory of 264 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 3044 wrote to memory of 264 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 3044 wrote to memory of 264 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2772 wrote to memory of 360 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe
PID 2772 wrote to memory of 360 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe
PID 2772 wrote to memory of 360 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe
PID 2772 wrote to memory of 360 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe
PID 360 wrote to memory of 2744 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\cmd.exe
PID 360 wrote to memory of 2744 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\cmd.exe
PID 360 wrote to memory of 2744 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\cmd.exe
PID 360 wrote to memory of 2744 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\cmd.exe
PID 360 wrote to memory of 2912 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\cmd.exe
PID 360 wrote to memory of 2912 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\cmd.exe
PID 360 wrote to memory of 2912 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\cmd.exe
PID 360 wrote to memory of 2912 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\cmd.exe

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Users\Admin\AppData\Local\Temp" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Users\Admin\AppData\Local\Temp" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1219868113131276652161157233658761884-1109826050-1743069897776018711-973131222"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "139995114217929654751676206185-123182235911359282071501032760230184974-26677344"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-937545190-915182227680500957592438033-4532210041041062849-187039428811065792"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1255471525140236968718937381862106289768-1007623939-1815543936-207560546412024509"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1603099653-543387415281859560-17176998331509276072027973000910251556908883153"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\system32\wbem\WMIADAP.EXE

wmiadap.exe /F /T /R

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "16029401221662482759-721063335-115552461912803605-1437466259-480946679-1016727679"

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1026632082-705442210-423712105-1779128356-135564209410155790721719795846-1349181689"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "12712349415234267946265090957988868527737811-6695096471588230662-1341209984"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "15306597381737912580-1327251835-73988955321870672-19244622421286816247-1651415117"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "205761587815292295165082156401142743532-10756027911393328668-2085737968-263137915"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-503577456591598617-1393094802421517455299983071422816738-1246060889-199587865"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-798066416-17095123391768989104-1911167613144184371117286652541934730773-81527484"

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-293199048-4307466366479370932660417641342830058-2001098170-543184720704460167"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "2022262830-518378629-125569190-19535820101217301167-1560475593-19356353221591338012"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1886163975961642642731141980203643463-126290299020411373991650137480-1138918460"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "41954455212712342181985349073461638591416949587104669057311583977261280579268"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-703651459-688743415-6987499501624695598-196340776438708328-19144223521981144922"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-2003931014-1752553701-523362829-1863015549-1629347063-451650991291885567449624067"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

Network

N/A

Files

memory/2944-0-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/2944-1-0x0000000000240000-0x0000000000241000-memory.dmp

\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

MD5 0975b9801f11cfcffe33e71abb517357
SHA1 e82081d4fba866c085ca353d4a225b9aa6f90647
SHA256 82c8702c12b5d967f4447c2a257435682e15a61be76128563b04956e800c8e24
SHA512 8e00da88db17a83c934fdeececd76b77d7a1e6b7a2cc00b2b45eb8a8754f4cd421cbf212983bf4975edeea22637236ea938857029f6887b2fde5701f61a2baec

memory/2944-11-0x0000000003CE0000-0x0000000003DC6000-memory.dmp

memory/2944-14-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/2772-25-0x00000000050A0000-0x0000000005186000-memory.dmp

memory/2772-26-0x00000000050A0000-0x0000000005186000-memory.dmp

memory/2772-29-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/360-30-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/2812-46-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/360-45-0x0000000003D70000-0x0000000003E56000-memory.dmp

memory/360-44-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/360-43-0x0000000003D70000-0x0000000003E56000-memory.dmp

memory/1776-60-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/2812-59-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/1776-73-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/1252-74-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/1252-88-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/2572-89-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/1252-86-0x0000000004F70000-0x0000000005056000-memory.dmp

\??\PIPE\srvsvc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2572-102-0x0000000004E90000-0x0000000004F76000-memory.dmp

memory/1744-105-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/2572-103-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/1744-109-0x0000000004FA0000-0x0000000005086000-memory.dmp

memory/1744-113-0x0000000004FA0000-0x0000000005086000-memory.dmp

memory/1744-112-0x00000000778E0000-0x00000000779DA000-memory.dmp

memory/1744-111-0x00000000777C0000-0x00000000778DF000-memory.dmp

memory/1744-115-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/1912-126-0x0000000003BC0000-0x0000000003CA6000-memory.dmp

memory/1704-129-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/1912-128-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/1704-144-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/1704-142-0x0000000004E60000-0x0000000004F46000-memory.dmp

memory/1704-141-0x0000000004E60000-0x0000000004F46000-memory.dmp

memory/2812-157-0x0000000004F60000-0x0000000005046000-memory.dmp

memory/2812-155-0x0000000004F60000-0x0000000005046000-memory.dmp

memory/2812-159-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/1844-174-0x0000000005020000-0x0000000005106000-memory.dmp

memory/1844-173-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/1844-172-0x0000000005020000-0x0000000005106000-memory.dmp

memory/796-188-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/796-187-0x00000000050D0000-0x00000000051B6000-memory.dmp

memory/572-200-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/1376-204-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/572-202-0x0000000004F80000-0x0000000005066000-memory.dmp

memory/572-201-0x0000000004F80000-0x0000000005066000-memory.dmp

memory/1376-215-0x0000000005120000-0x0000000005206000-memory.dmp

memory/1376-216-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/2460-226-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/2460-225-0x0000000003B20000-0x0000000003C06000-memory.dmp

memory/2528-237-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/2528-236-0x0000000003C10000-0x0000000003CF6000-memory.dmp

memory/2528-235-0x0000000003C10000-0x0000000003CF6000-memory.dmp

memory/1496-242-0x0000000005050000-0x0000000005136000-memory.dmp

memory/2200-248-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/1496-247-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/2200-257-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/3024-258-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/3024-269-0x0000000003C00000-0x0000000003CE6000-memory.dmp

memory/3024-268-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/3024-267-0x0000000003C00000-0x0000000003CE6000-memory.dmp

memory/1708-279-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/2676-278-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/1708-288-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/2064-289-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/2064-298-0x0000000004F60000-0x0000000005046000-memory.dmp

memory/2064-297-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/3120-300-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/2064-299-0x0000000004F60000-0x0000000005046000-memory.dmp

memory/3324-312-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/3120-311-0x0000000003BD0000-0x0000000003CB6000-memory.dmp

memory/3120-310-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/3120-309-0x0000000003BD0000-0x0000000003CB6000-memory.dmp

memory/3324-320-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/3024-324-0x0000000003C00000-0x0000000003CE6000-memory.dmp

memory/3540-323-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/3324-322-0x0000000004F60000-0x0000000005046000-memory.dmp

memory/3324-321-0x0000000004F60000-0x0000000005046000-memory.dmp

memory/3540-332-0x00000000050E0000-0x00000000051C6000-memory.dmp

memory/3540-336-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/3756-334-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/3540-333-0x00000000050E0000-0x00000000051C6000-memory.dmp

memory/3756-345-0x0000000005000000-0x00000000050E6000-memory.dmp

memory/3756-346-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/3964-354-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/3076-356-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/3964-355-0x0000000004FF0000-0x00000000050D6000-memory.dmp

memory/3076-364-0x0000000004FD0000-0x00000000050B6000-memory.dmp

memory/3076-367-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/3076-366-0x0000000004FD0000-0x00000000050B6000-memory.dmp

memory/3316-376-0x0000000003BA0000-0x0000000003C86000-memory.dmp

memory/3316-378-0x0000000003BA0000-0x0000000003C86000-memory.dmp

memory/3316-377-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/3644-387-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/3808-388-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/3808-397-0x0000000004FF0000-0x00000000050D6000-memory.dmp

memory/3160-401-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/3964-400-0x0000000004FF0000-0x00000000050D6000-memory.dmp

memory/3808-399-0x0000000004FF0000-0x00000000050D6000-memory.dmp

memory/3808-398-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/3160-411-0x0000000003BC0000-0x0000000003CA6000-memory.dmp

memory/3076-409-0x0000000004FD0000-0x00000000050B6000-memory.dmp

memory/3160-412-0x0000000003BC0000-0x0000000003CA6000-memory.dmp

memory/1020-472-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/3324-480-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/4116-488-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/4308-496-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/4500-504-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/4696-512-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/4896-520-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/5088-529-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/4284-537-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/4528-545-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/4736-553-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/4948-561-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/5076-569-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/4576-577-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/4904-585-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/5084-593-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/4256-601-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/5068-609-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/4544-617-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/4524-625-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/4284-633-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/5128-641-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/5328-649-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/5524-657-0x0000000000400000-0x00000000004E6000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-20 21:30

Reported

2024-06-20 21:33

Platform

win10v2004-20240508-en

Max time kernel

45s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe"

Signatures

Darkcomet

trojan rat darkcomet

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe,C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A

Sets file to hidden

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer = "C:\\Windows\\System32\\vP1F4l1wM86n\\vP1F4l1wM86n\\explorer.exe" C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\attrib.exe N/A
File created C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
File created C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n C:\Windows\SysWOW64\attrib.exe N/A
File created C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n C:\Windows\SysWOW64\attrib.exe N/A
File created C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
File created C:\Windows\SysWOW64\explorer.exe C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\attrib.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
File opened for modification C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: 34 N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: 36 N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: 36 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2948 wrote to memory of 640 N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2948 wrote to memory of 640 N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2948 wrote to memory of 640 N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2948 wrote to memory of 380 N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2948 wrote to memory of 380 N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2948 wrote to memory of 380 N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2948 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2948 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2948 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 380 wrote to memory of 3576 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\Conhost.exe
PID 380 wrote to memory of 3576 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\Conhost.exe
PID 380 wrote to memory of 3576 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\Conhost.exe
PID 640 wrote to memory of 1748 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 640 wrote to memory of 1748 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 640 wrote to memory of 1748 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 3204 wrote to memory of 1828 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 3204 wrote to memory of 1828 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 3204 wrote to memory of 1828 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2948 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe
PID 2948 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe
PID 2948 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe
PID 4704 wrote to memory of 4036 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\cmd.exe
PID 4704 wrote to memory of 4036 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\cmd.exe
PID 4704 wrote to memory of 4036 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\cmd.exe
PID 4704 wrote to memory of 2488 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\cmd.exe
PID 4704 wrote to memory of 2488 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\cmd.exe
PID 4704 wrote to memory of 2488 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\cmd.exe
PID 4704 wrote to memory of 4216 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\cmd.exe
PID 4704 wrote to memory of 4216 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\cmd.exe
PID 4704 wrote to memory of 4216 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\cmd.exe
PID 2488 wrote to memory of 1032 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 2488 wrote to memory of 1032 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 2488 wrote to memory of 1032 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 4036 wrote to memory of 1144 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 4036 wrote to memory of 1144 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 4036 wrote to memory of 1144 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 4216 wrote to memory of 1212 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 4216 wrote to memory of 1212 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 4216 wrote to memory of 1212 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 4704 wrote to memory of 3144 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\System32\Conhost.exe
PID 4704 wrote to memory of 3144 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\System32\Conhost.exe
PID 4704 wrote to memory of 3144 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\System32\Conhost.exe
PID 3144 wrote to memory of 3644 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\cmd.exe
PID 3144 wrote to memory of 3644 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\cmd.exe
PID 3144 wrote to memory of 3644 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\cmd.exe
PID 3144 wrote to memory of 1200 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\cmd.exe
PID 3144 wrote to memory of 1200 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\cmd.exe
PID 3144 wrote to memory of 1200 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\cmd.exe
PID 3144 wrote to memory of 5000 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\cmd.exe
PID 3144 wrote to memory of 5000 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\cmd.exe
PID 3144 wrote to memory of 5000 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\cmd.exe
PID 3644 wrote to memory of 3628 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 3644 wrote to memory of 3628 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 3644 wrote to memory of 3628 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 1200 wrote to memory of 3048 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 5000 wrote to memory of 1712 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\Conhost.exe
PID 1200 wrote to memory of 3048 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 1200 wrote to memory of 3048 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\attrib.exe
PID 5000 wrote to memory of 1712 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\Conhost.exe
PID 5000 wrote to memory of 1712 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\Conhost.exe
PID 3144 wrote to memory of 3672 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe
PID 3144 wrote to memory of 3672 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe
PID 3144 wrote to memory of 3672 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe
PID 3672 wrote to memory of 1488 N/A C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe C:\Windows\SysWOW64\cmd.exe

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Users\Admin\AppData\Local\Temp" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Users\Admin\AppData\Local\Temp" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Users\Admin\AppData\Local\Temp\0975b9801f11cfcffe33e71abb517357_JaffaCakes118.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

"C:\Windows\System32\vP1F4l1wM86n\explorer.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 4 && del "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\vP1F4l1wM86n" +s +h

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 4

C:\Windows\System32\WaaSMedicAgent.exe

C:\Windows\System32\WaaSMedicAgent.exe e481c46d8d771964f4131abbb2b2083e pZGRZqlxcUaqjnXG2cPlkw.0.1.0.0.0

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/2948-0-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/2948-1-0x0000000002400000-0x0000000002401000-memory.dmp

C:\Windows\SysWOW64\vP1F4l1wM86n\explorer.exe

MD5 0975b9801f11cfcffe33e71abb517357
SHA1 e82081d4fba866c085ca353d4a225b9aa6f90647
SHA256 82c8702c12b5d967f4447c2a257435682e15a61be76128563b04956e800c8e24
SHA512 8e00da88db17a83c934fdeececd76b77d7a1e6b7a2cc00b2b45eb8a8754f4cd421cbf212983bf4975edeea22637236ea938857029f6887b2fde5701f61a2baec

memory/2948-63-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/4704-125-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/3144-126-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/3144-187-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/3672-249-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/4104-311-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/2668-312-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/2668-374-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/620-375-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/620-437-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/5036-438-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/5036-500-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/2652-501-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/2652-563-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/3288-625-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/3620-687-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/1964-749-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/5368-810-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/5844-872-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/5232-934-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/1524-996-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/5556-997-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/5556-1059-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/5872-1121-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/5600-1122-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/5600-1184-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/5304-1246-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/5588-1308-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/6884-1371-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/6368-1370-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/6884-1432-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/6304-1433-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/6304-1493-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/6900-1494-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/6544-1555-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/6900-1554-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/6544-1614-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/5196-1615-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/5196-1675-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/5360-1676-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/5360-1736-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/7076-1737-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/7076-1796-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/7360-1856-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/7832-1857-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/7832-1917-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/6364-1977-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/7808-1978-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/7808-2038-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/6544-2039-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/6544-2098-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/8084-2158-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/7868-2218-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/8120-2219-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/8120-2279-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/7364-2280-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/7364-2340-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/8364-2342-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/7076-2341-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/8364-2402-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/8844-2401-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/8844-2462-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/6544-2463-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/6544-2523-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/7776-2524-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/7776-2584-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/6888-2585-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/6888-2645-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/9180-2704-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/9108-2705-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/9108-2765-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/8040-2824-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/9360-2884-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/9824-2945-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/9096-2944-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/9096-3004-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/9728-3064-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/9332-3124-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/10152-3125-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/10152-3184-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/10136-3244-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/9688-3304-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/10912-3365-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/10432-3364-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/10912-3425-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/10136-3426-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/10136-3486-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/10748-3545-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/8636-3604-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/10472-3606-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/8636-3665-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/10052-3725-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/11104-3726-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/11104-3786-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/10116-3846-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/10448-3906-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/10260-3967-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/1968-3966-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/1968-4027-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/11484-4087-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/11960-4088-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/11348-4149-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/11960-4148-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/11348-4209-0x0000000000400000-0x00000000004E6000-memory.dmp

memory/11948-4269-0x0000000000400000-0x00000000004E6000-memory.dmp