darkcomet | e607408e4c002676eb8c7f1a61f5a2c1d2c52b262ca98f71e5218297ccc96bc1

Analysis

max time kernel
71s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
26/11/2024, 19:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe
Size

660KB
MD5

a39e406a9096eafa928a424f806c7282
SHA1

1e5ab6834818e098b27c1c0ed616a8456ee40dcc
SHA256

e607408e4c002676eb8c7f1a61f5a2c1d2c52b262ca98f71e5218297ccc96bc1
SHA512

b373670d309f7787b7a64d0db7bacd8bfb4d9695a96c9cc10d190b78ea0c3947954a1dcd4be352eb193a3c377f3c51f34387833d16c0f3b79d4189611a4839b5
SSDEEP

12288:UXhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuMkMh/fy452UY:CnAw2WWeFcfbP9VPSPMTSPL/rWvzq4JI

Score

10^/10

darkcomet bygolge discovery evasion persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

ByGolge

haybensenin3.zapto.org:1604

Mutex

DC_MUTEX-NXLR9FFS8Z5SQ8W8S5F5T5G5H5Y9Y8Y4H5G2A2S5DQ8W7Z92NNG2YZ1Q

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
MBzeYmsBiawB
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet
Darkcomet family
darkcomet

Modifies WinLogon for persistence 2 TTPs 64 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe,C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe

Sets file to hidden 1 TTPs 64 IoCs

Modifies file attributes to stop it showing in Explorer etc.

evasion

Hidden Files and Directories

T1564.001

pid	Process
3172	attrib.exe
3020	attrib.exe
6948	attrib.exe
7468	attrib.exe
7792	attrib.exe
7996	attrib.exe
9876	attrib.exe
10824	attrib.exe
10160	attrib.exe
7580	attrib.exe
4112	attrib.exe
1400	attrib.exe
2332	attrib.exe
1980	attrib.exe
2836	attrib.exe
3764	attrib.exe
11564	attrib.exe
13236	attrib.exe
12532	attrib.exe
3940	attrib.exe
6148	attrib.exe
8828	attrib.exe
4400	attrib.exe
12024	attrib.exe
12480	attrib.exe
13068	attrib.exe
8048	attrib.exe
9724	attrib.exe
1704	attrib.exe
8220	attrib.exe
11864	attrib.exe
12776	attrib.exe
796	attrib.exe
5140	attrib.exe
7044	attrib.exe
7740	attrib.exe
10208	attrib.exe
4492	attrib.exe
14048	attrib.exe
8372	attrib.exe
3708	attrib.exe
8972	attrib.exe
8440	attrib.exe
9284	attrib.exe
10384	attrib.exe
10864	attrib.exe
8000	attrib.exe
5552	attrib.exe
11920	attrib.exe
14216	attrib.exe
1332	attrib.exe
5448	attrib.exe
6900	attrib.exe
10592	attrib.exe
13324	attrib.exe
7988	attrib.exe
8676	attrib.exe
3228	attrib.exe
7008	attrib.exe
12632	attrib.exe
7276	attrib.exe
13740	attrib.exe
8704	attrib.exe
9140	attrib.exe

Checks computer location settings 2 TTPs 64 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	msdcsc.exe

Deletes itself 1 IoCs

pid	Process
4832	notepad.exe

Executes dropped EXE 64 IoCs

pid	Process
1520	msdcsc.exe
996	msdcsc.exe
2708	msdcsc.exe
5052	msdcsc.exe
1020	msdcsc.exe
5032	msdcsc.exe
1336	msdcsc.exe
1568	msdcsc.exe
4420	msdcsc.exe
220	msdcsc.exe
3056	msdcsc.exe
4612	msdcsc.exe
1172	msdcsc.exe
5032	msdcsc.exe
2640	msdcsc.exe
4548	msdcsc.exe
4924	msdcsc.exe
2680	msdcsc.exe
1440	msdcsc.exe
5160	msdcsc.exe
5316	msdcsc.exe
5468	msdcsc.exe
5620	msdcsc.exe
5768	msdcsc.exe
5916	msdcsc.exe
6116	msdcsc.exe
5200	msdcsc.exe
5608	msdcsc.exe
5904	msdcsc.exe
4444	msdcsc.exe
6116	msdcsc.exe
5468	msdcsc.exe
432	msdcsc.exe
5916	msdcsc.exe
6164	msdcsc.exe
6328	msdcsc.exe
6472	msdcsc.exe
6620	msdcsc.exe
6764	msdcsc.exe
6916	msdcsc.exe
7060	msdcsc.exe
2372	msdcsc.exe
6344	msdcsc.exe
6640	msdcsc.exe
6936	msdcsc.exe
6332	msdcsc.exe
6656	msdcsc.exe
5932	msdcsc.exe
7192	msdcsc.exe
7340	msdcsc.exe
7484	msdcsc.exe
7632	msdcsc.exe
7828	msdcsc.exe
8008	msdcsc.exe
8168	msdcsc.exe
7200	msdcsc.exe
7492	msdcsc.exe
7892	msdcsc.exe
8028	msdcsc.exe
7528	msdcsc.exe
7492	msdcsc.exe
6304	msdcsc.exe
7212	msdcsc.exe
3952	msdcsc.exe

Adds Run key to start application 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\MBzeYmsBiawB\\MBzeYmsBiawB\\msdcsc.exe"	msdcsc.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\msdcsc.exe	msdcsc.exe
File opened for modification	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\	msdcsc.exe
File created	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	msdcsc.exe
File opened for modification	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\	msdcsc.exe
File opened for modification	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\	msdcsc.exe
File opened for modification	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	attrib.exe
File created	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	msdcsc.exe
File created	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\msdcsc.exe	msdcsc.exe
File opened for modification	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	attrib.exe
File created	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	msdcsc.exe
File opened for modification	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	attrib.exe
File created	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\msdcsc.exe	msdcsc.exe
File opened for modification	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	msdcsc.exe
File opened for modification	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	msdcsc.exe
File opened for modification	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\msdcsc.exe	attrib.exe
File created	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\msdcsc.exe	msdcsc.exe
File created	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	msdcsc.exe
File opened for modification	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\	msdcsc.exe
File opened for modification	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\	msdcsc.exe
File opened for modification	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	msdcsc.exe
File opened for modification	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	msdcsc.exe
File created	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\msdcsc.exe	msdcsc.exe
File opened for modification	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	msdcsc.exe
File opened for modification	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	attrib.exe
File created	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\msdcsc.exe	msdcsc.exe
File opened for modification	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	msdcsc.exe
File created	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\msdcsc.exe	msdcsc.exe
File created	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	msdcsc.exe
File opened for modification	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	attrib.exe
File created	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\msdcsc.exe	msdcsc.exe
File created	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\msdcsc.exe	msdcsc.exe
File opened for modification	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	msdcsc.exe
File opened for modification	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	msdcsc.exe
File opened for modification	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	msdcsc.exe
File created	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\msdcsc.exe	msdcsc.exe
File opened for modification	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\	msdcsc.exe
File created	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	msdcsc.exe
File created	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\msdcsc.exe	msdcsc.exe
File opened for modification	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\	msdcsc.exe
File created	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	msdcsc.exe
File opened for modification	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	attrib.exe
File created	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	msdcsc.exe
File opened for modification	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	msdcsc.exe
File opened for modification	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\	msdcsc.exe
File opened for modification	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	attrib.exe
File created	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	msdcsc.exe
File opened for modification	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	msdcsc.exe
File created	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	msdcsc.exe
File opened for modification	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	msdcsc.exe
File created	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	msdcsc.exe
File opened for modification	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\	msdcsc.exe
File opened for modification	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	attrib.exe
File created	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	msdcsc.exe
File created	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	msdcsc.exe
File opened for modification	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	attrib.exe
File created	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	msdcsc.exe
File created	C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe	msdcsc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msdcsc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msdcsc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msdcsc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msdcsc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msdcsc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msdcsc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msdcsc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msdcsc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msdcsc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msdcsc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msdcsc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msdcsc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msdcsc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msdcsc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msdcsc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msdcsc.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe
Token: SeSecurityPrivilege	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe
Token: SeTakeOwnershipPrivilege	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe
Token: SeLoadDriverPrivilege	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe
Token: SeSystemProfilePrivilege	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe
Token: SeSystemtimePrivilege	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe
Token: SeProfSingleProcessPrivilege	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe
Token: SeCreatePagefilePrivilege	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe
Token: SeBackupPrivilege	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe
Token: SeRestorePrivilege	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe
Token: SeShutdownPrivilege	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe
Token: SeDebugPrivilege	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe
Token: SeSystemEnvironmentPrivilege	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe
Token: SeChangeNotifyPrivilege	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe
Token: SeRemoteShutdownPrivilege	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe
Token: SeUndockPrivilege	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe
Token: SeManageVolumePrivilege	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe
Token: SeImpersonatePrivilege	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe
Token: SeCreateGlobalPrivilege	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe
Token: 33	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe
Token: 34	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe
Token: 35	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe
Token: 36	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe
Token: SeIncreaseQuotaPrivilege	1520	msdcsc.exe
Token: SeSecurityPrivilege	1520	msdcsc.exe
Token: SeTakeOwnershipPrivilege	1520	msdcsc.exe
Token: SeLoadDriverPrivilege	1520	msdcsc.exe
Token: SeSystemProfilePrivilege	1520	msdcsc.exe
Token: SeSystemtimePrivilege	1520	msdcsc.exe
Token: SeProfSingleProcessPrivilege	1520	msdcsc.exe
Token: SeIncBasePriorityPrivilege	1520	msdcsc.exe
Token: SeCreatePagefilePrivilege	1520	msdcsc.exe
Token: SeBackupPrivilege	1520	msdcsc.exe
Token: SeRestorePrivilege	1520	msdcsc.exe
Token: SeShutdownPrivilege	1520	msdcsc.exe
Token: SeDebugPrivilege	1520	msdcsc.exe
Token: SeSystemEnvironmentPrivilege	1520	msdcsc.exe
Token: SeChangeNotifyPrivilege	1520	msdcsc.exe
Token: SeRemoteShutdownPrivilege	1520	msdcsc.exe
Token: SeUndockPrivilege	1520	msdcsc.exe
Token: SeManageVolumePrivilege	1520	msdcsc.exe
Token: SeImpersonatePrivilege	1520	msdcsc.exe
Token: SeCreateGlobalPrivilege	1520	msdcsc.exe
Token: 33	1520	msdcsc.exe
Token: 34	1520	msdcsc.exe
Token: 35	1520	msdcsc.exe
Token: 36	1520	msdcsc.exe
Token: SeIncreaseQuotaPrivilege	996	msdcsc.exe
Token: SeSecurityPrivilege	996	msdcsc.exe
Token: SeTakeOwnershipPrivilege	996	msdcsc.exe
Token: SeLoadDriverPrivilege	996	msdcsc.exe
Token: SeSystemProfilePrivilege	996	msdcsc.exe
Token: SeSystemtimePrivilege	996	msdcsc.exe
Token: SeProfSingleProcessPrivilege	996	msdcsc.exe
Token: SeIncBasePriorityPrivilege	996	msdcsc.exe
Token: SeCreatePagefilePrivilege	996	msdcsc.exe
Token: SeBackupPrivilege	996	msdcsc.exe
Token: SeRestorePrivilege	996	msdcsc.exe
Token: SeShutdownPrivilege	996	msdcsc.exe
Token: SeDebugPrivilege	996	msdcsc.exe
Token: SeSystemEnvironmentPrivilege	996	msdcsc.exe
Token: SeChangeNotifyPrivilege	996	msdcsc.exe
Token: SeRemoteShutdownPrivilege	996	msdcsc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 4940	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe	83
PID 1736 wrote to memory of 4940	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe	83
PID 1736 wrote to memory of 4940	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe	83
PID 1736 wrote to memory of 4832	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe	84
PID 1736 wrote to memory of 4832	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe	84
PID 1736 wrote to memory of 4832	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe	84
PID 1736 wrote to memory of 4832	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe	84
PID 1736 wrote to memory of 4832	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe	84
PID 1736 wrote to memory of 4832	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe	84
PID 1736 wrote to memory of 4832	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe	84
PID 1736 wrote to memory of 4832	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe	84
PID 1736 wrote to memory of 4832	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe	84
PID 1736 wrote to memory of 4832	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe	84
PID 1736 wrote to memory of 4832	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe	84
PID 1736 wrote to memory of 4832	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe	84
PID 1736 wrote to memory of 4832	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe	84
PID 1736 wrote to memory of 4832	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe	84
PID 1736 wrote to memory of 4832	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe	84
PID 1736 wrote to memory of 4832	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe	84
PID 1736 wrote to memory of 4832	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe	84
PID 4940 wrote to memory of 3020	4940	cmd.exe	86
PID 4940 wrote to memory of 3020	4940	cmd.exe	86
PID 4940 wrote to memory of 3020	4940	cmd.exe	86
PID 1736 wrote to memory of 1520	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe	87
PID 1736 wrote to memory of 1520	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe	87
PID 1736 wrote to memory of 1520	1736	a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe	87
PID 1520 wrote to memory of 5080	1520	msdcsc.exe	88
PID 1520 wrote to memory of 5080	1520	msdcsc.exe	88
PID 1520 wrote to memory of 5080	1520	msdcsc.exe	88
PID 1520 wrote to memory of 1692	1520	msdcsc.exe	89
PID 1520 wrote to memory of 1692	1520	msdcsc.exe	89
PID 1520 wrote to memory of 1692	1520	msdcsc.exe	89
PID 1520 wrote to memory of 1692	1520	msdcsc.exe	89
PID 1520 wrote to memory of 1692	1520	msdcsc.exe	89
PID 1520 wrote to memory of 1692	1520	msdcsc.exe	89
PID 1520 wrote to memory of 1692	1520	msdcsc.exe	89
PID 1520 wrote to memory of 1692	1520	msdcsc.exe	89
PID 1520 wrote to memory of 1692	1520	msdcsc.exe	89
PID 1520 wrote to memory of 1692	1520	msdcsc.exe	89
PID 1520 wrote to memory of 1692	1520	msdcsc.exe	89
PID 1520 wrote to memory of 1692	1520	msdcsc.exe	89
PID 1520 wrote to memory of 1692	1520	msdcsc.exe	89
PID 1520 wrote to memory of 1692	1520	msdcsc.exe	89
PID 1520 wrote to memory of 1692	1520	msdcsc.exe	89
PID 1520 wrote to memory of 1692	1520	msdcsc.exe	89
PID 1520 wrote to memory of 1692	1520	msdcsc.exe	89
PID 5080 wrote to memory of 3764	5080	cmd.exe	91
PID 5080 wrote to memory of 3764	5080	cmd.exe	91
PID 5080 wrote to memory of 3764	5080	cmd.exe	91
PID 1520 wrote to memory of 996	1520	msdcsc.exe	92
PID 1520 wrote to memory of 996	1520	msdcsc.exe	92
PID 1520 wrote to memory of 996	1520	msdcsc.exe	92
PID 996 wrote to memory of 708	996	msdcsc.exe	93
PID 996 wrote to memory of 708	996	msdcsc.exe	93
PID 996 wrote to memory of 708	996	msdcsc.exe	93
PID 996 wrote to memory of 3508	996	msdcsc.exe	94
PID 996 wrote to memory of 3508	996	msdcsc.exe	94
PID 996 wrote to memory of 3508	996	msdcsc.exe	94
PID 996 wrote to memory of 3508	996	msdcsc.exe	94
PID 996 wrote to memory of 3508	996	msdcsc.exe	94
PID 996 wrote to memory of 3508	996	msdcsc.exe	94
PID 996 wrote to memory of 3508	996	msdcsc.exe	94
PID 996 wrote to memory of 3508	996	msdcsc.exe	94
PID 996 wrote to memory of 3508	996	msdcsc.exe	94

Views/modifies file attributes 1 TTPs 64 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
8372	attrib.exe
11876	attrib.exe
3764	attrib.exe
7552	attrib.exe
9576	attrib.exe
10592	attrib.exe
13132	attrib.exe
14100	attrib.exe
1400	attrib.exe
7988	attrib.exe
7368	attrib.exe
12964	attrib.exe
4492	attrib.exe
11564	attrib.exe
11920	attrib.exe
1332	attrib.exe
5900	attrib.exe
5492	attrib.exe
7176	attrib.exe
11452	attrib.exe
4400	attrib.exe
6764	attrib.exe
13740	attrib.exe
13680	attrib.exe
3948	attrib.exe
10116	attrib.exe
10708	attrib.exe
13448	attrib.exe
5780	attrib.exe
6948	attrib.exe
7212	attrib.exe
7740	attrib.exe
13776	attrib.exe
14048	attrib.exe
12632	attrib.exe
13132	attrib.exe
14100	attrib.exe
796	attrib.exe
9768	attrib.exe
11568	attrib.exe
12480	attrib.exe
9896	attrib.exe
10160	attrib.exe
13740	attrib.exe
14224	attrib.exe
4796	attrib.exe
9724	attrib.exe
8520	attrib.exe
12024	attrib.exe
10164	attrib.exe
11460	attrib.exe
12776	attrib.exe
13600	attrib.exe
2700	attrib.exe
5300	attrib.exe
7044	attrib.exe
8376	attrib.exe
1016	attrib.exe
2332	attrib.exe
9876	attrib.exe
10536	attrib.exe
2732	attrib.exe
7276	attrib.exe
7580	attrib.exe

C:\Users\Admin\AppData\Local\Temp\a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /k attrib "C:\Users\Admin\AppData\Local\Temp\a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe" +s +h
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4940
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Users\Admin\AppData\Local\Temp\a39e406a9096eafa928a424f806c7282_JaffaCakes118.exe" +s +h
    3⤵
    - Sets file to hidden
    PID:3020
- C:\Windows\SysWOW64\notepad.exe
  notepad
  2⤵
  - Deletes itself
  PID:4832
- C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
  "C:\Windows\system32\MSDCSC\msdcsc.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1520
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\msdcsc.exe" +s +h
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:5080
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\MSDCSC\msdcsc.exe" +s +h
      4⤵
      Sets file to hidden
      Views/modifies file attributes
      PID:3764
- - C:\Windows\SysWOW64\notepad.exe
    notepad
    3⤵
    PID:1692
- - C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\msdcsc.exe
    "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\msdcsc.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:996
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\msdcsc.exe" +s +h
      4⤵
      PID:708
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\msdcsc.exe" +s +h
        5⤵
        Sets file to hidden
        Drops file in System32 directory
        
        PID:4112
  - - C:\Windows\SysWOW64\notepad.exe
      notepad
      4⤵
      System Location Discovery: System Language Discovery
      PID:3508
  - - C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
      "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
      4⤵
      Executes dropped EXE
      Modifies registry class
      PID:2708
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        5⤵
        
        PID:408
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        6⤵
        Views/modifies file attributes
        
        PID:1016
    - - C:\Windows\SysWOW64\notepad.exe
        
        notepad
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4816
    - - C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        5⤵
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:5052
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        6⤵
        
        PID:3636
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        7⤵
        System Location Discovery: System Language Discovery
        Views/modifies file attributes
        
        PID:2700
      - C:\Windows\SysWOW64\notepad.exe
        
        notepad
        6⤵
        
        PID:1708
      - C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        6⤵
        Modifies WinLogon for persistence
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:1020
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        7⤵
        
        PID:2780
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        8⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4644
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        7⤵
        Modifies WinLogon for persistence
        Executes dropped EXE
        Adds Run key to start application
        
        PID:5032
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2536
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        9⤵
        
        PID:5092
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        8⤵
        
        PID:2368
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        8⤵
        Checks computer location settings
        Executes dropped EXE
        Modifies registry class
        
        PID:1336
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2208
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        10⤵
        Sets file to hidden
        System Location Discovery: System Language Discovery
        Views/modifies file attributes
        
        PID:1400
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        9⤵
        
        PID:1772
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        9⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:1568
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        10⤵
        
        PID:3280
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        11⤵
        
        PID:4100
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        10⤵
        
        PID:4920
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        10⤵
        Modifies WinLogon for persistence
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:4420
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        11⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        12⤵
        Sets file to hidden
        
        PID:3708
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        11⤵
        
        PID:3388
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        11⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:220
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        12⤵
        
        PID:3304
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        13⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:2332
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:5056
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        12⤵
        Modifies WinLogon for persistence
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3056
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        13⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        14⤵
        Views/modifies file attributes
        
        PID:4796
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        13⤵
        
        PID:1460
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        13⤵
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:4612
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        14⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        15⤵
        Drops file in System32 directory
        
        PID:1408
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        14⤵
        
        PID:1640
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        14⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1172
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        15⤵
        
        PID:3860
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        16⤵
        
        PID:380
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        15⤵
        
        PID:2376
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        15⤵
        Modifies WinLogon for persistence
        Checks computer location settings
        Executes dropped EXE
        Modifies registry class
        
        PID:5032
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        16⤵
        
        PID:4780
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        17⤵
        
        PID:1336
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        17⤵
        
        PID:4076
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        16⤵
        
        PID:3592
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        16⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:2640
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        17⤵
        
        PID:3448
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:4904
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        17⤵
        
        PID:376
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        17⤵
        Modifies WinLogon for persistence
        Checks computer location settings
        Executes dropped EXE
        Modifies registry class
        
        PID:4548
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        18⤵
        
        PID:2956
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:2708
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        18⤵
        
        PID:4616
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        18⤵
        Modifies WinLogon for persistence
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4924
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        19⤵
        
        PID:3812
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        20⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:1332
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        19⤵
        
        PID:2944
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        19⤵
        Modifies WinLogon for persistence
        Executes dropped EXE
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:2680
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        20⤵
        
        PID:1592
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        21⤵
        
        PID:1568
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        21⤵
        Sets file to hidden
        Drops file in System32 directory
        Views/modifies file attributes
        
        PID:796
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        20⤵
        
        PID:3108
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        20⤵
        Modifies WinLogon for persistence
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        Modifies registry class
        
        PID:1440
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        21⤵
        
        PID:796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        22⤵
        Sets file to hidden
        
        PID:5140
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        21⤵
        
        PID:3200
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        21⤵
        Modifies WinLogon for persistence
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:5160
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        22⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        23⤵
        Views/modifies file attributes
        
        PID:5300
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        22⤵
        
        PID:5224
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        22⤵
        Modifies WinLogon for persistence
        Executes dropped EXE
        Adds Run key to start application
        
        PID:5316
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        23⤵
        
        PID:5368
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        24⤵
        Sets file to hidden
        System Location Discovery: System Language Discovery
        
        PID:5448
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        23⤵
        
        PID:5376
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        23⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:5468
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        24⤵
        
        PID:5520
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        25⤵
        System Location Discovery: System Language Discovery
        
        PID:5600
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        24⤵
        
        PID:5528
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        24⤵
        Modifies WinLogon for persistence
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:5620
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        25⤵
        
        PID:5672
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        26⤵
        
        PID:5752
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        25⤵
        System Location Discovery: System Language Discovery
        
        PID:5680
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        25⤵
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:5768
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        26⤵
        System Location Discovery: System Language Discovery
        
        PID:5820
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        27⤵
        Views/modifies file attributes
        
        PID:5900
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        26⤵
        
        PID:5828
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        26⤵
        Modifies WinLogon for persistence
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:5916
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        27⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        28⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        27⤵
        
        PID:6008
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        27⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        Modifies registry class
        
        PID:6116
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        28⤵
        
        PID:1056
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        29⤵
        
        PID:1440
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        29⤵
        
        PID:5304
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        28⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        28⤵
        Modifies WinLogon for persistence
        Checks computer location settings
        Executes dropped EXE
        Modifies registry class
        
        PID:5200
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        29⤵
        
        PID:5396
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        30⤵
        Drops file in System32 directory
        
        PID:5540
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        29⤵
        
        PID:5460
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        29⤵
        Modifies WinLogon for persistence
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:5608
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        30⤵
        
        PID:5628
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        31⤵
        Views/modifies file attributes
        
        PID:5780
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        30⤵
        
        PID:5692
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        30⤵
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        
        PID:5904
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        31⤵
        
        PID:5768
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        32⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        31⤵
        
        PID:5928
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        31⤵
        Modifies WinLogon for persistence
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4444
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        32⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        33⤵
        
        PID:6120
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        32⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        32⤵
        Modifies WinLogon for persistence
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:6116
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        33⤵
        
        PID:5188
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        34⤵
        Drops file in System32 directory
        Views/modifies file attributes
        
        PID:5492
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        33⤵
        
        PID:5164
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        33⤵
        Modifies WinLogon for persistence
        Executes dropped EXE
        
        PID:5468
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        34⤵
        
        PID:5784
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        35⤵
        
        PID:6120
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        34⤵
        
        PID:5788
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        34⤵
        Modifies WinLogon for persistence
        Checks computer location settings
        Executes dropped EXE
        Modifies registry class
        
        PID:432
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        35⤵
        
        PID:5600
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        36⤵
        Sets file to hidden
        
        PID:3940
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        35⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        35⤵
        Modifies WinLogon for persistence
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        
        PID:5916
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        36⤵
        
        PID:5464
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        37⤵
        Sets file to hidden
        
        PID:6148
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        36⤵
        
        PID:5504
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        36⤵
        Checks computer location settings
        Executes dropped EXE
        Modifies registry class
        
        PID:6164
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        37⤵
        
        PID:6216
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        38⤵
        
        PID:6296
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        37⤵
        System Location Discovery: System Language Discovery
        
        PID:6224
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        37⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:6328
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        38⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        39⤵
        System Location Discovery: System Language Discovery
        
        PID:6456
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        38⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        38⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:6472
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        39⤵
        
        PID:6520
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        40⤵
        Drops file in System32 directory
        
        PID:6600
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        39⤵
        System Location Discovery: System Language Discovery
        
        PID:6528
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        39⤵
        Modifies WinLogon for persistence
        Checks computer location settings
        Executes dropped EXE
        
        PID:6620
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        40⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        41⤵
        
        PID:6748
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        40⤵
        System Location Discovery: System Language Discovery
        
        PID:6676
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        40⤵
        Modifies WinLogon for persistence
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:6764
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        41⤵
        
        PID:6812
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        42⤵
        Sets file to hidden
        
        PID:6900
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        41⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        41⤵
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        Modifies registry class
        
        PID:6916
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        42⤵
        
        PID:6964
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        43⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:7044
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        42⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        42⤵
        Modifies WinLogon for persistence
        Executes dropped EXE
        
        PID:7060
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        43⤵
        System Location Discovery: System Language Discovery
        
        PID:7112
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        44⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        43⤵
        System Location Discovery: System Language Discovery
        
        PID:7120
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        43⤵
        Modifies WinLogon for persistence
        Executes dropped EXE
        Adds Run key to start application
        
        PID:2372
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        44⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        45⤵
        Drops file in System32 directory
        
        PID:6360
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        44⤵
        System Location Discovery: System Language Discovery
        
        PID:6196
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        44⤵
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        Modifies registry class
        
        PID:6344
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        45⤵
        
        PID:6612
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        46⤵
        
        PID:6608
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        45⤵
        
        PID:6504
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        45⤵
        Modifies WinLogon for persistence
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:6640
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        46⤵
        
        PID:6908
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        47⤵
        
        PID:6948
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        46⤵
        System Location Discovery: System Language Discovery
        
        PID:6796
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        46⤵
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:6936
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        47⤵
        
        PID:5604
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        48⤵
        Drops file in System32 directory
        
        PID:6360
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        47⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        47⤵
        Modifies WinLogon for persistence
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:6332
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        48⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        49⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:6948
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        48⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        48⤵
        Modifies WinLogon for persistence
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        Modifies registry class
        
        PID:6656
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        49⤵
        
        PID:6236
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        50⤵
        
        PID:6776
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        49⤵
        
        PID:5916
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        49⤵
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:5932
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        50⤵
        
        PID:6244
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        51⤵
        Views/modifies file attributes
        
        PID:7176
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        50⤵
        
        PID:2372
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        50⤵
        Modifies WinLogon for persistence
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:7192
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        51⤵
        
        PID:7240
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        52⤵
        
        PID:7320
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        51⤵
        System Location Discovery: System Language Discovery
        
        PID:7248
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        51⤵
        Modifies WinLogon for persistence
        Checks computer location settings
        Executes dropped EXE
        
        PID:7340
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        52⤵
        System Location Discovery: System Language Discovery
        
        PID:7388
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        53⤵
        Sets file to hidden
        
        PID:7468
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        52⤵
        
        PID:7396
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        52⤵
        Modifies WinLogon for persistence
        Executes dropped EXE
        Adds Run key to start application
        
        PID:7484
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        53⤵
        
        PID:7532
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        54⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        53⤵
        
        PID:7540
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        53⤵
        Modifies WinLogon for persistence
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        Modifies registry class
        
        PID:7632
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        54⤵
        
        PID:7680
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        55⤵
        Sets file to hidden
        
        PID:7792
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        54⤵
        
        PID:7688
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        54⤵
        Modifies WinLogon for persistence
        Executes dropped EXE
        Adds Run key to start application
        
        PID:7828
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        55⤵
        
        PID:7908
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        56⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:7988
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        55⤵
        
        PID:7916
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        55⤵
        Modifies WinLogon for persistence
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:8008
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        56⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        57⤵
        
        PID:8152
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        56⤵
        System Location Discovery: System Language Discovery
        
        PID:8072
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        56⤵
        Modifies WinLogon for persistence
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        
        PID:8168
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        57⤵
        
        PID:6476
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        58⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        57⤵
        
        PID:6488
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        57⤵
        Modifies WinLogon for persistence
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        Modifies registry class
        
        PID:7200
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        58⤵
        
        PID:7344
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        59⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        59⤵
        
        PID:7524
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        58⤵
        System Location Discovery: System Language Discovery
        
        PID:7384
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        58⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:7492
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        59⤵
        
        PID:7796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        60⤵
        Sets file to hidden
        
        PID:7996
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        59⤵
        
        PID:7800
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        59⤵
        Modifies WinLogon for persistence
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        
        PID:7892
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        60⤵
        System Location Discovery: System Language Discovery
        
        PID:7832
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        61⤵
        Drops file in System32 directory
        
        PID:8012
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        60⤵
        
        PID:8020
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        60⤵
        Modifies WinLogon for persistence
        Executes dropped EXE
        Modifies registry class
        
        PID:8028
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        61⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        62⤵
        Drops file in System32 directory
        Views/modifies file attributes
        
        PID:7552
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        61⤵
        
        PID:3084
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        61⤵
        Checks computer location settings
        Executes dropped EXE
        Modifies registry class
        
        PID:7528
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        62⤵
        System Location Discovery: System Language Discovery
        
        PID:7192
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        63⤵
        
        PID:1804
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        62⤵
        
        PID:7200
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        62⤵
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:7492
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        63⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        64⤵
        System Location Discovery: System Language Discovery
        Views/modifies file attributes
        
        PID:7212
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        63⤵
        
        PID:2484
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        63⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:6304
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        64⤵
        
        PID:664
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        65⤵
        
        PID:7852
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        64⤵
        
        PID:4404
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        64⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        Modifies registry class
        
        PID:7212
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        65⤵
        System Location Discovery: System Language Discovery
        
        PID:7196
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        66⤵
        Views/modifies file attributes
        
        PID:7368
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        65⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        65⤵
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        Modifies registry class
        
        PID:3952
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        66⤵
        
        PID:2320
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        67⤵
        
        PID:7492
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        67⤵
        
        PID:8228
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        66⤵
        
        PID:8056
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        66⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:8244
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        67⤵
        System Location Discovery: System Language Discovery
        
        PID:8296
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        68⤵
        Drops file in System32 directory
        Views/modifies file attributes
        
        PID:8376
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        67⤵
        System Location Discovery: System Language Discovery
        
        PID:8304
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        67⤵
        Modifies WinLogon for persistence
        Adds Run key to start application
        Modifies registry class
        
        PID:8396
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        68⤵
        
        PID:8444
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        69⤵
        
        PID:8524
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        68⤵
        
        PID:8452
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        68⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:8548
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        69⤵
        System Location Discovery: System Language Discovery
        
        PID:8596
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        70⤵
        Sets file to hidden
        
        PID:8676
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        69⤵
        System Location Discovery: System Language Discovery
        
        PID:8604
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        69⤵
        Adds Run key to start application
        Modifies registry class
        
        PID:8688
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        70⤵
        
        PID:8748
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        71⤵
        Sets file to hidden
        
        PID:8828
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        70⤵
        
        PID:8756
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        70⤵
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:8844
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        71⤵
        
        PID:8892
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        72⤵
        Sets file to hidden
        
        PID:8972
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        71⤵
        
        PID:8900
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        71⤵
        Checks computer location settings
        Adds Run key to start application
        
        PID:8988
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        72⤵
        
        PID:9040
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        73⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        72⤵
        
        PID:9048
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        72⤵
        Checks computer location settings
        
        PID:9136
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        73⤵
        System Location Discovery: System Language Discovery
        
        PID:9184
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        74⤵
        
        PID:7472
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        73⤵
        
        PID:9192
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        73⤵
        Checks computer location settings
        Adds Run key to start application
        Modifies registry class
        
        PID:8384
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        74⤵
        
        PID:8404
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        75⤵
        Sets file to hidden
        System Location Discovery: System Language Discovery
        
        PID:8440
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        74⤵
        
        PID:8244
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        74⤵
        Checks computer location settings
        Adds Run key to start application
        
        PID:4648
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        75⤵
        
        PID:8700
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        76⤵
        Sets file to hidden
        
        PID:8704
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        75⤵
        
        PID:8568
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        75⤵
        Modifies WinLogon for persistence
        Adds Run key to start application
        Modifies registry class
        
        PID:8736
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        76⤵
        
        PID:8972
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        77⤵
        
        PID:9124
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        76⤵
        
        PID:8872
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        76⤵
        Checks computer location settings
        Adds Run key to start application
        
        PID:9020
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        77⤵
        
        PID:5444
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        78⤵
        Sets file to hidden
        Drops file in System32 directory
        Views/modifies file attributes
        
        PID:7740
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        77⤵
        
        PID:9204
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        77⤵
        Modifies WinLogon for persistence
        Adds Run key to start application
        Modifies registry class
        
        PID:8276
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        78⤵
        
        PID:8396
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        79⤵
        
        PID:8696
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        78⤵
        
        PID:8564
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        78⤵
        Adds Run key to start application
        Modifies registry class
        
        PID:8292
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        79⤵
        
        PID:4648
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        80⤵
        
        PID:8736
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        79⤵
        
        PID:5896
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        79⤵
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:6080
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        80⤵
        
        PID:9008
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        81⤵
        Sets file to hidden
        
        PID:9140
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        80⤵
        
        PID:9016
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        80⤵
        Modifies WinLogon for persistence
        Checks computer location settings
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:5596
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        81⤵
        
        PID:6036
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        82⤵
        
        PID:9152
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        81⤵
        
        PID:2380
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        81⤵
        Modifies WinLogon for persistence
        
        PID:5248
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        82⤵
        
        PID:8616
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        83⤵
        
        PID:9140
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        83⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        82⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        82⤵
        Checks computer location settings
        Adds Run key to start application
        Drops file in System32 directory
        Modifies registry class
        
        PID:5388
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        83⤵
        
        PID:3924
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        84⤵
        Sets file to hidden
        Drops file in System32 directory
        
        PID:9284
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        83⤵
        
        PID:9164
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        83⤵
        Checks computer location settings
        Modifies registry class
        
        PID:9304
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        84⤵
        
        PID:9352
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        85⤵
        
        PID:9432
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        84⤵
        
        PID:9360
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        84⤵
        Modifies registry class
        
        PID:9448
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        85⤵
        
        PID:9496
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        86⤵
        Drops file in System32 directory
        Views/modifies file attributes
        
        PID:9576
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        85⤵
        
        PID:9504
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        85⤵
        Modifies WinLogon for persistence
        Adds Run key to start application
        Modifies registry class
        
        PID:9592
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        86⤵
        
        PID:9644
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        87⤵
        Sets file to hidden
        System Location Discovery: System Language Discovery
        Views/modifies file attributes
        
        PID:9724
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        86⤵
        
        PID:9652
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        86⤵
        Adds Run key to start application
        
        PID:9740
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        87⤵
        
        PID:9788
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        88⤵
        
        PID:9868
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        87⤵
        System Location Discovery: System Language Discovery
        
        PID:9796
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        87⤵
        Modifies WinLogon for persistence
        Checks computer location settings
        Adds Run key to start application
        Modifies registry class
        
        PID:9888
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        88⤵
        
        PID:9936
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        89⤵
        Drops file in System32 directory
        
        PID:10016
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        88⤵
        
        PID:9944
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        88⤵
        Modifies WinLogon for persistence
        Adds Run key to start application
        Modifies registry class
        
        PID:10032
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        89⤵
        
        PID:10084
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        90⤵
        Views/modifies file attributes
        
        PID:10164
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        89⤵
        
        PID:10092
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        89⤵
        Modifies WinLogon for persistence
        Checks computer location settings
        Adds Run key to start application
        
        PID:10184
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        90⤵
        
        PID:10232
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        91⤵
        Sets file to hidden
        
        PID:1980
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        90⤵
        
        PID:8684
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        90⤵
        Modifies WinLogon for persistence
        Adds Run key to start application
        Modifies registry class
        
        PID:9380
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        91⤵
        
        PID:9320
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        92⤵
        
        PID:9464
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        91⤵
        
        PID:9308
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        91⤵
        Checks computer location settings
        Adds Run key to start application
        Modifies registry class
        
        PID:9488
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        92⤵
        
        PID:9724
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        93⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:9876
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        92⤵
        
        PID:9624
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        92⤵
        Modifies WinLogon for persistence
        System Location Discovery: System Language Discovery
        
        PID:9764
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        93⤵
        
        PID:9956
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        94⤵
        System Location Discovery: System Language Discovery
        Views/modifies file attributes
        
        PID:9896
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        93⤵
        
        PID:10020
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        93⤵
        Modifies WinLogon for persistence
        Checks computer location settings
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:9884
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        94⤵
        System Location Discovery: System Language Discovery
        
        PID:10080
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        95⤵
        Sets file to hidden
        
        PID:10208
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        94⤵
        
        PID:10052
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        94⤵
        Checks computer location settings
        Adds Run key to start application
        
        PID:10224
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        95⤵
        System Location Discovery: System Language Discovery
        
        PID:9600
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        96⤵
        
        PID:9432
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        96⤵
        Views/modifies file attributes
        
        PID:9768
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        95⤵
        
        PID:9464
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        95⤵
        Modifies WinLogon for persistence
        Modifies registry class
        
        PID:4308
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        96⤵
        
        PID:7820
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        97⤵
        
        PID:9888
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        97⤵
        
        PID:10104
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        96⤵
        
        PID:10016
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        96⤵
        Modifies WinLogon for persistence
        Checks computer location settings
        Adds Run key to start application
        
        PID:10200
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        97⤵
        
        PID:10060
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        98⤵
        
        PID:10220
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        97⤵
        
        PID:10056
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        97⤵
        Checks computer location settings
        Adds Run key to start application
        Modifies registry class
        
        PID:6252
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        98⤵
        
        PID:9672
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        99⤵
        
        PID:10176
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        98⤵
        
        PID:9448
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        98⤵
        Checks computer location settings
        Modifies registry class
        
        PID:6748
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        99⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        100⤵
        
        PID:6952
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        99⤵
        
        PID:10176
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        99⤵
        Checks computer location settings
        Modifies registry class
        
        PID:10256
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        100⤵
        
        PID:10304
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        101⤵
        Sets file to hidden
        
        PID:10384
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        100⤵
        
        PID:10312
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        100⤵
        Modifies WinLogon for persistence
        Modifies registry class
        
        PID:10404
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        101⤵
        
        PID:10452
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        102⤵
        Drops file in System32 directory
        
        PID:10532
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        101⤵
        
        PID:10460
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        101⤵
        Modifies WinLogon for persistence
        Adds Run key to start application
        
        PID:10548
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        102⤵
        
        PID:10596
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        103⤵
        
        PID:10676
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        102⤵
        System Location Discovery: System Language Discovery
        
        PID:10604
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        102⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:10696
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        103⤵
        
        PID:10744
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        104⤵
        Sets file to hidden
        
        PID:10824
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        103⤵
        
        PID:10752
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        103⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:10840
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        104⤵
        
        PID:10888
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        105⤵
        
        PID:10968
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        104⤵
        
        PID:10896
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        104⤵
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:10988
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        105⤵
        
        PID:11044
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        106⤵
        System Location Discovery: System Language Discovery
        
        PID:11128
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        105⤵
        
        PID:11052
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        105⤵
        Modifies WinLogon for persistence
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:11144
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        106⤵
        
        PID:11192
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        107⤵
        
        PID:10248
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        106⤵
        
        PID:11200
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        106⤵
        Modifies WinLogon for persistence
        Checks computer location settings
        Adds Run key to start application
        
        PID:10208
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        107⤵
        
        PID:10388
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        108⤵
        Views/modifies file attributes
        
        PID:10536
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        107⤵
        
        PID:10392
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        107⤵
        Modifies WinLogon for persistence
        
        PID:7436
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        108⤵
        
        PID:10412
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        109⤵
        Sets file to hidden
        Drops file in System32 directory
        Views/modifies file attributes
        
        PID:10592
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        108⤵
        
        PID:10404
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        108⤵
        Modifies WinLogon for persistence
        Checks computer location settings
        Adds Run key to start application
        Drops file in System32 directory
        Modifies registry class
        
        PID:10772
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        109⤵
        System Location Discovery: System Language Discovery
        
        PID:10712
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        110⤵
        Sets file to hidden
        
        PID:10864
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        109⤵
        
        PID:10700
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        109⤵
        Checks computer location settings
        Adds Run key to start application
        Modifies registry class
        
        PID:10880
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        110⤵
        
        PID:11132
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        111⤵
        Sets file to hidden
        
        PID:2836
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        110⤵
        
        PID:11136
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        110⤵
        Modifies WinLogon for persistence
        Checks computer location settings
        
        PID:10984
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        111⤵
        
        PID:11148
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        112⤵
        
        PID:7824
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        111⤵
        
        PID:11180
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        111⤵
        Modifies WinLogon for persistence
        Checks computer location settings
        Adds Run key to start application
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:6756
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        112⤵
        
        PID:10556
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        113⤵
        Sets file to hidden
        System Location Discovery: System Language Discovery
        
        PID:8000
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        112⤵
        
        PID:10548
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        112⤵
        Modifies WinLogon for persistence
        Modifies registry class
        
        PID:10856
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        113⤵
        
        PID:10828
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        114⤵
        
        PID:10772
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        114⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:4492
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        113⤵
        
        PID:7784
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        113⤵
        Modifies WinLogon for persistence
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:212
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        114⤵
        
        PID:10720
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        115⤵
        Sets file to hidden
        System Location Discovery: System Language Discovery
        
        PID:1704
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        114⤵
        
        PID:4364
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        114⤵
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:11176
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        115⤵
        
        PID:4032
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        116⤵
        
        PID:7488
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        115⤵
        
        PID:4208
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        115⤵
        Checks computer location settings
        Adds Run key to start application
        Modifies registry class
        
        PID:6756
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        116⤵
        
        PID:3064
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        117⤵
        Sets file to hidden
        System Location Discovery: System Language Discovery
        Views/modifies file attributes
        
        PID:4400
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        116⤵
        
        PID:2244
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        116⤵
        Modifies WinLogon for persistence
        Drops file in System32 directory
        Modifies registry class
        
        PID:2012
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        117⤵
        System Location Discovery: System Language Discovery
        
        PID:10840
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        118⤵
        Sets file to hidden
        
        PID:3228
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        117⤵
        
        PID:212
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        117⤵
        Modifies registry class
        
        PID:10172
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        118⤵
        
        PID:4400
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        119⤵
        
        PID:632
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        118⤵
        
        PID:2392
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        118⤵
        Modifies WinLogon for persistence
        Modifies registry class
        
        PID:5040
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        119⤵
        
        PID:11040
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        120⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:8372
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        119⤵
        
        PID:10880
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        119⤵
        Modifies WinLogon for persistence
        Adds Run key to start application
        
        PID:8220
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        120⤵
        
        PID:1760
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        121⤵
        Views/modifies file attributes
        
        PID:8520
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        120⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        120⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:1488
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        121⤵
        
        PID:8820
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        122⤵
        
        PID:8520
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        122⤵
        Sets file to hidden
        
        PID:8220
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        121⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        121⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        122⤵
        
        PID:5400
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        123⤵
        
        PID:11268
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        122⤵
        
        PID:5408
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        122⤵
        
        PID:11284
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        123⤵
        
        PID:11336
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        124⤵
        
        PID:11416
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        123⤵
        
        PID:11344
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        123⤵
        
        PID:11432
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        124⤵
        
        PID:11484
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        125⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:11564
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        124⤵
        
        PID:11492
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        124⤵
        
        PID:11580
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        125⤵
        
        PID:11632
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        126⤵
        
        PID:11712
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        125⤵
        
        PID:11640
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        125⤵
        
        PID:11728
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        126⤵
        
        PID:11784
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        127⤵
        Sets file to hidden
        
        PID:11864
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        126⤵
        
        PID:11792
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        126⤵
        
        PID:11880
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        127⤵
        
        PID:11928
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        128⤵
        
        PID:12008
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        127⤵
        
        PID:11936
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        127⤵
        
        PID:12024
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        128⤵
        
        PID:12072
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        129⤵
        
        PID:12156
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        128⤵
        
        PID:12080
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        128⤵
        
        PID:12172
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        129⤵
        
        PID:12224
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        130⤵
        Sets file to hidden
        
        PID:5552
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        129⤵
        
        PID:12232
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        129⤵
        
        PID:5240
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        130⤵
        
        PID:8432
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        131⤵
        
        PID:11288
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        130⤵
        
        PID:11356
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        130⤵
        
        PID:11448
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        131⤵
        
        PID:11572
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        132⤵
        
        PID:4348
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        131⤵
        
        PID:5292
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        131⤵
        
        PID:4056
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        132⤵
        
        PID:5176
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        133⤵
        Views/modifies file attributes
        
        PID:11876
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        132⤵
        
        PID:1880
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        132⤵
        
        PID:11760
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        133⤵
        
        PID:8548
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        134⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:11920
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        133⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        133⤵
        
        PID:11880
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        134⤵
        
        PID:12164
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        135⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:12024
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        134⤵
        
        PID:736
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        134⤵
        
        PID:6092
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        135⤵
        
        PID:12108
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        136⤵
        
        PID:9172
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        135⤵
        
        PID:12200
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        135⤵
        
        PID:11320
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        136⤵
        
        PID:5240
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        137⤵
        Views/modifies file attributes
        
        PID:11568
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        136⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        136⤵
        
        PID:11448
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        137⤵
        
        PID:11764
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        138⤵
        Views/modifies file attributes
        
        PID:3948
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        137⤵
        
        PID:9424
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        137⤵
        
        PID:11916
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        138⤵
        
        PID:11756
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        139⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        138⤵
        
        PID:11888
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        138⤵
        
        PID:8980
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        139⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        140⤵
        Views/modifies file attributes
        
        PID:2732
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        139⤵
        
        PID:11324
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        139⤵
        
        PID:6568
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        140⤵
        
        PID:11288
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        141⤵
        Views/modifies file attributes
        
        PID:10116
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        140⤵
        
        PID:5956
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        140⤵
        
        PID:2412
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        141⤵
        
        PID:12160
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        142⤵
        Sets file to hidden
        
        PID:3172
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        141⤵
        
        PID:5652
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        141⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        142⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        143⤵
        Views/modifies file attributes
        
        PID:11460
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        142⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        142⤵
        
        PID:9072
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        143⤵
        
        PID:6864
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        144⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:10160
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        143⤵
        
        PID:9172
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        143⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        144⤵
        
        PID:9716
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        145⤵
        Views/modifies file attributes
        
        PID:6764
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        144⤵
        
        PID:12192
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        144⤵
        
        PID:12168
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        145⤵
        
        PID:9072
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        146⤵
        Sets file to hidden
        
        PID:7008
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        145⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        145⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        146⤵
        
        PID:6480
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        147⤵
        
        PID:7148
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        146⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        146⤵
        
        PID:6960
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        147⤵
        
        PID:6348
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        148⤵
        
        PID:12340
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        147⤵
        
        PID:9876
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        147⤵
        
        PID:12352
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        148⤵
        
        PID:12400
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        149⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:12480
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        148⤵
        
        PID:12408
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        148⤵
        
        PID:12500
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        149⤵
        
        PID:12552
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        150⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:12632
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        149⤵
        
        PID:12560
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        149⤵
        
        PID:12648
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        150⤵
        
        PID:12696
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        151⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:12776
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        150⤵
        
        PID:12704
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        150⤵
        
        PID:12796
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        151⤵
        
        PID:12844
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        152⤵
        
        PID:12924
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        151⤵
        
        PID:12852
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        151⤵
        
        PID:12940
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        152⤵
        
        PID:12988
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        153⤵
        Sets file to hidden
        
        PID:13068
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        152⤵
        
        PID:12996
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        152⤵
        
        PID:13088
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        153⤵
        
        PID:13148
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        154⤵
        Sets file to hidden
        
        PID:13236
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        153⤵
        
        PID:13156
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        153⤵
        
        PID:13256
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        154⤵
        
        PID:13308
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        155⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        154⤵
        
        PID:6912
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        154⤵
        
        PID:6960
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        155⤵
        
        PID:12368
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        156⤵
        Sets file to hidden
        
        PID:12532
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        155⤵
        
        PID:12512
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        155⤵
        
        PID:12540
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        156⤵
        
        PID:12784
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        157⤵
        Sets file to hidden
        
        PID:7580
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        156⤵
        
        PID:12776
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        156⤵
        
        PID:12936
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        157⤵
        
        PID:12832
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        158⤵
        Views/modifies file attributes
        
        PID:12964
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        157⤵
        
        PID:12804
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        157⤵
        
        PID:12980
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        158⤵
        
        PID:13248
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        159⤵
        
        PID:13128
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        158⤵
        
        PID:13236
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        158⤵
        
        PID:13096
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        159⤵
        
        PID:13284
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        160⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:7276
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        159⤵
        
        PID:13268
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        159⤵
        
        PID:12484
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        160⤵
        
        PID:7560
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        161⤵
        
        PID:12540
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        160⤵
        
        PID:7616
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        160⤵
        
        PID:7652
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        161⤵
        
        PID:12836
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        162⤵
        Views/modifies file attributes
        
        PID:13132
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        161⤵
        
        PID:7728
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        161⤵
        
        PID:1644
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        162⤵
        
        PID:8188
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        163⤵
        
        PID:13304
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        162⤵
        
        PID:13292
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        162⤵
        
        PID:7476
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        163⤵
        
        PID:6960
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        164⤵
        Views/modifies file attributes
        
        PID:13132
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        163⤵
        
        PID:7280
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        163⤵
        
        PID:12960
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        164⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        165⤵
        Views/modifies file attributes
        
        PID:7580
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        164⤵
        
        PID:2832
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        164⤵
        
        PID:12680
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        165⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        166⤵
        
        PID:12952
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        165⤵
        
        PID:10824
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        165⤵
        
        PID:7652
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        166⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        167⤵
        Views/modifies file attributes
        
        PID:10708
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        166⤵
        
        PID:12984
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        166⤵
        
        PID:13320
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        167⤵
        
        PID:13368
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        168⤵
        Views/modifies file attributes
        
        PID:13448
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        167⤵
        
        PID:13376
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        167⤵
        
        PID:13464
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        168⤵
        
        PID:13520
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        169⤵
        Views/modifies file attributes
        
        PID:13600
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        168⤵
        
        PID:13528
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        168⤵
        
        PID:13612
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        169⤵
        
        PID:13660
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        170⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:13740
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        169⤵
        
        PID:13668
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        169⤵
        
        PID:13756
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        170⤵
        
        PID:13808
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        171⤵
        
        PID:13888
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        170⤵
        
        PID:13816
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        170⤵
        
        PID:13900
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        171⤵
        
        PID:13952
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        172⤵
        
        PID:14032
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        171⤵
        
        PID:13960
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        171⤵
        
        PID:14048
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        172⤵
        
        PID:14104
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        173⤵
        
        PID:14184
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        172⤵
        
        PID:14112
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        172⤵
        
        PID:14200
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        173⤵
        
        PID:14248
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        174⤵
        
        PID:14332
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        173⤵
        
        PID:14256
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        173⤵
        
        PID:12540
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        174⤵
        
        PID:13328
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        175⤵
        Sets file to hidden
        
        PID:13324
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        174⤵
        
        PID:10984
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        174⤵
        
        PID:13364
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        175⤵
        
        PID:13604
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        176⤵
        Views/modifies file attributes
        
        PID:13680
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        175⤵
        
        PID:13600
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        175⤵
        
        PID:13480
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        176⤵
        
        PID:13648
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        177⤵
        Views/modifies file attributes
        
        PID:13776
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        176⤵
        
        PID:13620
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        176⤵
        
        PID:13804
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        177⤵
        
        PID:1332
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        178⤵
        Sets file to hidden
        
        PID:8048
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        177⤵
        
        PID:13932
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        177⤵
        
        PID:14196
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        178⤵
        
        PID:14088
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        179⤵
        Views/modifies file attributes
        
        PID:14224
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        178⤵
        
        PID:14092
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        178⤵
        
        PID:14204
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        179⤵
        
        PID:13324
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        180⤵
        
        PID:8844
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        179⤵
        
        PID:3676
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        179⤵
        
        PID:6756
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        180⤵
        
        PID:4492
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        181⤵
        Views/modifies file attributes
        
        PID:13740
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        180⤵
        
        PID:13320
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        180⤵
        
        PID:13616
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        181⤵
        
        PID:8376
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        182⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:14048
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        181⤵
        
        PID:5744
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        181⤵
        
        PID:14224
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        182⤵
        
        PID:14072
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        183⤵
        
        PID:8776
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        182⤵
        
        PID:14184
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        182⤵
        
        PID:12264
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        183⤵
        
        PID:13644
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        184⤵
        Sets file to hidden
        
        PID:14216
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        183⤵
        
        PID:13744
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        183⤵
        
        PID:11304
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        184⤵
        
        PID:13616
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        185⤵
        Views/modifies file attributes
        
        PID:14100
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        184⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        184⤵
        
        PID:11452
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        185⤵
        
        PID:9020
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        186⤵
        Views/modifies file attributes
        
        PID:14100
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        185⤵
        
        PID:8692
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        185⤵
        
        PID:8232
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        186⤵
        
        PID:9396
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        187⤵
        Views/modifies file attributes
        
        PID:11452
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        186⤵
        
        PID:14068
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        186⤵
        
        PID:11884
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        187⤵
        
        PID:13752
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        188⤵
        
        PID:14376
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        187⤵
        
        PID:11304
        
        C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe
        
        "C:\Windows\system32\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe"
        187⤵
        
        PID:14392
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        188⤵
        
        PID:14440
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\MSDCSC\MBzeYmsBiawB\MBzeYmsBiawB\msdcsc.exe" +s +h
        189⤵
        
        PID:14520
        
        C:\Windows\SysWOW64\notepad.exe
        
        notepad
        188⤵
        
        PID:14448

C:\Windows\System32\mousocoreworker.exe
C:\Windows\System32\mousocoreworker.exe -Embedding
1⤵
PID:2708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\MSDCSC\msdcsc.exe

Filesize
660KB

MD5
a39e406a9096eafa928a424f806c7282

SHA1
1e5ab6834818e098b27c1c0ed616a8456ee40dcc

SHA256
e607408e4c002676eb8c7f1a61f5a2c1d2c52b262ca98f71e5218297ccc96bc1

SHA512
b373670d309f7787b7a64d0db7bacd8bfb4d9695a96c9cc10d190b78ea0c3947954a1dcd4be352eb193a3c377f3c51f34387833d16c0f3b79d4189611a4839b5

Download Submit
memory/220-211-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/996-186-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/1020-196-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/1172-220-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/1336-202-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/1440-238-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/1520-125-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/1568-205-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/1736-62-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/1736-0-0x0000000002270000-0x0000000002271000-memory.dmp

Filesize
4KB

Download
memory/2640-226-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2680-235-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2708-189-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/3056-214-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/4420-208-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/4444-271-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/4548-229-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/4612-217-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/4832-3-0x0000000000C10000-0x0000000000C11000-memory.dmp

Filesize
4KB

Download
memory/4924-232-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/5032-223-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/5032-199-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/5052-193-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/5160-241-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/5200-262-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/5316-244-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/5468-247-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/5608-265-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/5620-250-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/5768-253-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/5904-268-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/5916-256-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/6116-259-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads