Analysis Overview
SHA256
084c98843a6c5ef5db7af05b162b448a91d3eeb441936a40c60bf59eab1ab4d3
Threat Level: Known bad
The file 2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock was found to be: Known bad.
Malicious Activity Summary
Modifies visibility of file extensions in Explorer
UAC bypass
Kinsing
Renames multiple (79) files with added filename extension
Checks computer location settings
Reads user/profile data of web browsers
Executes dropped EXE
Loads dropped DLL
Checks whether UAC is enabled
Adds Run key to start application
Drops file in System32 directory
Unsigned PE
Enumerates physical storage devices
Modifies registry key
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
System policy modification
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-01-25 17:34
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-25 17:33
Reported
2024-01-25 17:36
Platform
win7-20231215-en
Max time kernel
150s
Max time network
121s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\HUwYcIEU\HAEwYIsA.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\HUwYcIEU\HAEwYIsA.exe | N/A |
| N/A | N/A | C:\ProgramData\BuAQUkwY\OosEUwIo.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Run\HAEwYIsA.exe = "C:\\Users\\Admin\\HUwYcIEU\\HAEwYIsA.exe" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\OosEUwIo.exe = "C:\\ProgramData\\BuAQUkwY\\OosEUwIo.exe" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\OosEUwIo.exe = "C:\\ProgramData\\BuAQUkwY\\OosEUwIo.exe" | C:\ProgramData\BuAQUkwY\OosEUwIo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\Run\HAEwYIsA.exe = "C:\\Users\\Admin\\HUwYcIEU\\HAEwYIsA.exe" | C:\Users\Admin\HUwYcIEU\HAEwYIsA.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
Enumerates physical storage devices
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\HUwYcIEU\HAEwYIsA.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cscript.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe"
C:\Users\Admin\HUwYcIEU\HAEwYIsA.exe
"C:\Users\Admin\HUwYcIEU\HAEwYIsA.exe"
C:\ProgramData\BuAQUkwY\OosEUwIo.exe
"C:\ProgramData\BuAQUkwY\OosEUwIo.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QsUckAwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YgckwYgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KmsogMsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mIMQkAUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nIcEEkMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pCUcsYYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yIsYkIAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WeQMEEQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wooUccIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aCEsgEYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-353244242-1744012757106025348-1625494322-10385515811652748658-988705570-636352235"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nkgEYcII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1349613181-841877315-1277220944-1333856059-2005113749-1755170603618604873-282216291"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-8875860701928475797-61429440617214076341324177983-7090304859226358551514074669"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pMkkcYYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WWUsEUgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1771182617-1881230425-623200348864601729-2953190809930272571098524121159037496"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wkowkcwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IowYgYEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-13928120530493563035644372495208193-560662062-14933154721811983663414449869"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-524612276-363998402440726673881364667-1023987969744105659963633086581005848"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XWwIMEMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "122264360-1366193312-600552946-838043970-1041616110-11422827303427599551805744411"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DiAYIMUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-533620160-506401918-256471106-1257081341-427636153-2063402529115621984-348039752"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "947290260229499435-14176965706745709391530729378-1153375320-1186743126-1817063729"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iWMskgUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "562587348-1539446232-17840727182113939467-15875894491183653779-1635384101927714641"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "90418386420614888421169302896-3559046781413343845-690092182-14451443096821390"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZeYQwIUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IicIAMUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "13009444071064602786-13883614151334419420-6658459151986657429-11623857491678372212"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oqYsoYwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KUYgosII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-458758607-2027079746-1393635150-1874617797-6135432431949349128-1863265535-27483599"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tigMEUoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2121489088405314280-155059888436146926-1395891480-8278370162048935767937883108"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "193209556981685459-4282879281855177165-838432609-598907160-2072217580-356277877"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pqQcsEss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xSEkMAEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tkAwYAIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-19352650194486431291155569596-1489018424358159540498488785-16013908471514114994"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YukgoYEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aiYYoMMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DKAgAswI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NsowogsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qucMsoUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "569202192-5117149082037880541412561915-1184803791863977228-14187674951141743876"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DqAIQcMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BgQIcAEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1541128780-12160056827039084438159914318892204071987288768-1285754548-726450431"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "3389196441860904722-2137157300-1556532119-935749575435308401-9387653161258503326"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CqwUAIAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WMkkYYkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2129936639-134181024-83658136143679745-1286825293-23290141318274218941706850744"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ykIcogkw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ESsMQYwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-6148600264681983711029367931-1255032716-971865797-280406056216337519-1934131517"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PAEUAsoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PugkIEYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "672203567168987435617844038031987039924-1110373817-2064401106-507656311838818142"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fkgsYAQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DgsoEQQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-513019131160254219228553312613180063651469262898861016373-1314242093-106404839"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "374274566201045415-1053514142-1525860014345467621-1053310823927132356-230074555"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZiEwwUco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AIoYcMUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1714408165-6162313221423784340-998639939150687782-1219560549-1087325775681983907"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HSsQskQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-16374947311014360797-19128870111046754246-582420316-1502372500-1473093910-1614418736"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "125211929710825904461366911950964911104-20201851366487375461031540759794519694"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gWkskQok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZuQckswg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1906013451277406859-64186376-1229466240-6675988731258062179-64498251-328220857"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-13098750611922060507113519156-1097896932174278274-14735730431658836321564889762"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YKMIoggE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YooMcMEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-18053404421955464692-364026364-8439369152865805251331991975-197072869163580516"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1838979230973673206-99224212-181860789644888589682239662717468117792113701045"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bKgEgIgs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gKUUgUoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nYEEowok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2802777031029621700-63600172425214259-2071018508-2111487504-602937571314595700"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "3749753309589203931146728743153265730018516806291705302608-1104361965-91911931"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "148884796-43807240204316638113091759803184374901581617721635529597-1570090969"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pQkcMcUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-604684747-1956694566-1093676358-55086529415353595311684890002-7288137801454446397"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SUEUMUUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vEggkcoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UmMkkcEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hMoIkIoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ywUkgsgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jKUcgUUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JcwQgYww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZgoQMIQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-17153640926895226141341039068-1820438032201392061434765221-966067272225550269"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jKAUwkYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-520976641174260772032462089-1359229793-3727195201815762041900033798161328883"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "18760511661297585201557771736251935313-1222565157518872245-1319257595-1187584140"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bsAcsoMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SwkccEEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nMEEoIAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "266355883-1258459473899364686-104804043-1174165305-44530329-558158182-978953550"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dUkkcocY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1721255906-1050252722-1451179709-11350566542001756857508700239-1450393276-528158740"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-130472431113884410601438710808613387553-1564196890652123831-1230118407469488948"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SAwwIsMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-578680939426898156-18567183781150697183-1333021117-1349958957-19433541981247394505"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hMEkswYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FesUwkwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1088875028-277936776-48786848-97986900910428392-89750442614837494561182678723"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "956536178-770438135753815317-538528754963939759-14801278381104702821476311828"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yUAcQIYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LMkIkIsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OsUoMoEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bAIcUoYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1912217564-93298138051286292516025841941775431430-508397209-41041578-1883404585"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uiQwUkkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-357446631-1144146657-163124268-83847333217575134131960471043-1723590847472924784"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xMwcEIso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "12451716411114862942-1851341601150665943040910544283380667-19335686971982197430"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RuQMQQkU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SOcYEsIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\usUEUYMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1743070173-1362421953-209941535375103364-1951963291313590938-29104030-1782856266"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FyokEEAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1530265457-747358867-5045265512059136563-1770022096-1200158922-1073765695-725311039"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DMQcgQUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ecIkAUYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FOAQMoYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-355852296-1558200945162263634010048459181800030016-68457808655925007679973121"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qsAksMcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1793011641463658317-14415421351423540708-1882254842663894761578544109-688867901"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZUkMAokk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-45178228213577748491721759259-957169968-810135404-108502438711286572411289119548"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YIQkQQEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fqwwMgow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1824189282504126605-485696629-1126408210-11528415721003679732-898492982180923442"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2066273151-2008936985-36854029217223992801627007287-14467467273524610051447022610"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1886829692831988728-1752093085-1823247217-1249136142-1316005120-350043229-1707722950"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "19295884781493789585-13592948191831061000-6175711991755923228-81266717-661366394"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jqEoEYgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2511438591843941946-405906990-141678221997712415-1181008544-375811662-1396727994"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1652169789538918664-1624352279160244123711659560-1358805658340725539381633827"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-504648447395882401451979682246628462-1333191950-15464207661679943318-1551159911"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-15404256571455709267-153855723-257350779493426123-147680552910107309041768056472"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1889704807-18663021131704681946-473068166-1892781913-1525488456-187773878-1903987309"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-148832615514106977251371306128-5529230531469520344-186898761375972789911055457"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RkEMAEMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-403393577552092300-75276788021146591861211756124-461911451-1251988736-1520949178"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DSkAAYsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "9587630521062818331590532992-20953847891055594488-97066599311207552001399782659"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-106025875914652338391640142525-1589659994-6926230361970912943423955651970935890"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QAQUkows.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1555854563529315552-1803920439-468600466890192571-800905372-16133782541566462907"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FUIYEIoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2028873816-6434327521283002940-1763206791-143162264918809594881906604257678941641"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-464425853-15967231-853278997-1401174870-1278608598-1359225182-2043513529814028178"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-464806121353552534-1347601327-91743262-8504609-2003799619-20647009621566688990"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jGwQEAko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-601344317-43219034-1629335898-8863594556229616912014525210-372450579228843951"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nAsEMgwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "19369546211516796140-2063443542-995457069-483663974-893011775625844637-1769177506"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "8935808421440540674170386298611081872281593302556-1367615448-1175301010484883828"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-10975552551467897000-14051784031935126585-596768224-15999856691499757609-1925535781"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "527984949-55059275114998269971804450089-552481484-1717791154564868490-321778431"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1430054074-14241915311659494715-313876129-346866562-20116583114497442914099427"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "262695510-1703421951-191319316529394314-734031544-920638641935112164-780487585"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1753367108-1736224082-182577252011932050461689784604-903049445-1346468855-386798706"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\taMsUAEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1601711644-90654588-85361876-1436799206512704365-3685946301448840084-695165611"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "189040340912517585971906042286-1464470383-1377029764-68976615815133427201324095989"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1127849551-2023134817-542902113178528853816871499771403071044806551224-363348188"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1690647574-797603802-1866322860-19878664969488587861118898275-282496578-779858564"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1665057618202957975712440564501016810991-259987215-210151785-2018399550506152890"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-299538794-21282070311746752519-17928552797413551261619908663-19018387801253279883"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1342496315133980027789315043-2096226733-142263537212171006521548102426-1311939289"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JGEwUksM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "74162340-1655671914214947832-1807470904-37019366-1748865266504073784197922239"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SascMIgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-124792650-2346381831303024325-2124328127-1903909086-7816099081030375984795088274"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "625582424301041080-4463449231269117564-190730232-57309219924904624-1705642098"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-206293929471972647199379787545843205111244607803338515178629553151020887709"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VeIUUEkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kiYMEMUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "95997552-1601734230-17524086751206716916197977992237147798431723501-1890342520"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1984124301-52382806-1318896408-1444160998-1683790267801332143-547226820-1346158395"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NcoQIMUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-5545463825448860898674057011277629564-1321099462-479175221-215972594-2043814024"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IoksUQck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "5920500661697699481-738397276-12969618797307036342006699637-367281308-917282500"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\buosMogI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "4114726201480181959788323785189846193718885334101742660184-656277031-1891790023"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "13870267071777664433130556271970537528820744737651185529884-1146275110-2093962297"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-559209373-1163039228830748629-1621165902-701627263-8581232313231764461692166400"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-10022757271282429697-2039351294-627405502273532079188652189414560513312117385742"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HQAoMMQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2032401482-2126225660-17118459131084735157-2112959983895786475-20010390081578193861"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YWQUssoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "465792622578571172941759558-53986045-2002306381964393953-434511705881464296"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "16661235131183162601-874035771-1095742547-1617722746219427207-651409117-1079654119"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vqEIIkAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "9349013671080081525446010888-354940635-1468505333-685484273-1150335775-1678326698"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ssEMgYgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-16865515872126359439381181524-20503095191365828954-1862658802-45114420-1615516263"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-19929247201620292895-1896110580-1053344207-1285321406-428486524-1585070915-48672995"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1463896534-1615022981-161606020307729083-5130746482028967513111120866523164616"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ECwAAocA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1649392957387010310-1957527137-3661016202012595028-40627694329816778-820098754"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MuMYkIkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1258355776-155049099618639771084286419161860519280-1378134714-187285915112664114"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AQoccQko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1444730406-1989791516-2047897426143293763-465722772-19195597691917373668-934243057"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\Ecckooko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "722740502-431197265-2864980641845999695-1216286986-2027654627946158779-1184882070"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "569804569905116160-637502054-1805642385-350030658-11789643971178497748-1057729154"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XIMMYcEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-19593358402000349518308583698-8434485431499885370-1849032900-8775947461462037375"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "16061719481149331865-18695125661964026201-6100721882682857381750968790-1882591446"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-107929920980685403115627974039251840592079941511312003732-1546165860486184067"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gkoQMYgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zQwEkIgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "17691168215485469491681400651-20744577121130594489-1911794990934080068-1116573049"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-711731950-4979691531079486153-1579701798-580091781049251444-1301153103-1977558864"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "8433840314276112521478086059785928990-1990847429-149862333-687390903-2102675067"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-14745852603949671238262689821024324790768835280-16613894031685025943-1707564404"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kakkwksU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1177294507-1807291293-1633333257-1819892886-568197744-2135633165-1569696023280411446"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-53483290014919402321788542561-765020681440324996-3347064331865370610-1791425357"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "7478525172103851822-495043839-236853026-774687306654190466-1687291935385055301"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-207989420582773698812515399851937436859-653183967-446727707421778811299466898"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oIYEwEUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-689551754163403790-13539848771521639161-1622483032490964701-19798572979043998"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pQYwUEUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-549916037-1374742676-321748142-2043696211-186252493-2107612724681969133-309742069"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "803301689-762333325-199726710-1860543890864788332-12711953181550621411610663666"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "806956413-1553847781463499187-1726647774-59036887140348744150122140551098199"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1057435370-227383650-1453750852312058362-1728758560-502708210-515342081640454575"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "18687541582011723964-201435861738943353-1998044908570987511-349140434-1929957359"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.180.14:80 | google.com | tcp |
| GB | 142.250.180.14:80 | google.com | tcp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
memory/1516-0-0x0000000000400000-0x0000000000437000-memory.dmp
\Users\Admin\HUwYcIEU\HAEwYIsA.exe
| MD5 | 1f899e1d3f15caef4b3d5d0968803ebb |
| SHA1 | b1a05e88f2b6dd88974cc0f131ec41c104e8a95d |
| SHA256 | b178efaf0beec362a949e2593c8839d2504f93790dcbc09d4595620cf66db316 |
| SHA512 | 5102654881438cf2f8568ffc368c5310d5c15bfa911cc1555b34de4894c57e1ca007789dad1636a57ab5b6db233176d780776c13b29d39e08c1c9a9f7753d24c |
memory/1516-4-0x00000000004B0000-0x00000000004E0000-memory.dmp
C:\ProgramData\BuAQUkwY\OosEUwIo.exe
| MD5 | efe06f447b52838231f82ad11d23805f |
| SHA1 | c5a40524c207401b154e8695a0ee4ff085abe02f |
| SHA256 | c5113cf9c2e609adac2d07240860d5c544d6ae1da44a3a07f1896afc6f7eb0ed |
| SHA512 | 3ab1f1fc2753f107db32cecfd52609c99135ac2b88a9a0fa9f7f198ad4149c269fea91373db23ff707a4c497a2cc3592513865c0cf881edce55b45e6e30951ae |
memory/1516-27-0x00000000004B0000-0x00000000004E3000-memory.dmp
memory/2704-29-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\KiIMkUYs.bat
| MD5 | 42a508277ec5285e70847cfdca59cc48 |
| SHA1 | d21c361c3600a3bee607450414ff51b11613a2bd |
| SHA256 | 3bc54638cf7f59056a13bb27589b04ff181369547fdc04a1e112649325ad8da2 |
| SHA512 | 74921d541279190dc5f6ac178857c00e2de390c048e646d620285c84c610ab53ad6fad83773d85f673972c95957b8fc1a21423b9c6400ceb7883a86bbd6b3e87 |
memory/2676-41-0x0000000000400000-0x0000000000437000-memory.dmp
memory/1516-39-0x0000000000400000-0x0000000000437000-memory.dmp
memory/2988-40-0x00000000001D0000-0x0000000000207000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\QsUckAwU.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
memory/2988-31-0x00000000001D0000-0x0000000000207000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\VikkwAow.bat
| MD5 | b7b0714f236bc834a6bd11d24ca346d9 |
| SHA1 | 25dfb0a7f2c962980c453012d48c0ec0df1a21b2 |
| SHA256 | c0d4c2d1e3296a000871141d84a9cf53ac6436d0861fd1f8ac8486eaf6784c5f |
| SHA512 | 77487a426cd209e31145d1f68ff7b22d4040b847bc1189a89f99f3568f38ae779f948cdd7bea5ba09077ba0aaa5f93218aa3377fea99afdc8969b1cbf7383b68 |
memory/2924-57-0x0000000000400000-0x0000000000437000-memory.dmp
memory/2972-56-0x0000000000400000-0x0000000000437000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CMEcwoIE.bat
| MD5 | 26650fabaa12bb4f92bd7631e74772d1 |
| SHA1 | b0a54b505655cbbd2b9b2f7d877c45d096848d82 |
| SHA256 | 27429a24e32a05d3aad1bd21c58a78eec76a14517a9b3cb8ee342a951d660613 |
| SHA512 | eabaa86f43c72084ec86902d23053b2fd2dc299d3db2ac6a4451994b6cb2ad3b3ca5a52dff5a4f28945320820e37b8bab242342ac6b8eb163578631d24311bb3 |
memory/1468-82-0x0000000000400000-0x0000000000437000-memory.dmp
memory/2924-90-0x0000000000400000-0x0000000000437000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\TywMogoQ.bat
| MD5 | 178582097469d14fcfb95eef3618f6d4 |
| SHA1 | 852189c22160c85f6243804526a92d498b0ef663 |
| SHA256 | 40777b08e71b9360f386c9fce99bd9ccc03c3564793d28032e15b0b62188cbc3 |
| SHA512 | 7c4bc0fdb78e13c4b66d8b9e6b99158f9f4bbf996a39b608dbbc68f49272e2d464dcdfcdb64fb4377d28a992fec0389221da44f1bfeee74dead53b6e2ec389c4 |
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
| MD5 | b1d0a5c199d9edc1a273e408124ed491 |
| SHA1 | 82dbeb87395618e9292b9dd7a414086ae43cf412 |
| SHA256 | 512c67620d9906aa3db4ebc6839e4a74c832e750d4805c77d6de0e6a76740d77 |
| SHA512 | 3c3eefcf3679d578fe6d4891071ee4bf2d6e7ae9366affee4838f7a161005035a390aaedbce5527f55fdbd622bcfc47a86b094feeb7f7f454bc71bcdbfd746d5 |
memory/436-80-0x00000000001E0000-0x0000000000217000-memory.dmp
memory/436-79-0x00000000001E0000-0x0000000000217000-memory.dmp
memory/2676-66-0x0000000000400000-0x0000000000437000-memory.dmp
memory/2492-105-0x0000000000160000-0x0000000000197000-memory.dmp
memory/1468-114-0x0000000000400000-0x0000000000437000-memory.dmp
memory/2316-106-0x0000000000400000-0x0000000000437000-memory.dmp
memory/2492-103-0x0000000000160000-0x0000000000197000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\dysEUEYI.bat
| MD5 | 92110dca474e853fbb0871cb1b38856e |
| SHA1 | e9c6d3491c3480415b475ec50d54af07ad373ce3 |
| SHA256 | c71f88ffc581c939b29a0fea125eafff7227bd05831d6dd5f7d6c1e282ea6182 |
| SHA512 | 581bc4f40f87b0e796d56252f1816d226dfcecc94857a881b74c3733a9461cadd9e86b30f2b70c8a349f03e0280e801a431c4f25f2a37d033377ed98514c246b |
memory/1660-127-0x00000000002F0000-0x0000000000327000-memory.dmp
memory/1932-128-0x0000000000400000-0x0000000000437000-memory.dmp
memory/2316-137-0x0000000000400000-0x0000000000437000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\yqEEAMQE.bat
| MD5 | 900867d23a81a0968816270d843c7f7b |
| SHA1 | bcfe33a36b2ce96dd4299ea29d5c0517f22c0f35 |
| SHA256 | 115df1518113a924198f85808c3af68d6c67310f2dea5f8fd3c08640e122db83 |
| SHA512 | 21811f40dfbc3df22bb2c626e12ce9c56181a2591ea6aa6b80508946adb75777bb69fb3912a2979798bc481a5c2b80d02e3237434ab40e45ba0eef24868ecd61 |
memory/1932-160-0x0000000000400000-0x0000000000437000-memory.dmp
memory/796-161-0x0000000000400000-0x0000000000437000-memory.dmp
memory/1908-163-0x0000000000400000-0x0000000000437000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\UwcMAwwE.bat
| MD5 | 242383e91e09334b95b8e594a70accde |
| SHA1 | a06dc4fd8d859cd14e5c59ef68f70526afa42586 |
| SHA256 | 42e8dc5b2bbd3ca48f7c720cde151d0bd6abeb231f889c683c1718a51c9d6fcd |
| SHA512 | 2767f000d1b036aaacec27a3ddb6335154aee3c62745a587179c9f09d64cbc8eeb44b440cf9d6d95aa2cba979016ce1d55ae2abe237ce166bff2d2f0f86a7a43 |
memory/2712-184-0x0000000000180000-0x00000000001B7000-memory.dmp
memory/2712-185-0x0000000000180000-0x00000000001B7000-memory.dmp
memory/1908-183-0x0000000000400000-0x0000000000437000-memory.dmp
memory/2816-186-0x0000000000400000-0x0000000000437000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\pqcIEYoA.bat
| MD5 | dd90a67f0ef7955ada1eae0997bfaa67 |
| SHA1 | 1241da15cc6d2141aaf1f48812c91e5dbbd7e653 |
| SHA256 | b1d6ec0b5a9c63fd9fc4c78f58bdda123077495bba2f9e71c5024645134965b7 |
| SHA512 | bcd90d001f122a5762de72e2d67a2d7674252eff5f00cf4e751b295f02bfd1cfb77b3a9acda0d4a5ed639ea95e90d73199680028cc6cc69dc760e40e8c828ed1 |
memory/2184-211-0x0000000000400000-0x0000000000437000-memory.dmp
memory/3064-210-0x00000000001B0000-0x00000000001E7000-memory.dmp
memory/2816-209-0x0000000000400000-0x0000000000437000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\JCskcQwY.bat
| MD5 | 3fedb4d6167c8b99abed58631c0a2fb1 |
| SHA1 | 4518a8ec67d1367304784864a60fde7d8acb1c79 |
| SHA256 | 53d7bf9cb8786be5286d1f4307c86b12fa2c5341bdde9fecc2049613b93ab2b5 |
| SHA512 | f2b7713f57c91ec80b53e371bcdc10608302a1b18b056a2fa4e04534ee1bfa4ee7cafc936c667b7691242332c8b8ca05dd5a5444a1822e2efda5f4db207ea7ff |
memory/2184-233-0x0000000000400000-0x0000000000437000-memory.dmp
memory/2972-234-0x0000000000400000-0x0000000000437000-memory.dmp
memory/2808-225-0x0000000000400000-0x0000000000437000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\aUYkIAos.bat
| MD5 | 37705a4cf19b8d92ce9520169dec90d4 |
| SHA1 | 158519e4a83bb68f0b67eebe2a9dc04180aa0c47 |
| SHA256 | 0635f07c3bcf2b6037866a57c3d6367c5e7042b60d57fd4d4d1f26a686059ad1 |
| SHA512 | b9698d7f1ce4532545b6e9c33f1a1903cf5904665ab4b2308341786a19befd67d9c3672847770678dc882df68ead6015d2cfdf8852ca5022c50e5961e9f29317 |
memory/1552-249-0x0000000000400000-0x0000000000437000-memory.dmp
memory/436-257-0x0000000000400000-0x0000000000437000-memory.dmp
memory/2972-258-0x0000000000400000-0x0000000000437000-memory.dmp
memory/1552-248-0x0000000000400000-0x0000000000437000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zAgIMoEk.bat
| MD5 | 5e7e2905e8d2765b86486c757ffe4a4d |
| SHA1 | ca51780e07d80fd17a0026684b48f05824084f10 |
| SHA256 | 9b669b080b77547bf6d13a31a4e8317fd2ef29612ad392f925b3ae73695d686a |
| SHA512 | 998413083d13bd48d29fb1f46a414953b19389998ea1db4d80a5e3b920aa604a1252d40638058cb9ac4380ebf173eefd4ac3ac6c5a9ca43c8c073a6d33a74392 |
memory/1840-273-0x0000000000400000-0x0000000000437000-memory.dmp
memory/1624-274-0x0000000000400000-0x0000000000437000-memory.dmp
memory/436-283-0x0000000000400000-0x0000000000437000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ckwswwkw.bat
| MD5 | 291e0f22ef2cd6840099f4ba9eba911a |
| SHA1 | 7a0451527eef5a655e015a02b6a3dc2f3382c4dd |
| SHA256 | 644b1af36ba2710ead4e1217c4299d630b9737f4c8b9df4499deb9106112db98 |
| SHA512 | 8d4a263eee2ff55f5e6e9f29d6fa15fe10705633e8a6722cfb802e116003e70a83363bad2b83d1e13a8fb6aea51ab2e5c90d08b71c1d9b059694f6815390f599 |
memory/2076-296-0x0000000000290000-0x00000000002C7000-memory.dmp
memory/1624-306-0x0000000000400000-0x0000000000437000-memory.dmp
memory/1984-307-0x0000000000400000-0x0000000000437000-memory.dmp
memory/2076-304-0x0000000000290000-0x00000000002C7000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\uosMccgk.bat
| MD5 | 7f5b48b96b2ab6b0fe066caa27c0d2ea |
| SHA1 | 5dfb4697d5b088892669939cc9af60ededd83b6c |
| SHA256 | 83e29e26c3b07c8385bd2685535f919d88e3c4fe0547bfc354335d74924fcc4a |
| SHA512 | 0ae51266f6237514a03c866b0c32ca1ad583a30f157b73f925601c7f756fc0a37c9d2fd155fea6391781de309d54da4e8f116b5c080075a8db71f07a05241dd3 |
memory/776-329-0x0000000000120000-0x0000000000157000-memory.dmp
memory/776-330-0x0000000000120000-0x0000000000157000-memory.dmp
memory/1984-328-0x0000000000400000-0x0000000000437000-memory.dmp
memory/2872-331-0x0000000000400000-0x0000000000437000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\kmoQMIsQ.bat
| MD5 | e036d44066cc261cd3dcdc628951186f |
| SHA1 | d1b1a4b78ad7b64304ca6122d79decf925f766be |
| SHA256 | 8410785d8fd724ded1af4ea07b1efcf5ffcfacbb721c2e0f50c5b2484055a2df |
| SHA512 | 1264e43b207540771579529c84923fb31d50a6698afdb5a0c949c89be386bf979d6bb8f10716e89e3d15fa1b015b5e336e92107e0506ddec95303595137f5500 |
memory/2872-352-0x0000000000400000-0x0000000000437000-memory.dmp
memory/1880-353-0x0000000000400000-0x0000000000437000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qQsIsUAc.bat
| MD5 | e41a440e1dbef995ea6ce8b313e18a28 |
| SHA1 | 8fd3032c6d693286c8a0966a7686a08d6641101a |
| SHA256 | d47bb461de4eef9612afc193fe9119e5dfbee63ac562fca874c140fafa5a24c5 |
| SHA512 | 14b2620a19211c62646b5a32de502863e8a60e951aa1f1a42fb4a0c9d53c2b4c70b31da4738e2f5df40ca62ec9f9e83d3a0b303f3b61be608227ac1992845013 |
memory/2364-369-0x0000000000120000-0x0000000000157000-memory.dmp
memory/1880-377-0x0000000000400000-0x0000000000437000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\YqcYsUAs.bat
| MD5 | cd508e685c7c81250b78a2eadb52e654 |
| SHA1 | 931cc41eb6dc21c8c7ee91cc805f4ce73ce57329 |
| SHA256 | 579698fafaa52f5ac54df869048946bcd4bee5772413117d23aece19e5b5d09f |
| SHA512 | 731245007e946309988b76edc1abeb0f9179f446c196afc8d75e4da898712966ee3cb6e2e7ff8ae8ac52716ac0aedd3c3700896d9ec9e63dc4fff36d8539c6f5 |
memory/1988-390-0x0000000000220000-0x0000000000257000-memory.dmp
memory/768-401-0x0000000000400000-0x0000000000437000-memory.dmp
memory/2756-400-0x0000000000400000-0x0000000000437000-memory.dmp
memory/1988-392-0x0000000000220000-0x0000000000257000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\bAQgIokg.bat
| MD5 | 5237435e8c07206a2a53b36008508fa9 |
| SHA1 | 14dccfb7ce6f24e36b6409c35a2db440d8181553 |
| SHA256 | e8994c2aff321b1c6d5caa17ef9b69358ad68fff6123211ceacd36c667a615dd |
| SHA512 | ecf9899ebc99d14d31cf69d422da9712ceb61b60e576b3402678e01dd4c6b01a3b02253f968b02e718f5ecd9e37d0936b3a96ea2610fae0cdaf79f2bcdd7ddcd |
C:\ProgramData\BuAQUkwY\OosEUwIo.inf
| MD5 | 9a34109f6900c2df0489fa6956f96f1e |
| SHA1 | a92e31c97631a37c6e3a61089a202c77ed3ff578 |
| SHA256 | db7f1bfb5362a69213d5f42c86e95a8be1e9a46c98520408cbb9a38fa3033828 |
| SHA512 | fadf1ac1fc8e5c9d1283ab0cca7316ea25a176635305c2fb37981e8703120e10086f70581b0a01885c9f198fae5b23fa0dd6bcd9e8c844e6cc87883785f2173a |
memory/768-424-0x0000000000400000-0x0000000000437000-memory.dmp
memory/2292-425-0x0000000000400000-0x0000000000437000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\KmYIMgYI.bat
| MD5 | 76b68ae7b03bf7d8f4ca81e5095a9e07 |
| SHA1 | 5ab93e89f86e1bf3b3ce042de3068cb1b94f50bc |
| SHA256 | 4d54aea3ede030e5a950c684b4b79bb3da0ea9df54eea9a1285670ef735df275 |
| SHA512 | c6c0e52f6505ebf92a46ad9d07a741f44aca88a3a891ba82bb1ff368f0dc6bff5eab37adf84fdcb39c7df35a1d240ae82b8d87ce8be76303c22323e3056ef3fe |
memory/1544-450-0x0000000000280000-0x00000000002B7000-memory.dmp
memory/900-451-0x0000000000400000-0x0000000000437000-memory.dmp
memory/2292-449-0x0000000000400000-0x0000000000437000-memory.dmp
memory/1544-441-0x0000000000280000-0x00000000002B7000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\iQcQkAsQ.bat
| MD5 | a25c1e187ac28c34d5164ecd3652ebc8 |
| SHA1 | d501f66256edd9af36d15cde2e5e973bfd81ca3f |
| SHA256 | 43bfc976640fc494b99fbf945c44bfe78dcebf70ac450a0343f610564a91b47f |
| SHA512 | b89628fdffb90274e3864f5adce4c789b920f6b4b224fbc70b59fe464f3e4e9a99bd10d1cb09c758150cf1c5e8569c35f007c756b94971c54e9392530f5b9a09 |
C:\Users\Admin\AppData\Local\Temp\JqUwwgMk.bat
| MD5 | b053528d9cd8c260e162eb79d6b0ed03 |
| SHA1 | 871e9a31d5042bb17dcfa78a6244a1b814844927 |
| SHA256 | 73e49d3f47ca7049888926ab881b9e197dde71af247ed657b35834ddede9a6e5 |
| SHA512 | 54b41392bfdf6e00a1f58c3749d6b3ac576be6bb55bbcbcbb8618d40caa6c03c9efed7e897f80f217632ffa098fea8c49b15d26173e3ade1e1fcc898e944f7cc |
C:\Users\Admin\AppData\Local\Temp\aegksQoI.bat
| MD5 | 89670ce427c9de1b3c7233f32e375fdb |
| SHA1 | cae08a1ebe1a54d1822b6e19497b7fcc1687faf0 |
| SHA256 | b640b4eff45db3f62c264595e58e506be9b5cb7ff28aca3fe5feaf38dc8e898e |
| SHA512 | 141634a24b3f90e18107be29633423d98b1e9ddcf8cda5c5f4288ff34b93e23087a5e4c0015fb7656a4c1eb600071b0059f5be53cdc59b1de448de2e42770d55 |
C:\Users\Admin\AppData\Local\Temp\bqIIwQwY.bat
| MD5 | fbab88a1388cc76eca4068dea3661e46 |
| SHA1 | 4c69036fcdc66becabf590f506d549208bc62abf |
| SHA256 | a0861dd000fd8cf60823f6b617095ad3232c05d082994cc94f02f613b2e82a47 |
| SHA512 | 5450db55c527ed06d614329b404fe8543387cdd35c46e4235ec4b67e49e11767b65f90251c49cd776e59bbe0894d1dd06bc8d80b2c43efa6c759e58e548e1427 |
C:\Users\Admin\AppData\Local\Temp\vacwgosI.bat
| MD5 | 5f4afe494657162c8605038199012ba0 |
| SHA1 | 1c53e1431c1a990635c4fe575f65f7976ab16471 |
| SHA256 | bcb7afa24c047fd8d9cd790c3f0ccd5f5f648888794d052a3b73e9a28c962a2c |
| SHA512 | 52b21d0c81748ebc54b90cac2f11f348bec2a7a58fb3d9dd9ab0e4ade86c9f19bcdf1625fb7064b63bd30372a75470722076aef12794b4a2592792b337930f1d |
C:\Users\Admin\AppData\Local\Temp\hMAwMgAk.bat
| MD5 | 9f0e6519d6f3c08604c38b542d397c1b |
| SHA1 | 406c502dd2bb7c3dfde9c98519af6f431bb8ab9a |
| SHA256 | 6c584b815e4f645934630df6e91a8202e381c47c34461d0d29ce8d2cf6f92e49 |
| SHA512 | f94d71c46315c3fa7b050f443abdb4c01bbcab8254901fd96c1c6a55826b78891e4c0c0a20213ddb0c9bf69ad3043830bfcf1514b22b1d2b9a35256f4ac74db6 |
C:\Users\Admin\AppData\Local\Temp\uQcgEssg.bat
| MD5 | 5fdbbc8525c81a0ef12b0f42e2e354ef |
| SHA1 | 1856ce296980e4e22f38197edbdd749a072698e9 |
| SHA256 | 1d9ad474370d58d6c85105d06704b450f9264c8083a437f4b7c109065ea3aee8 |
| SHA512 | b4d68abeb61b5ad5dffe8b1bba2d7385c0ee4b3565795ed394e95b18d20631d85d06b29b70782abde28acc7f6f99692c0a0b62aa0730651f961a578dd1368bec |
C:\Users\Admin\AppData\Local\Temp\ckce.exe
| MD5 | 348c288f199f1c3d88a1ddd53dfe8105 |
| SHA1 | 06101150af4570cd6bf687d759eb93f476f172fe |
| SHA256 | bc8ff6f4f7e9be5c99e2accdcd92ccfe4ab6e3ef4c247488f7a34fb038c2e2e2 |
| SHA512 | dde14d36e71d3a23f744d4b8b5f6d0ba042a03b948632da5b8b45f3724e7133b620b27ae6d33fb3297d433498d596a5ee3da158018a4f1b72c71e89c13c468a1 |
C:\Users\Admin\AppData\Local\Temp\WOUcAUYc.bat
| MD5 | 03d6d1a579c1d46aa36a087ae5c7f6d3 |
| SHA1 | 5b31a9109e061bb502f745adaf16fd44fb3257e2 |
| SHA256 | 8217eb0693384b9d25f40679316b65b3e6d9b644deda7d1d1672c9d015d7ca16 |
| SHA512 | 248fa921cca47c89c448ccc738b1a9a6078fb34bd88ba03494249db97ed441c0278fe836a9df53ab636773389f9f911a0233453fe8569f5c8474d71a71667f6e |
C:\Users\Admin\AppData\Local\Temp\lOYssgIk.bat
| MD5 | 9a7b82f51e50f6f65ebe67ec5e5b746b |
| SHA1 | de3d1dace0770db743312f8f076da0388817e8b0 |
| SHA256 | b139f82a6f19d9e591a32499ca8d6d5c5f1926d2acc5dc388c41f0c561fd20fe |
| SHA512 | 8502cfd442731d2bbec4ff7fb52cdbd83a1dee080647aa5dd4cff1e392693d26e4e225ca6de019e2e494255e7adc5fa0bfeecd455c6cf2aa5f36e6f6def7784a |
C:\Users\Admin\AppData\Local\Temp\AWAcEssY.bat
| MD5 | d41e213ebb3284e75adbf3a999444412 |
| SHA1 | ce81755b8bc8a47d4b54b887e7ea05d05abdfadf |
| SHA256 | d96e0806e476a2eb85c0fb16855a8633985c8ad53acab24da2f44aedfe8e7fa7 |
| SHA512 | ac3b11f4fa8311793fd01bb1d66ac91fc05c98fdb4649393fc06be467e3eddad1d50de81d13915db9809fd3ac9aed9fc74e08cecbe0509de0a3f69ff8e1a59c6 |
C:\Users\Admin\AppData\Local\Temp\KuIYAUwA.bat
| MD5 | 973b0d9eec9436a1b009280dffa53ed5 |
| SHA1 | cf417cbb4e009d6c3f50693db887a6cc6dd8a67f |
| SHA256 | 6b0d3c640fe9c35fb90181991cb8c7b24d25a30fbccd7f7a5018c6aba1a9819a |
| SHA512 | 5ee1e86915b317b8b629745c8d34449c4d8a8ca50f51f9114276a87bdde5fcf2336517bee09b1b12b833219b1c9eb9e9099064ea23132b1ea8e7ba8bd0c236ba |
C:\Users\Admin\AppData\Local\Temp\rSwAcYck.bat
| MD5 | 88bc7d7c02e40af35d8544f9ce02c781 |
| SHA1 | f0e71935c7af1424cc2a5f5befc6d8c185c444bb |
| SHA256 | 5fc3ec64a8a1033f46fde50f86a6d0acb7c5b7914947f1bb1eb877ff29d4e9c2 |
| SHA512 | 9331e2f6dacfd0f78cda30c2af7530c70aa942cd6cce2df97dd9736dd70f569cfccbf3d7ff3f7e13e3b2279f40eb82d08bd4d6064a76188457f5726922ecc99a |
C:\Users\Admin\AppData\Local\Temp\BIIkUccM.bat
| MD5 | dc3fd90a5a57dc0ed7c91ae28653e264 |
| SHA1 | f7150dbc490d9e605300710b8e2e2f684241dd81 |
| SHA256 | 1a70ce1523a4891c5a4e3f9e4e4ed20853cd54f023d193a5534988cc6229b6b9 |
| SHA512 | 929f088ac4002d99846b02ca4dc5b6a2517c6ed52924a40caeaae29869340f5ac3b7a6799653402e58d84bfdd9a37eb5887adf20d5e990083188832aa8cf829b |
C:\Users\Admin\AppData\Local\Temp\OgAokEcQ.bat
| MD5 | 4ea35e135bfaf7f5025985ceb90e8296 |
| SHA1 | 39985c4cbf5a7f2c8313a0ce54b6cf3ac0693e96 |
| SHA256 | 00042142914b9710111dfa6bb84e989ccb5b022ca9399d9cc589cf37601e2888 |
| SHA512 | 86ddaf9e22d4627bfbd0d7f69d13d67b315df417cbcee79360e2b85141018e4f5a7beb7f795d603c3aaba6957a441add724027d8dc4b1adeb3cd934dc29352e5 |
C:\Users\Admin\AppData\Local\Temp\dMAIIEAQ.bat
| MD5 | b58d9f46a4e90dd2fe313fc097aef74a |
| SHA1 | fb82647c4547715e706727ad37dc5b11ce5326f7 |
| SHA256 | 7bc5237b7e0b1bad04e1df9b21012b944b52a85cacdd2ab2f9a092869c828f63 |
| SHA512 | d28bce43b335530ace8ebf96610b0fbf4b51a22ee54b55d89e9f3d4b94e5028e57a751d4c83104e9f8cffcbe321aed6bbc3134164686de17e1020db3861e89c5 |
C:\Users\Admin\AppData\Local\Temp\BccMwIoE.bat
| MD5 | d86d6370d8844f954bb74a99a2b5daee |
| SHA1 | 741a3670a1cddaffad857e7a01fb2ff3e23e81d7 |
| SHA256 | c862afa1668fb626542e5e8324e958569c39b6ba90a86a300c284b0569d53012 |
| SHA512 | d6b2e7a0026c3fa4c4d54010aa02d55b0f4d3cd8eebc320c9018861468a281b0907cf6cc97f94bbbf219681c286b5704cae55159a78322d37e96c98f31f7c09b |
C:\Users\Admin\AppData\Local\Temp\RockscEg.bat
| MD5 | 4cfbb125e9878528bab91d12421134d8 |
| SHA1 | 468d79c2e0229e3ef8a5592b4df3e148050fb828 |
| SHA256 | f302f0ea1db5df02bef4e6520435b493640eff8cf840ac709d6b5e5f746b3f76 |
| SHA512 | 456f758725f611b3f01c1e5c0a87681d7d16606f92d54bd27e556665304487af14c4e4d05c88523d621c4a176be07d3ca45873be776ced94dc845f73a388253d |
C:\Users\Admin\AppData\Local\Temp\qSAkogAk.bat
| MD5 | 799d2ee926df508b0a1e96613951e39b |
| SHA1 | 3077c4f1fd2bd38335ff907a1553c93544520ea5 |
| SHA256 | 81891b46d64d2b78e0bd05938ef8b000d2364a1c236677e0378a5ae0d0afcd1c |
| SHA512 | 0eae0691e63be09be30836bab5df7e79e43a03a2f356c3fd37a53a66583c9aee5a5e21a1ce5b39622c87655710ad354c0dee0db6e7b682e11b78b954e7d4fb7f |
C:\Users\Admin\AppData\Local\Temp\VMIQMgkY.bat
| MD5 | abfdab3df1736a1d3cae5cb4a86d5a5d |
| SHA1 | e63de6d38e75109159b1b0c992e12f6f18afbe58 |
| SHA256 | ee67f1a08e8b791fe7be63d4bdfa701fdbbd1b69305effb1ebed0e96ae2b09c6 |
| SHA512 | 7c874d276a2a6f150abeccd177da95b5e31692f1816a87fd343bf7b6e7ba123dd2fa6d88d6e14d33d16fd6b4bf970bb7478abc62250112a43072ba742fc75789 |
C:\Users\Admin\AppData\Local\Temp\vosAkswI.bat
| MD5 | 01714ad9e435768874cfccdeaa3d94a6 |
| SHA1 | 2cb9dc17806b65b4cce1e3a44df30187c2dad327 |
| SHA256 | 59eaf94febb838c12d68e2c53a6429d42c02cd020eac34399e3a3c212628776b |
| SHA512 | ac3a22db8bb2fe950173aac705cd10853a22cfcdcd82f352b515ef14351298966b4cfbad6510b8cc1206498ec5597dd90f798a7454dbd1fbfb4dfcd27836afdb |
C:\Users\Admin\AppData\Local\Temp\SOskMQck.bat
| MD5 | 92f1dd300039f401cbb06d661aa2cd10 |
| SHA1 | 42efa866bb7b9d0f934bc6b98891e68c22a3f1b9 |
| SHA256 | 51ddd3255e8733891bf871a663c9373076e646adaa8b627674171e04883865b6 |
| SHA512 | 304c7812a0a41eaa7c8c8ea8fb36bae903813c6442f7705118d597c5bae0fa652298302ec81129a664461742dbeaee5f1b4ea09712fa1c27eb7fefdea3381a8b |
C:\Users\Admin\AppData\Local\Temp\XikAEMQM.bat
| MD5 | a762bb21ebae91ce5aa570d1c65661da |
| SHA1 | fc526cab23676f424fa4be6c81613d3759cf2e5f |
| SHA256 | 64c60dff7bfa67afc0c215e5c5d16c93a801617aa9ece2678ce03b9e9fe43979 |
| SHA512 | d1385215b268fb20eebfa962910d09333ce0cd6762e292ca1912b933bb477a05d95b8c8af6f8aab5206edbc8576484c7079ce23567f14e9bbe4ff21a883c46f6 |
C:\Users\Admin\AppData\Local\Temp\wiAUYowc.bat
| MD5 | 55a0e7fef30396aedc43e76c762fed54 |
| SHA1 | fc960f2606c07e48345504924605539b51f300f2 |
| SHA256 | d6b676654e293f7172838b4ee4736c515df3b99fef089f35c1fa38582a3b861a |
| SHA512 | 91d1f4308237215e1a0faec01435407d0cd7f5bda8f4ddf123766374f49de7abb2018ae58eb5fb2a4782f89ec158bc5509ee63d73a67cfd719abf1701c6722b3 |
C:\Users\Admin\AppData\Local\Temp\gCIYYgcU.bat
| MD5 | c6690ad255f100696c4cc36842e4294a |
| SHA1 | 5cc51f9ff0fc9dfc42720bdaa90fc474886f9bc0 |
| SHA256 | f120c13d83a735bfcdf312bf5cfed3e076e41b904549b682d9d18786596ff812 |
| SHA512 | 26d0604615da9999d492374a7f4d971febd8f1a2e5b80160cac577943ae533e2096a5bb8f3a53e883d8e4971e8f0d7a3d4f021d9f9abd35aae068af13c27d58f |
C:\Users\Admin\AppData\Local\Temp\feQIIMAk.bat
| MD5 | e919f454eb7dc052c306916c2133b480 |
| SHA1 | 64f265f4b95649796313e028b7959f5c3a609137 |
| SHA256 | 968af8771c3ef2908c8164c14c6e9de9e46d847190bc56a975c64463c9304182 |
| SHA512 | c300b4148ae6233555a2a7582e4b9da6785a3ee72a1a101581777ed826d5acbbd2097a09b85e06ad9085fad48b16cfa5abf5513d52c5077bd9c73e810dcb568a |
C:\Users\Admin\AppData\Local\Temp\jwoe.exe
| MD5 | 71f523331acf6c8046d874a626da2fea |
| SHA1 | 190898ee51a9febd8b22ade4e043346ba2b5d371 |
| SHA256 | d8a9fe835ae125cbc4bfa94d70f65a9e10bd271ab0f65d62499787286c424ad3 |
| SHA512 | 795948d4ed22e8560015f2eca307e5e0a44dd8f7aa688d292978ebfadc7b5291c8d3f0fe0d1acc0dc6d96d7ccefc97b19a226ea6c294a749a0c9eca6792038cf |
C:\Users\Admin\AppData\Local\Temp\Usca.exe
| MD5 | 975d70f59d1d534a68cf81e4e181cadb |
| SHA1 | 05b0ce3fb05eb9c2ba0441d5ba2b41998de3230b |
| SHA256 | b796478b386185ed8a1f3043031903e1eeedb6c2ba31808ce9c643e8fa864c94 |
| SHA512 | 6f8907d20b7c1b0a608b8e0778ffa67087f26592d2f69aa6ccb0b112953d00050b0491eb40737440554bdc7ae9e73651f4dfebbe643fbc311ac7c7a32606596b |
C:\Users\Admin\AppData\Local\Temp\ncwg.exe
| MD5 | 0a42694f457a2520aa7d57331f75f309 |
| SHA1 | 16687fdd85d2e548bff180a84abe59453cd90251 |
| SHA256 | 1300e2e2cd9d0aeff5335b0bc2830619cfbefbb494af04f54039a263c801b0d8 |
| SHA512 | 2e07b845090766e7609d35434c8c9b3cd66a0fec3d31c5d3de469e481301d98eeb0143ed755846a330442ed985bc34581d4037e3f16fc6d3bfcdbcc2692e83c1 |
C:\Users\Admin\AppData\Local\Temp\YIoogEUU.bat
| MD5 | 9102a06cf02a3df65284c0fc3131fac6 |
| SHA1 | 4365494bf283a940ef27d79bcd17138418fa13e0 |
| SHA256 | b0ecb88f30ead30ed0a035fc6e2894a90db86c2b8354606a25a07d614b022c7a |
| SHA512 | d870826c412153e197459d3d16663c6da8af70bfad30ce7b3f0c94428b33224b903d21a4fff2d021be15c6ee3e92228b80b5b0c96fca539858a5a7cb637c643b |
C:\Users\Admin\AppData\Local\Temp\TQQw.ico
| MD5 | 47a169535b738bd50344df196735e258 |
| SHA1 | 23b4c8041b83f0374554191d543fdce6890f4723 |
| SHA256 | ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf |
| SHA512 | ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7 |
C:\Users\Admin\AppData\Local\Temp\rQwa.exe
| MD5 | b11e94d939bc015267a188e3ce3f8a53 |
| SHA1 | ca71e70143e2396adfd7892ea2b50642f615107d |
| SHA256 | f1638f15c4458976be62d089d7996300b664b79d51fdfa051d687a3900a9d73a |
| SHA512 | db26206c4a8a0f86b91756be2600651da238616036c9f8209b199564636a42c2a10ffc968bcc6aa4fec906912d813706bb032e0b15a32ed34ab74edb3501c990 |
C:\Users\Admin\AppData\Local\Temp\WMMO.exe
| MD5 | 6cef5819c84b42d0f85c2f177ca55047 |
| SHA1 | 0e503a48d72f8c5d8b340e40191f259afcbd082f |
| SHA256 | e4ffc17174502220345460cdf4267efc1a3a1a94a76e2e232829a921e26b8992 |
| SHA512 | 4fcd189a9418c05176855e85aa458515d768eedb818d9232ab423de492dc5ab7736de900dabaff37a62f7f4d8f2db09e71dcf3897121a764532817bc8f401f22 |
C:\Users\Admin\AppData\Local\Temp\gwsm.exe
| MD5 | 777e814f968a83b540c540dd57465c24 |
| SHA1 | 5fd863c565f1e45829326b67771a4da38bf25e14 |
| SHA256 | 5656fe40a9aa4dc45dded15c76ba6d2d7bb4da1e6b7b2c7889ebdc1778c034a3 |
| SHA512 | fefbfc30b97ba88f81c395ca9accaf5bcef04ce9b0f21a50bd9b3615128fcf75eaa74a66e0530d5371f95501d7507f05b12f7b1287e5998f41c7afec1b84fdb8 |
C:\Users\Admin\AppData\Local\Temp\wqoMAIkM.bat
| MD5 | cf26c302dbedd6d6772acfc763f8211e |
| SHA1 | 5aae7641138c240e40a20054c3d5a8e14766fb3a |
| SHA256 | b2e7780d8f94f6c159570991e83d4e5595d52b9af221bf5c0aeba458db3f0512 |
| SHA512 | 2a45f46fbb52bc0bce759c4016a15a145b9aea5689685b9e0ec6993ff72b477e82b2eef3c08fa70d37a005502f44bc45a117eb1ef41982e5685192cd0013ea76 |
C:\Users\Admin\AppData\Local\Temp\NEwU.exe
| MD5 | e8bf304b8e055f0fc91673549d41ce06 |
| SHA1 | 66a5909bbffea05742293e91e0b6d72f32556efc |
| SHA256 | dfa4d5ba03139e80dc7d9c2777725b36faaefea79c8824a90c8d3649cbc9a80a |
| SHA512 | 31c13c422de592852e91f322601f861820dd2ea7ac5b075e7363561688fbfc121b4dfc8c17091798a1c0303f0f133e43b5d58e18508da1c230e241b76653f27e |
C:\Users\Admin\AppData\Local\Temp\bEoQ.exe
| MD5 | 52eb2faff39b3e6e1d60a66b68f62b48 |
| SHA1 | 50e87a42260b33c1fb7b70ce10472d94344c7fc2 |
| SHA256 | be0cf7970e27941b57d4746307b4d757382e091121e7455eb65966c65dfde87d |
| SHA512 | 0d3e026876069074fa3f03cdec0a92982b274c5e4658e7208cc3d93264a483a306de2408b66cc05de010147e4782f1b0c92216c89ee91921edbd2b28235b7406 |
C:\Users\Admin\AppData\Local\Temp\BMQq.exe
| MD5 | fed3874dd4a65945e6aff6d1ca080f33 |
| SHA1 | 3eb1acb8e0e0561701bece13c0c1705edba31ff1 |
| SHA256 | 30f45b028fe99dd552ad537d4ed2c7bbea1d0dcedee22be4086dd8a334a2250b |
| SHA512 | 240fec11b0829814959b88f08b31c2ffbca943fa00343e7f5e723c1784dc60ea7af8eae63b0539d2c52a6dbf73061118d34cb1645dc3ac61713707db7047867f |
C:\Users\Admin\AppData\Local\Temp\juwcIQME.bat
| MD5 | 54c5958f53538afb13d276470ba02715 |
| SHA1 | 1b702ed7969c475747ff1d6be9041fcadd77d36f |
| SHA256 | 46a2dd68f4f362c84300a6091a28619d079c5aaf0898b6918ce68134e1dd9241 |
| SHA512 | 9cd3f90f2263c6d15b1856bfe0c7e8d5242984c5070c984e2d4a540ef368bd919124e07fa407de9c5b733dcab54d0300221a81eb79d75f10ba55afd422a6d0e4 |
C:\Users\Admin\AppData\Local\Temp\Lggw.exe
| MD5 | 9ec4b3be3b42f6d9d1509ccbe05b369b |
| SHA1 | 75bd618e0278c59e11673a8d33846ceed6b77940 |
| SHA256 | 1942c772c71e75fd9b3528b519fbdf2b83f380aae571e3563f7c77c104fc6c08 |
| SHA512 | f07780c4054df7033a307b2158a73d0ed79b9226784557a0657ebb842a6464d08495f4056682402b7719bfb7c1a4440261352e532532bd1f9286f25ae3845c64 |
C:\Users\Admin\AppData\Local\Temp\gEEC.exe
| MD5 | 2bcd23232f0c3970244afb541afe7ec1 |
| SHA1 | 72fe2e18e44b88840408d6b3ed85641820c785e4 |
| SHA256 | cdc26011977cb133dda409fe3b8abd23ce918f1d392f74b7cc6483f550433641 |
| SHA512 | e9787c8019823a56a42b129bbe852dc9a1fbee5ba37148e78d6383eaf825ff9823738f8a8cc55d13e8cb440cef7a2d3f41a646bfe545199bd76839adf7432d89 |
C:\Users\Admin\AppData\Local\Temp\gwYY.exe
| MD5 | e47a9e0b23eeaee14cd33d62a22f4f16 |
| SHA1 | 891873a9fcf1774b8e2e8adf5a5a6b8d9455cd92 |
| SHA256 | d77ae37f19ed22989d77e6488d38b7eea128e5ae1ddf27661e21f764a74e6d6b |
| SHA512 | d08c285c0017d05153a7cbc67e71a8e289211995b82a914858a93752bc798c2715e34ddd9b08127f6b242e028b1f9da13e4726b1b7c6b5176ab173a8c70b76b3 |
C:\Users\Admin\AppData\Local\Temp\PAIQ.exe
| MD5 | 9e944d0acaa7ff2f7b1b25cf574f5509 |
| SHA1 | 1793bdb0bd913955adc3b3990173543afd7d3239 |
| SHA256 | 3e103423b597616d1addfcc7846f6a5175709eda60a9abd9e98ef586ac61e786 |
| SHA512 | be492694f60cb5554b9688dcb5e98ec97b1659634b597206178192c8b236fe957ed9506e399c1d31ff6699be0fa35a90771d548ddd7e70a8bdb71552453be4af |
C:\Users\Admin\AppData\Local\Temp\gQMm.exe
| MD5 | 26a37242bd4d6cbf18ae3bacac4ef716 |
| SHA1 | 8f8d55da0f6cee5232b437735269fa6cc8a0522f |
| SHA256 | cea677b9a972399cb2bf7899960e818565e8770768206fba813cb91eefda9366 |
| SHA512 | 2adf56be358351343f21056842a0dd99a709c2064d5129714fcf793879ccbdb99837270949ffea3d55e0a03259ce4f3e77e3ebe367a247201c51757ed1e052b3 |
C:\Users\Admin\AppData\Local\Temp\hmQEQwQY.bat
| MD5 | 376f8ba8a03dcdfe1267579cb6bed9c3 |
| SHA1 | aea3b86090c6744b63bf2d8cc08687e79fa44f28 |
| SHA256 | 467137a6e5dd5fed25d579f42fd37a2b01306e042275eaa76de2609d37362e70 |
| SHA512 | f0ebc056c57385ca91889cad0c619b889e9627dcce5c63062df868b5997ad55e4f10c32fb6a9fa3a6e5d0f98a51e70fd3bc4c2506211e454c59b4826159c6b6d |
C:\Users\Admin\AppData\Local\Temp\gIIG.exe
| MD5 | abf6f9c48fc6a0a82c60dd6772485537 |
| SHA1 | bf251b0eed58ff5a081653ea89ffa6784880fc3a |
| SHA256 | 974a732a1e3180b5fc428c177c8a60ba63cfdda32ae1aea28e49f5c23cef671b |
| SHA512 | 45c51996120373e919a86c0b6b09ef7e235f433f2c1fb2d131561fe2b967a287be4bb32b8e7f74ae82c51348ed7621da708d391bb97149195e89d4aab159a464 |
C:\Users\Admin\AppData\Local\Temp\SMok.exe
| MD5 | 67b73b232c670a6a0e4762d7b14e966b |
| SHA1 | 72871681db50cba5af82b2cbde28c843f174b27c |
| SHA256 | a123de88f707a8b0de3bd78c71eb019f0236450da74b12dbd49f04f8563179cb |
| SHA512 | 47aea5cb152c6c0be4a9f724f27773905b13a7264282eafdc46509e207d6e892263c6c19025d2373fe941b86c89fcd32919994b9aab56121219a9931692c5fe5 |
C:\Users\Admin\AppData\Local\Temp\vwgC.exe
| MD5 | 1ffdd399fc4b9966c2a9449528cb45cb |
| SHA1 | 5c9f7262b8331f399331350378babb1358f0f371 |
| SHA256 | cd6ba2d0881a03051d3b5cba9a7ce2a2b26175e6d9cf1af67d697f65d3910c00 |
| SHA512 | 7969a2b9e32a50595f3411e8bc0315f09b29904cb9fc3cd44803f7a80cd242fc643cdd384df0306255d9e7b6c17e0da323fca24028c2fb9157e78edc6c99bc65 |
C:\Users\Admin\AppData\Local\Temp\vEUg.exe
| MD5 | 37bc669b270ab2f73cfc14d4d2032221 |
| SHA1 | 4ed20c7a04039f63c9b209c65ab2cc0ad6513072 |
| SHA256 | 6bfbe3d4a90635a2ca4e9d1d3520b8e05f0bd5f3bce9c2daade6569293582def |
| SHA512 | 5bcf7bd4bd9e1fd42931db2d06da16d21c5cff48110382a0b1f0fc2811ac56be8302003cbb9cdabf44ee905a21ed1b51fb42a78992db931d2a6d2a01bee05ee8 |
C:\Users\Admin\AppData\Local\Temp\ukgO.exe
| MD5 | c7cb035ce461ed5f4de45d474061b7e6 |
| SHA1 | 7aeb74b92647d0c7d57517542ad342c23531d862 |
| SHA256 | e0d1752082a30eee5c4b32d78e4fca107702f54865f4759445db3c794a8edc93 |
| SHA512 | b6b23f78fc9ff37b2fb4635b5378e78fcb07b458f1187acb03f1c312f65c612e0909776216e9c289ff5b4b23cfa524e784350127d7956415d32468e8f2e2d069 |
C:\Users\Admin\AppData\Local\Temp\zUMg.exe
| MD5 | ea36fbef9e49b1d9059e7347b0f586c6 |
| SHA1 | 8389156dfe8a4b836ce985f79e1fc360f2c2f1c3 |
| SHA256 | 3c02e9665bda9310713e7ceabc772dac7a0d35319c2772aa22213701c59642ad |
| SHA512 | 1562ec455b389a330b7c95c86e17e4cd11868e60edec32aa91608acf38a945b1fdd2d6d74c1fe27993b36888a40ce43cf3d5075de3a9487ebc4f3bb462c812af |
C:\Users\Admin\AppData\Local\Temp\bMgi.exe
| MD5 | a9fb258263c060d3e877a8474a93b0a3 |
| SHA1 | db31f2dd421a1a337deb94aa081b613965354fa7 |
| SHA256 | cc0180342d87bcf8bb3284c8bbdc76b2fbcd7464d61476192adfb8e66261b429 |
| SHA512 | 03508a20a497230df0877cd351abacd8a5cde3a6512987df4bcb167cb16a3c365d9eb9b82fac4fd1867905c04fdbf67ead2434de15f32d2943f73099bb1b2552 |
C:\Users\Admin\AppData\Local\Temp\TWYQwAEo.bat
| MD5 | 6247fcb0b8d56e22edc5caf6bc1d0a8b |
| SHA1 | 7f0a5ea021aea7e55377433f953f9f81a97a0556 |
| SHA256 | 5be4645906d637b4f7311212c91851b64a34f83d48e87e18689a33a940e76c30 |
| SHA512 | 57101d1b02efac060f2130ee12263a98a79a7a12e4b453d351a8ab2b0ec151053b88a0ea16b0e87399d6778a083fea4e189784d6c68d8e06b505802d72b9bfeb |
C:\Users\Admin\AppData\Local\Temp\UUgK.exe
| MD5 | f5e98c22857dc98f1ca5144cf55715b3 |
| SHA1 | b1e96a63b57117862b8dfecb226746c27c02283d |
| SHA256 | e0a0afdc47c5d637174234bcef1b11bc812d02929a16a168257685d6034f7aae |
| SHA512 | 5428120dc0558734faebd448900dd480f9efc39874820d6b0ab0404d5c3fbcb6037cdc6c8924b55d4c9e34a4c3a6ebc3b0b8f5775f21efd419e24885b7054c45 |
C:\Users\Admin\AppData\Local\Temp\YgYe.exe
| MD5 | 604a251999ec2e1a689440f61fc18f43 |
| SHA1 | 6fe634eaf772c61d0f9f283700ac33ca4829ecd5 |
| SHA256 | f0220bf942d57415e7454e6118ad7aa469295f667500d288362f7ebdf97f2974 |
| SHA512 | 7fcfd3cf2415a099d2d538b069e92090bed66554aad88f9073ad1cb98be4cda1a1fa2b8bc9819689fc627ee18883ca5972a42c70d32042be5bcfaa8ffff0ffbb |
C:\Users\Admin\AppData\Local\Temp\VEsI.exe
| MD5 | 003a5adcd66dcdc7a4ac1c5d7d36e618 |
| SHA1 | 58298b32051d339f7015f61a283d1fd87aedeebe |
| SHA256 | 5ab726606593cdc0db8e0f06867dd49518f185ff5cc7a011f4edb530d71010f0 |
| SHA512 | 2fca8565427c955bc604507433fbb72cc2707656e073373ce7060a5adbe8d59c1dd5413c739625f4fcb38341a40c22dd4b65cfe36e348cdf23b30ec584923cc8 |
C:\Users\Admin\AppData\Local\Temp\zCAUcAII.bat
| MD5 | 15b35992705d77c8fe2805469c2b45e9 |
| SHA1 | 0d029d47696fa5f52c8f06db117f9ebbeae7b441 |
| SHA256 | dd27bc56727ac530db9045aa58c99785fc31752855a688e37aecce2c8286ab42 |
| SHA512 | f9082400f8401db93ab1fe0389f7744fcd70f091974620fc730d0f339fee3c92d5eb737377e6b546c85a97fb461241ebdadfc83335c26a9b92a2e14808862675 |
C:\Users\Admin\AppData\Local\Temp\wAwk.exe
| MD5 | c682edc93ced68a9ff78c805a03aa2ae |
| SHA1 | c5c5094bcff6461b7193836b7c3afb17135f6671 |
| SHA256 | 0ecc84cf21ed4ed92ccdf2d42ef8bfa1962bced66a7c54420f69a03c49dd83c8 |
| SHA512 | 59c868f475d0d989aa614a5e81ae63076109e70968a5402542a0b64ca478d460be37961294a1ce5d20cd4d4569543d7c1bd042023f2d15bada9a64bce0a23c22 |
C:\Users\Admin\AppData\Local\Temp\oAYw.exe
| MD5 | 6009cc8a4d57b0790bd976b7b5e57ef3 |
| SHA1 | e522dcd99acdd8475987a8d1eb3a4b16f7f24d4b |
| SHA256 | 4d769de1be6a79761c810060dda75cf94ecdc7e37c8b91be6dcec1444a7fbd9c |
| SHA512 | 80424f7414007c30af4744d82439902af4ed9368be08e10b3080441b2e23cbd6caad18dc096e294592fd64018d246e9b7dfaac3368f205ca6a7a721f273d613e |
C:\Users\Admin\AppData\Local\Temp\BUki.exe
| MD5 | 5ea2495f2c99295fe9011621c2903e4c |
| SHA1 | 53fc04e36395d09eb1ad401fcb3465e4f896982a |
| SHA256 | 4007539aec30815bdada4b07fbc3c97cce564df1be17c815831f5d3de5d7a80b |
| SHA512 | a98b3bcd8589138c7c6f5cdd389c62c79d250150c5ba00eba493e703fe36330b556a9b326e6450473b1622b05237d64c1979e99b2c79e73759936c31af668f45 |
C:\Users\Admin\AppData\Local\Temp\GCwoowMk.bat
| MD5 | ad76b47365aa0b420e0332389832e013 |
| SHA1 | 0254e0cd14a3c4c5a163e8321a02d3d3d5162332 |
| SHA256 | 1d0d2dbeb12e696117abf7801f262a9fd9c0d804d71ceae991042bec24a165ff |
| SHA512 | e93d788c75d8e15fd569319aabbe7ea9f2952680db55b46b539ecfffce25c06e15e75c2fef5a4b012b7279bcaebcd5f86a3aa45148c2b43a5fb10618220f9a0d |
C:\Users\Admin\AppData\Local\Temp\tsMg.exe
| MD5 | d2d87ed0d75b1914d51cca2631107c32 |
| SHA1 | ab90553acd78ef4622ed1b7a7049d82075efce48 |
| SHA256 | 4a9ec5bd8c82290c03327f09cc696bc0b543bf06cbaad6b4b2bf89cf4fe0e5aa |
| SHA512 | 7ccfe9b10fdae85a508ed0b48ac99e0d62dbc8486a38b596d052dd189032c2896caa43dd9dc422689fa36e84ec1f62e7b92cc5b29548a3d5adc3476063ef0247 |
C:\Users\Admin\AppData\Local\Temp\nsYI.exe
| MD5 | ad4d1f4db79e96afae91c1ca36d9f8d8 |
| SHA1 | 82887d0d070785930e49077e48269dc2b5770ecf |
| SHA256 | 77c0095109edb184ebe8b9c39806b89a22ea04b4dee122fd3267aa59af8d2b52 |
| SHA512 | 8791ceef8ddbe954a03bc2c3c912b0dfcfb8de5a59ea451c7f4e4b48b3d75263144ceebef51278431fc535f4f0f83012414bf8cff0808c0adbf14d940fbb70ce |
C:\Users\Admin\AppData\Local\Temp\pUUA.exe
| MD5 | fcc2b788c16488d247049838a7bceb15 |
| SHA1 | f0e03b755297b00cd1ecdb8b376577d6af2d28f6 |
| SHA256 | 711968145fdd7879838f2cb2031a1493f20bc49be00a846d251a5eda4239b267 |
| SHA512 | b3d449ea22f1c4c6c429d63a98cc04a8b57dfba9947619f527306ef90101ed2e8a3affec7c96698fba956b2496d322b21623eb997036fd1a85d1feed73983bfe |
C:\Users\Admin\AppData\Local\Temp\jcYE.exe
| MD5 | 8e1ac0383909829d43baf0e51c060a74 |
| SHA1 | 726e099c26cea7f9da6499416994b2054fea1fec |
| SHA256 | 55ee05412aa29772073b860167e88ad8d3a05dd8777174336b73ab0b4760e1f5 |
| SHA512 | 17532e3ffe45fa4198e3171dad8921fb0fb7c9dd6107437af42e4380504900f8ef3c1b5da9ce5582d7b4ecf9b7943ae5cb542cd3a430e5244b8398a950c2d003 |
C:\Users\Admin\AppData\Local\Temp\qkQm.exe
| MD5 | b57cedbafe5a6d3fd2c2dc7ff3448fc7 |
| SHA1 | d465158c0c4ab7491b91f17189b8830a133f75e1 |
| SHA256 | b263f4508a82aca27929f782affbff42e950b5543e15a5e51488fbc83f29953d |
| SHA512 | a69781397254ef88bb3acf273dc0586988df778826b33cfd783b53fb2cd4c5afa53ebdac19ee715751a1351528b7d2f32634325c8cb31c8f6c92534542481be6 |
C:\Users\Admin\AppData\Local\Temp\msQssQAU.bat
| MD5 | 58ed8948792603f3bc9d50b372d21042 |
| SHA1 | 2dd93795a0a5c1114121f6a0e0081fc9fa0ae970 |
| SHA256 | 35dc0bf824982beb3145a6a9fea22b397a3fa8d1c49eb3b6e843fe958256ae99 |
| SHA512 | 2c62de2b17c04c9346f0385f42f4b7cd14bbb967a6568e8bc7b914f30fbe8c0dfb1da258b5dace215809028004561f0e5423a2bb022591404eb0ed668ffe5083 |
C:\Users\Admin\AppData\Local\Temp\uEMK.exe
| MD5 | 82bfee64a445435c9e0c10b7723e734d |
| SHA1 | 841f9718ea0e82b04cdaba2c47d1aba059573882 |
| SHA256 | 14c8ae02291c0786425e1a952de8064bac27184c4a1946cd1546453536e3a747 |
| SHA512 | ac35e8e88960f10fcde73853282fe7f57ad86c3569d8f72197675ba76e14b4a16a6f0b6c68b33ad8c3f30272dc8a0f88c71f70f72ed7ed5e991bf1e454acaf55 |
C:\Users\Admin\AppData\Local\Temp\Rsoe.exe
| MD5 | 7ba6fbd54ced11ea5bf9668d08497998 |
| SHA1 | 4b2d2744319b28eb9140093cbf81e2c9d4001bec |
| SHA256 | 7de07427ec3d9b2f9f04e06a5a347761d4c8982a77cfdd023a2e128bca7354c6 |
| SHA512 | e34768a2783d31f933eb382d8f23546dcf81dec73365dca04688e0f04dd6038f9d2d324e4b7462f9e48e39e94837f2be9253e63760e80e732c0b96ee8ee4fe58 |
C:\Users\Admin\AppData\Local\Temp\VoUk.exe
| MD5 | c89025fdac032136a4650d0ddb5e2320 |
| SHA1 | 82f46154cc86e62487bf8c51caa69fb4fb3e7ff4 |
| SHA256 | ea24ae82af6592a6e3316fba9e5c99b23311ff2b8ca2fd3c8251c484d69d45f4 |
| SHA512 | a6f7917ebabd0edd2cc7af58235dbdfbbc5bb89a00667f83004a54356e480e857c7c942dab615dde3d09c1acfdc1850d659b686759afc2d88d042019ffebfb60 |
C:\Users\Admin\AppData\Local\Temp\XsEs.exe
| MD5 | 514548d92b7d28cf0498c2bc8cc50b96 |
| SHA1 | dff8957fc19c46df15939485da5d3ef2bbaefdf7 |
| SHA256 | 3e4a8d7715729d6602bc4de1a97e752bdc4b202eea0d10061bea3606a4284953 |
| SHA512 | 24d8dc633b4ed0dd5ba3a234c4e55bd73d9b0fb7112136c00d23701da4c91c75ec2ba58bbb4c69930d7b1ed57b6c155c1332f4f97a91873cf6336de11c32185f |
C:\Users\Admin\AppData\Local\Temp\bQkW.exe
| MD5 | 07aa0df2f57df45f769133e7150122fa |
| SHA1 | 0587d1d17785b9679e6702842d37fea5e8d29152 |
| SHA256 | 8f1584cc0ea8a2088059e0cc0ab4b8c89270f8979d2aff05870cc787716ebf89 |
| SHA512 | deab52ecd9119b8f19f5a0a087faa0fed36a43924e9c3058f090bbfa7d4650ff64ff1a88cb13ab1df550b6f6a2e81fc3c80e0c771e26bf61738626945467259c |
C:\Users\Admin\AppData\Local\Temp\yAwswgYE.bat
| MD5 | 04103d0cbaa7354285c54cfad39387d1 |
| SHA1 | f5d691e07082dfc6cdc8357d5a01226efd552f1d |
| SHA256 | 7c47207a1f32a967a45461db78c3a2710ca1052b9cb1f3b3750626a824dd0566 |
| SHA512 | 1dfafb2c744385a35c626aa9159b3cc49f69c541e4f4b5c782edb835122dc8ea598414a083509a455a01168bb25372a8af0401998993c41fe12eef5eb46a29fb |
C:\Users\Admin\AppData\Local\Temp\xoom.exe
| MD5 | bb53beffc00bd2e13957b6636a0f68a7 |
| SHA1 | eac8bbfa0658cf3c467e8ffd03f04e340e411719 |
| SHA256 | 244b789f1d88671e8d126c2e279589505a0ee4fb9fb3f1b266bd6394af6b1495 |
| SHA512 | 775b3c62836b76389bccca0b5fdb183b208b11609e78e8169ca86cf5f0e07ac075b1e3bcb81666a063bfa3a7e536306991089d951e3064ccc769400487211ea6 |
C:\Users\Admin\AppData\Local\Temp\bEwi.exe
| MD5 | 4d5d33897b5a62d4e3759700d4596976 |
| SHA1 | 9dc8f5e8ac7954c427d2a907d3e4ef154df9d730 |
| SHA256 | f70d5068c39f03da05c2b4853051f13b190ab004e48ad724f9fea1ebb37ced74 |
| SHA512 | 155469737c7abf10aa0139058880d5063b36620d9c2b4f3dcc840391a45ea4a795c77c5875941027d1b0fe8285347faffdf48b67db1913b4451cc0efb845ced7 |
C:\Users\Admin\AppData\Local\Temp\nYIY.exe
| MD5 | 486ce7efb07a92da851e52ee4cc5e9b4 |
| SHA1 | 6b7b82a24991bdc05ff32ed6f05fe7d17d4a2bfa |
| SHA256 | 353b5c3a89199f58946ce972d1ce31943a33d3e777111b2cacd7c8a50a1f967e |
| SHA512 | 81d86ef1fb93b0f33507eb6ab1c32669c7fd4b787a23a382903353b777905272fef466063677aedd28814164385ca4df708cd5cc558918c2cd6e419dc9238630 |
C:\Users\Admin\AppData\Local\Temp\NYYi.exe
| MD5 | 50ef45a5e9ab578d93e7aafe81e3b0f4 |
| SHA1 | 55444cf278fc103dcf4a711559b85644b0a1ea0c |
| SHA256 | 58ac90752580f02c9e78579911650533341796a43966d3b1ea3103940d0f77ab |
| SHA512 | 663f58665a54796ecb059d40323afadc85882c9e9ac6cdb3d68287272f9e81297ead6f36f31de5499fc482185daa1480ac59cc029eea386f49e0b2213e90c2fb |
C:\Users\Admin\AppData\Local\Temp\ooka.exe
| MD5 | d4ad0218593d4c23260883b5f21c31bc |
| SHA1 | 1cff349a0404c0c490edce006027dcb6b070173f |
| SHA256 | 5ae6f1b184d3837ab5f43621584515f7cc9bbeedd71566953190cdec5ed18761 |
| SHA512 | 4965b72121fea2382f193d520e78ba688d3a5491d9876e8446a0b65ec82582e6ef0e574616c4aa0c77957a96c28e56c17ffad1f295f90a2bde5ab1b938b57c4f |
C:\Users\Admin\AppData\Local\Temp\gEcq.exe
| MD5 | 30e052eef4f6022efc09901e7756ed4b |
| SHA1 | f0d49c06e98726626ab3791b97a3e21577ee46f4 |
| SHA256 | 082f4d778606786f13a00593721a42ac74816a308c21b4bb1ff8281563cc6445 |
| SHA512 | e9880a7ecac49092d5a92553305b97b853e8db0536b7c6ccc453da518c1828e37172b2b9af6c9e74a979cd8a3b420c1d4b22d8c033ff417d3aa3a1136812979a |
C:\Users\Admin\AppData\Local\Temp\isosAcAc.bat
| MD5 | e357ead5e75584a6fbec2262ad13e711 |
| SHA1 | 012943e95f94148f6ced273b843d88bbff7426f5 |
| SHA256 | 5a206f7ee76570f26d5d1392a5567f1c91b98c23f7f986d3bbce37bfb08a7880 |
| SHA512 | a5303c98a5a2521e648086a8f1d13555136a6d172bb4198ca1244000313fe93254528c310858203f6df7707e11f4bc0484ca572e142e76469bbbd7f6151c0942 |
C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
| MD5 | 9b9ca11d35036652eba08a3f6bf00070 |
| SHA1 | 20dd7e22fddee0468114dfd062019b1165b1215b |
| SHA256 | 63cd9a2716ace4e9ebef121c1e648c5c2c0382993f979b0eb137d6da0d163abb |
| SHA512 | 89ccb54e8c015113782a86e476f2ba506532afe4bbb49425e9dc36ae0979c937b8fb25edeb6f70f126df17b7e805dec8f27e858b646e6db3d41d8614135fe54c |
C:\Users\Admin\AppData\Local\Temp\FUcM.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\YQsY.exe
| MD5 | 7d80d65c20ea0c657fc77e261b91c481 |
| SHA1 | ec9a79e1c84ee207d2c35e5c1137ed069a97a6ce |
| SHA256 | 345d1ea6ef37a157577c5fbefdf3cc0ed49300d856875b034770a07a92155814 |
| SHA512 | b9dd22454a124ed72538d347d72409e59bc227bd32ceed72229a929e377a11652ed6be889a59ef04f6099b5477710e61b1dbd2b9ec38bca5416fe3af0e8a9e03 |
C:\Users\Admin\AppData\Local\Temp\lAIO.exe
| MD5 | f84584d9d98b6e41ff6c4b9bb6b4754e |
| SHA1 | df76635dffd3177043a665305ad325a45d1ce1cb |
| SHA256 | 3cae80c74173b255760e48e76653144f7fd7e1cdfd7773a14b20e0f85d00b44f |
| SHA512 | 90d755c0d12aa0e885c7516aaeff9308500a7653679fd8a87a3ce3c4ceecdb9299b9456766e29600e44e0ea35210da15d58f009fe39d8214e4dd70abc6ddecec |
C:\Users\Admin\AppData\Local\Temp\gIUYAUAI.bat
| MD5 | c2539c8f8eb81cb1a6567d64e5423288 |
| SHA1 | a42d48fa84f920e20bf2b9ed036efeab8de24d2c |
| SHA256 | ee82af746251773678245414978b942429a01a01abb9c067e639750b113854ae |
| SHA512 | 76e4f94dca994f11b3e8972c53c7a8821abf8c6d95bdf34dbab43dee4978b8507248a84f9fc61906b571e7371c9fbd4a02731913b6a51679fae81e748e27e92f |
C:\Users\Admin\AppData\Local\Temp\qgcM.exe
| MD5 | e7ceca2c2ca8bcb758f99f097841602d |
| SHA1 | 203c8748968b1503c36d0439e391344c402567cc |
| SHA256 | 322dcae89c75902c9e7539ac37e7edc164d98b9cbeca366e9f27866c61ff945b |
| SHA512 | 698f6f2c65c5d402cf9baf505f7eab083e827128e9c9357b2303b4d5abf61837e04c9e59e3aac37448712d721cd2b17da4ef41acbacd1ffa459a9360cad57864 |
C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe
| MD5 | fff7a231c3daaa0d037d9d0ac82960c4 |
| SHA1 | 744030d5fac6e0e89c48f7135cfefdf41e2a0c09 |
| SHA256 | 70c4102215f79b2695c98adfcb87f8da4d87ea677dead5c00af164f8c4bbc115 |
| SHA512 | d0094ec36243513e9033a7d0d1100e1c8b5c2ac446dbaac122d1d21d25a442cffba170686b00b49200dcd34a031e5dd0cb362b1387b491cdf4fffd1c3ac44878 |
C:\Users\Admin\AppData\Local\Temp\vgYsUkcM.bat
| MD5 | 2f8ad166d4892b4ec0c6d19eba72fcac |
| SHA1 | 44979a8acde52add6d482054dfea0b0f2feaac80 |
| SHA256 | da25679554cbc9573f4e75dfea96294aa8df1a48f3a103454bab66a2963ddb50 |
| SHA512 | 07700f5bca35e937490282bef0c3b0f04fabe0ec9574be06a1ad3640df3e1b69e01f2ab8f538c3fc6a3c93814d94b1f307538fa40d057d053a9cf97333ebeea0 |
C:\Users\Admin\AppData\Local\Temp\boowEwUY.bat
| MD5 | 2dc0a77cabc23996964538c30c686d21 |
| SHA1 | 6973dbdf5e2eb2713f9eaf516d01aa243ffe860a |
| SHA256 | caf8ff9f03e8392753b966f9a2016ea175a276381566c4d27b1a54b40086a9a0 |
| SHA512 | 8f5a98be3bc0b70bf40edaf4464a1859e1fbbcae32d0d16aef25828b75bff8d85ecca6b8715aa486a7880e5e32bf5cabf55a45ef2b1697d9a8f4f8ee33502261 |
C:\Users\Admin\AppData\Local\Temp\NYQAggEU.bat
| MD5 | 1513465d9dfd384e1c573b0399aca593 |
| SHA1 | 0ec166520eb7e05b96b2099b26ff6dac3c85b42c |
| SHA256 | 08d86a32900c8f88abac7c3ccdc4ecf9af3962a484c44f870b7b1312cf3e9ced |
| SHA512 | 128b7b06114a9569b0544ddf7028411a037ebe436178dd2dcc72387b19450a697746485075a07d76fe1fa0fe111146d065068e8cba0fc7d4ad1269a77035d1ca |
C:\Users\Admin\AppData\Local\Temp\yyUEkQcY.bat
| MD5 | ded72e4e6bc182905b9fc149847d497a |
| SHA1 | bc7cfb705c3e47b140abac9cadb78188354a4dfb |
| SHA256 | b0fea18ca3043aef2ef914e25ccee6cbae437280520a91d3c27565e2b4674463 |
| SHA512 | 70e09ab03cc45736471c1c32d545133fb8cdb2456c5e5c759c94f1b56da5fbae408e915f238136578d776193c434489dea9fbc273fafabb46e866ec22e9a457a |
C:\Users\Admin\AppData\Local\Temp\bkwcoIsw.bat
| MD5 | 80da9117ef1cc552e96f4af2b9ecbe92 |
| SHA1 | 4798b6871cb1613d4eddd946b9e13c320f2e1583 |
| SHA256 | ac53263d8a20786b110e149717ee11c2c085ab7ffe9d2c727d63d979ec4dcd9f |
| SHA512 | 83358d31f6f49b52527c9d6fe60eebbc95c6644a0c22f871066723b932803d65e3d5a74ebba43bb6ae69dd39c3592a090ab84bdb841cba6ebd74ddf1563ce31c |
C:\Users\Admin\AppData\Local\Temp\YGsYcUgA.bat
| MD5 | ca67e4efcb82bf33d2d6637cf3fb8e08 |
| SHA1 | 2d165a802c4693e07c7512e19ef08ef9a154a339 |
| SHA256 | 5d6f1d7ed052a7a46823dcc0dec8983fdea2dbf48569d6c90233aaff779e9885 |
| SHA512 | 4dde1fec7f6f61376b9b1265fcd893fafc76ecd0762a945c20a42eacd6cbfba712507cd218356d2ed02e8ab434dec66296b071a71005c0953cdaabc5a702d9ad |
C:\Users\Admin\AppData\Local\Temp\EykEEkEE.bat
| MD5 | 982b87e62087acb8b9348858b69b754f |
| SHA1 | e80ccd0c63929543c11c0c8781169d6f3042ff96 |
| SHA256 | 8cccbd2d9c2100b16a44fd59c2492874354169ec679325e67204153dbc1874a6 |
| SHA512 | 0569e79c95d4040326cc224ef3bbcd6e03790ab3b11209f798cd0f86df35c6447a913c7ab5b95bf5b8592ad36a6a35e1855a41cdee6e0c8b86285a57045e84f0 |
C:\Users\Admin\AppData\Local\Temp\VwgwgkwI.bat
| MD5 | e52a2a1eac00ce98e9df1e0e5e112b58 |
| SHA1 | 2e21dc0778e0b9160f38676dac5097663284f33e |
| SHA256 | 2e5afa5e2cb4e4d744113d6d506a32e96a7125d946a9f6b94fc690f214055912 |
| SHA512 | ebdff1bfa1cd3a09e6eb1ba420159ad20009a206467b183bba751a1a2f9b8a7291da87a8ab9194f18253adf320b24720cbd02117cffc7742b9b224da97d85e92 |
C:\Users\Admin\AppData\Local\Temp\VEMYQEEo.bat
| MD5 | 92979eda28f674b03fa8ec8e84224f98 |
| SHA1 | 33a62ef9b2490fdd0ac32a437f0aa0196c03d01c |
| SHA256 | a8da4138937fb39ebb3f216b56d37b8e9b3fd19bdeffaec1a234d0572a788646 |
| SHA512 | d7cb8624f3c870a9f329db5dee4c1e82095c5bd38a067b0477c75dd502c3660d120c16f86adf5febec1430d7a5f1df9bceddd045d7f4d689867aa99d5e983e72 |
C:\Users\Admin\AppData\Local\Temp\AcUAMcIk.bat
| MD5 | 7fd1018afd9b07eab0be8190d152230f |
| SHA1 | dcf91927b5e41b48c2ce6ebc098e5f1f13a7340e |
| SHA256 | 18fe6a22444641495ec6b7df5db460d870c7dc1b2769d9aea4f4fc60242e1177 |
| SHA512 | 7692831f89e5c5a6e4fd2ad7ce67680a0ab0744da1dda5a2789ea4fc2fbda78ef70687f8561075b66fd1bd019aea68c69d4170764fb32d1122b2122f0d0315e4 |
C:\Users\Admin\AppData\Local\Temp\PCgsAQAE.bat
| MD5 | 30bb58af4a57a4846cff4fa9ef265757 |
| SHA1 | dc52df0c5eedf9b75bd7500b01207f04feb1ac68 |
| SHA256 | 90aad943019a44b1e6212a2033145f262f6d2f24790c099f6c9e62789338e445 |
| SHA512 | 301271b7970a85e305080ef634c865514b6f4e8b7448eb85e6302f4710a7f5a58fbaac5503eb6bb04efe743a15cc93799465eef191c746b822b84795ee8608a0 |
C:\Users\Admin\AppData\Local\Temp\XkIW.exe
| MD5 | 0d1a7daa8f3b5604e4a1378893ebad49 |
| SHA1 | 6e8aace8f78037265f7df6b826b726e5e30fe7b2 |
| SHA256 | 9a7579bfb77857896c8aebbcda73f1fc6cb7aa092bc503e708e07aeee0908ddb |
| SHA512 | 77dc6bf64e8eb4368bb7b962f869cfaec589cd5919a9f2f61447f2494c4ee4f24aab442750cee9b1a7c7c6d81ec2ed7b69be9c6f67809c9f79fd123aa3e19c44 |
C:\Users\Admin\AppData\Local\Temp\lwgm.exe
| MD5 | 10bb701686ee5de02f5eb50e63af5af0 |
| SHA1 | ae9a9e8b4d24429e7b6330c868c9d26855f3d732 |
| SHA256 | d6fb51fee1fbb9a55a74d4157dd3ccdb7aa018d071e3102b39e9535b118754b8 |
| SHA512 | be7151334297ffd77209a1ec570d98af25b543dcca07dcfcc85eb9d3fcba331e31514ac53980ec95adabee5d23e72f588ecee7ef95a76cbccdba486986151cf2 |
C:\Users\Admin\AppData\Local\Temp\McMW.exe
| MD5 | f27eeb8a868a1539a9db1a14de49b71f |
| SHA1 | b27ccf3292b436ba777eafb55b16b66d0e36891b |
| SHA256 | 17ee693c5a33b96e3dfd02b1965318f12004ce799ec3b02cdc883bc32e940977 |
| SHA512 | 85422d5564c0a22c5b43331b0a5f4d41234fd46da4118962b660b8ead6d63a20331dc275b68ee4b73c7988ab39ede2fd606b661782635d0fe2af61ca67c4bc54 |
C:\Users\Admin\AppData\Local\Temp\fokG.exe
| MD5 | 27e82c67d1bf086371553d87e5e0b302 |
| SHA1 | 415b13b9316e374ac52ab67fad5bc30b1dd709af |
| SHA256 | 27255ede96dc46925fdfb645fa37418ada38d9aef747fe7ffc99468685d3323f |
| SHA512 | 2a14fb3b51b5308ece7b24bd61486b03bc0c2fdfb273c6418d3c9e52a35e21fd794050cd17a95acb2f3f5777d4f4bf9dfe877bc70c638a866e17831263c9b766 |
C:\Users\Admin\AppData\Local\Temp\eUEoYkoQ.bat
| MD5 | ddb8cfa158b63090e1d87c11c70fe2cf |
| SHA1 | f7011ff6adf6ab823ac3846730ecf5a302fe16c7 |
| SHA256 | 6d33ce49b267b5e85b841c0d553a1d79bc4d8e1ee890e7d2d107a046619ac6e1 |
| SHA512 | 16f6b1df9baf25e4968385044726493f449394e9225d5d70e71e1cc92ebadf1c4f208387b3bbeb48edd2378a5f1f54edd0e288687f481976f3cff9aa68f18ce1 |
C:\Users\Admin\AppData\Local\Temp\lUgC.exe
| MD5 | 9ae774fce43fbd91c2cf6a1c59ab2d12 |
| SHA1 | 8ed538edb2cd29cf4230be8f52f541616173103f |
| SHA256 | 7da022a6be668a8bfa8f797e3830767ba1dd625278504577c01a2f5e3858dfd6 |
| SHA512 | ef0efcbb171fb2eb2c8d4064a1718cbc024200f6d3ab298be389d2be05d16fa11233a55a7fc5da0427e050de4b676fbd760dd05f4b65137bc2a4d5781185ef54 |
C:\Users\Admin\AppData\Local\Temp\HoQS.exe
| MD5 | 7e2023387e5f6327aceb3fce071554d3 |
| SHA1 | eca9a81c5efbd1a8e521d03b82b82930a3c42e7f |
| SHA256 | 7f0f0e1f6fb650b0ae6dd3eedb866954670fbeecebd6461a828135c4fd2f74f0 |
| SHA512 | 888c346d1e95ac4125c466d298a4b74bc03f27dfddc5893ebb389384bbc8eec4232e73629d17d012e948b0ebc60fd72e98c16aa44756987c47430ddd424f8b18 |
C:\Users\Admin\AppData\Local\Temp\qIoI.exe
| MD5 | e91235bda561321afcd59de388fcaff7 |
| SHA1 | f7a27fea4febd11ee15993f0544c4f70582d5f84 |
| SHA256 | 3c4b6a554d3c2a6b6b8beaf8414b554009a71b406e066b28a772fab359b9bd0e |
| SHA512 | f69b2311c8455702b10e6d652944870ebc67935a07ef06418f6d2ce6e60b73df38b6d69611cd4fef9e428270df3a6b2f04bb555f9abeb20eafd585aa7daab272 |
C:\Users\Admin\AppData\Local\Temp\WAIG.ico
| MD5 | 9752cb43ff0b699ee9946f7ec38a39fb |
| SHA1 | af48ac2f23f319d86ad391f991bd6936f344f14f |
| SHA256 | 402d8268d2aa10c77d31bccb3f2e01a4927dbec9ea62b657dbd01b7b94822636 |
| SHA512 | dc5cef3ae375361842c402766aaa2580e178f3faec936469d9fbe67d3533fc7fc03f85ace80c1a90ba15fda2b1b790d61b8e7bbf1319e840594589bf2ed75d92 |
C:\Users\Admin\AppData\Local\Temp\ckkO.exe
| MD5 | 733a85ec3098713ecf52695d081b71d3 |
| SHA1 | a510f8741b904b2812dcbd44e73ec3a0c3511259 |
| SHA256 | 1dde86513d2796d8df4133373af484be5d422bbf14ad328ce43cb8542eff23cc |
| SHA512 | e870bbb3511f6b7d79cfb860fe85ece2cd699df1223104a9d48ead6ac59eaf2b45408f2fd0baa5df969f72aa74d7fda710fabbab8db7e48b4d92312556120d46 |
C:\Users\Admin\AppData\Local\Temp\jgsY.exe
| MD5 | f80e83c115c59cbf2b9fb62fe8e1032c |
| SHA1 | 9aba8206337dad970d3de5948269b748d654a65d |
| SHA256 | 19ac9ec68fa9b934c77519153f569c7830ac3db6fd68c7126cc73f5c03c89469 |
| SHA512 | 1fb953116484ba1b874b67697aa2675ef158f5cd0c8cd0c2a8315a9ec534f9a9d877653cf8c22065075c5f2912ba5d21c4879024757fefbb3ea9fd0fdf82468c |
C:\Users\Admin\AppData\Local\Temp\aMsO.exe
| MD5 | c8d6481d2630d52191038e5691854775 |
| SHA1 | 3b4ca6770d4e01ecdbf4d2a4a4ab31299a322815 |
| SHA256 | 904e854359024d4da8175d80c1fa2a3f89c25d89cba0aff7003e158981355240 |
| SHA512 | 7db492495d5b7f4b4b0b3d265ec2100d4b06ecabf30c2e25bbe33e98471afc8873103bbd76fe835be6d840810bfb7c14685b16eb385ab1efec15c56e569c9f0f |
C:\Users\Admin\AppData\Local\Temp\toooUIQQ.bat
| MD5 | dc1133b2ea53e1e10c49c5eaddbf433b |
| SHA1 | 514f060bfca1310749e7fa8f71c4d91fb879ecc4 |
| SHA256 | c73497c4ebaa236a509e52909cea7a5e3e40d5df3b60404bf8b3c09c1649d30c |
| SHA512 | 6aeaac5307befea75a38283cc79a150d7f324a23240d7661a0a1ddf0321aff56e4bd6d8361598084fcc562eb4d8f7c3e03d050f43843df4c2ec95c086b911a38 |
C:\Users\Admin\AppData\Local\Temp\Hsga.exe
| MD5 | 231ef7ba9a062c922f21c7f83769987c |
| SHA1 | fe55777599859f526ad7d31a5539bf06e429266a |
| SHA256 | 1a30b68a7ccc5fe35ba2a5e72b5486c878e2570a4a9d2ecf05d69f0bd0294684 |
| SHA512 | 8517893bb1d8a6f1b2c7de270cbfa5516382777715be834a7e8b6e6858b9cbb30c0ddc6cdd7c589065fc81ca2967cf3607e8b0c083cf2137bac6ed04e30e56aa |
C:\Users\Admin\AppData\Local\Temp\WKwEsEMM.bat
| MD5 | eeafe85303995f45d4e08295fcb9487f |
| SHA1 | 55c70e4045ae51971a129dad3b54557a850007a3 |
| SHA256 | 06116c1345e16f527c1ecd9e2e610d7bfe03d33f29800836bde73df92ce2515e |
| SHA512 | 0ac2b76eccfc6e35ff5519bc541eef06e6bedd35c0c9f6359030f9e334141af33756a579d7c1c90f5823153ab732794d13f0812273847483cc00295be83f847c |
C:\Users\Admin\AppData\Local\Temp\AYEW.exe
| MD5 | 0b5502abbc1ac7fd20321db41d792379 |
| SHA1 | 5838e4cc80ad8d76b4a0b545744e9cd5056b600e |
| SHA256 | 07deae3dbf6dd2eb85becc4e0377fde17b6ecfd53a2dbaa17324f5cdc2d50770 |
| SHA512 | 383f936b95de7577ec296672106527b83b53e73df56acafb8a7fd863ecca80863f03027caf740f2e49245434e29f761e0875b524b736dbdf8bc0f3e4a15d5f58 |
C:\Users\Admin\AppData\Local\Temp\Zwsi.exe
| MD5 | ec9be94a0ec021818cd90425248c9740 |
| SHA1 | cf31a545f8f5fd90c40f025087c33f4d76edbd3f |
| SHA256 | 48050a22adef89b98aeec0f9c1b2b20d1e5e4b236125013bb17a26cce3c24adf |
| SHA512 | 6f776c865253aea9b0996b1030075e2f3ee739ca9560531c6a2a78955a0c411a691b00463b50d012dfe6c8f6b3b1b1d64a067348c2bc636d617ff5aaae406ada |
C:\Users\Admin\AppData\Local\Temp\cEUQ.exe
| MD5 | abe31eb052ea3eecbccf042a0e7a09f5 |
| SHA1 | c95191bf1896dfa695cec9e40d06760fb478b4da |
| SHA256 | d27676adbf3cb50ebec2739231a34add17d431a391b3100e13a71012ec6bb10a |
| SHA512 | 5cfdd75640bcd1fa45991e05bfd102ba23d8a38685f89e35ef89c4d45759d850c0d27d85cb8241691db149d78deb1ecf7291d79869c6a9eb9f7115147284c122 |
C:\Users\Admin\AppData\Local\Temp\HIYs.ico
| MD5 | 97ff638c39767356fc81ae9ba75057e8 |
| SHA1 | 92e201c9a4dc807643402f646cbb7e4433b7d713 |
| SHA256 | 9367b951a0360e200345d9aa5e6895e090fc3b57ae0299c468a5b43c0c63a093 |
| SHA512 | 167328960c8448b4df44606d378f050ca6c24969fbd7cc8dcfe9ddeb96ac7ccd89e507a215b4c1debff0d20a0a239d547f1e496635fa2f06afad067c30597c46 |
C:\Users\Admin\AppData\Local\Temp\TQQe.exe
| MD5 | eadc91662c0ae9805a0c8caeebf97949 |
| SHA1 | 498e83a9d40ad8eb508ff297d5e7fdc452e7496b |
| SHA256 | b8926fcae88a940ad3341c11050c7a190a9cec809c5a79ef3b86ee70d46e7d23 |
| SHA512 | 207793d58b81b50044211ea956dc66e224f1ed55fe322e3e2ad853bf361ed8354ce6da8a1b75be816be1e31842c548061ac358bedf6b6f9b122d93b87d1fb9c6 |
C:\Users\Admin\AppData\Local\Temp\XgkS.exe
| MD5 | 90e328ec3711637efe04cb0cd9e06fac |
| SHA1 | a4fd8c26b14b12f60fd4546743290ec8c8590696 |
| SHA256 | 4351ffe36edc2f1db3b974e6b10230f52a78f7d54b0d8ce7b9ea9307060e696d |
| SHA512 | 78451d519859ce4aa1413be11920635a088c1f4a5a353b5f4bfc9925aaa05ecdcfbd81849ebd5686e3b2ca22d691b948c6f7b164ca874ac9f5e3e6ca426adc2f |
C:\Users\Admin\AppData\Local\Temp\WCQQAcMQ.bat
| MD5 | a5ae2a592ad1f75e6cca743945f9c846 |
| SHA1 | 4fa8b0a2a23e832daeec1e27c3603f673cd7ec4e |
| SHA256 | 5dda748cc74409061a1b88501c64b674ae1172c5da4f69c15a4b6650f1feaa46 |
| SHA512 | c6873cf74be4bbeb3a258eb24d6ee5234035b93e5de13936eefaf63d13bc8ae9724ae6f0d0dd745d3484b1e966df9fe5e14ebefb938abe51d8a536432dcf32ee |
C:\Users\Admin\AppData\Local\Temp\oYIW.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\fogS.exe
| MD5 | 8ae9a692f33209145733ee400a3e9821 |
| SHA1 | 0f5470dee8a522c082ec5afb19ac0e389c2f8786 |
| SHA256 | e222e3a28a3f0e2cea806c5f204c8daad7b3bf5266a07fa2042880cfc62a1c46 |
| SHA512 | 0d85488ced8aeefcb86ceb6f1bb0a506ae5071b4ae775fb2887107e14ed120b15a7818ac59b045cac21087bcc9776c89d93e46f5ba7851909fe75fce1a0f40bf |
C:\Users\Admin\AppData\Local\Temp\dEYi.exe
| MD5 | 48ec0de6065c17f1f0de8c80fb14a77c |
| SHA1 | ad0a6a412c790ae13427f58cd0784ef743c681f8 |
| SHA256 | 19d719d7df7ca7a61932ac49834ceba45135eabb28ef01e8da67f1d81a48e283 |
| SHA512 | 5fbff6eb8f522457f2dea988bfcdcfdecfe45024fcef1c5b5e2b4f14b920ae8d6de76393d247b379d56a3f2800ce29d98f0d8649163120ab6ca764033dffbe5d |
C:\Users\Admin\AppData\Local\Temp\YcgYkIsY.bat
| MD5 | cd1b33cd51775bb8ff69d296980a50b1 |
| SHA1 | 3f3605b5ff18a93bf5d104f7afad5d665d90a8ee |
| SHA256 | b44ee21987acb8c714457722df07797cf9f513f2a3ac8b91cdaab7fdbb2a0824 |
| SHA512 | 23bbcb51cf6565faf2514904f2215605214f60d949cc6061ee792d2d3c2e96f402cb347d66cceab3e5f6ddb3383d8e1aae4b441bb2f2694cab057248584a173d |
C:\Users\Admin\AppData\Local\Temp\AAYU.exe
| MD5 | b9163f64d2eb7fc5b4022a6d5fc400ca |
| SHA1 | 1df2d607d0760ea56ad73804804c7a8900468fd5 |
| SHA256 | f2eb11559baf70b61e2c347f6444a3ece934267f0f729858fdfb6a7a858e5bce |
| SHA512 | 9089af319de7d0d8fcb541f611f61a2efd343380437a5e04271f647381199f6f897d5e7d0df49396638acb9d823b7b8659916f5bafc13600412676881b96f05a |
C:\Users\Admin\AppData\Local\Temp\EkcY.exe
| MD5 | 4fa1abbde2fe0084295dc64334db50d0 |
| SHA1 | b33d6e9aca21eeb0ec4a20d68ed7f002d0dbac2a |
| SHA256 | 1e4d7927d0c4dc299a9738c817297f560dbdc2977141ce9ee6301ee50c09a676 |
| SHA512 | 3bf708004fd5d9f6b3f398f27dc8616dfaac7193cf52758da4ac7f7a068aa8872f86ed28bb07168378a1c6da8592423d3646c715b70bc71298e95a2ddb41cfd2 |
C:\Users\Admin\AppData\Local\Temp\VgwG.exe
| MD5 | 5056530ffbd5c9c0a3adb4365728a31e |
| SHA1 | b3043bb6084ad15157ac7f4dc7260c737d09183f |
| SHA256 | dd4ea3bc1bb467790b0ccec2a966208042100acddb53a489da940359e0ad9c93 |
| SHA512 | d74caed8bec3191efeb30de8e0b953b04322652436a6b581d62efa4dce1f39b314a3c4a01280dc930547c4237d24619650f107933cdb81b882ff3a6af7369139 |
C:\Users\Admin\AppData\Local\Temp\eMwO.ico
| MD5 | f461866875e8a7fc5c0e5bcdb48c67f6 |
| SHA1 | c6831938e249f1edaa968321f00141e6d791ca56 |
| SHA256 | 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7 |
| SHA512 | d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f |
C:\Users\Admin\AppData\Local\Temp\rEMk.exe
| MD5 | 1462c92e3d1cc54e91d2c4c1d9fde6c0 |
| SHA1 | 2f8fd3b676f41d08bf1dabe64dae22dd9425805a |
| SHA256 | 5f30782ea9184f91e66da4448bd954b044f8bb5af1119ab328a3739cee1a8246 |
| SHA512 | abf49389f0c07a7c0f1efaa53cc461a32041489050a31619c5c059fbae024701043e7398f5efdb290a8e0d8b7f0629f26f6e1d7cf8ca1c7f9da518b7d5ba4904 |
C:\Users\Admin\AppData\Local\Temp\YgMwEwYQ.bat
| MD5 | d723c857a82e368c334ef3a614608927 |
| SHA1 | f7b6dd362a39921acd0c560a5ae568d1e9d088aa |
| SHA256 | 3b6bf67719a4aa6a0550527853aa9c5078e0ee6e4e99eeb68a9a102ecb4b5c07 |
| SHA512 | 1f92fff9df93cce1a44d24ec9dc90d49f910c0e355d351427300a669e1b8a527e4bd62f3fc3cf8be7e0af2610b97b2ad2307b79baf532d25ce07e1eee7efe883 |
C:\Users\Admin\AppData\Local\Temp\ugIA.exe
| MD5 | 1ec69aea05397be8675f7bd42d006005 |
| SHA1 | 4a32b194940f4e9fd7e7aec18335be0569e0ed02 |
| SHA256 | 701ff655b57d9038a1d8b29b98cd458607acb60fda363548ba559c93ab54aa26 |
| SHA512 | 32cd4e1476c0d145daab7452a957877bfabbe0ea4fd335cbb9e5ad3f4398b3cc0138df225aad07b5475e77728b8038d22f40d28a25882d8335937e08e595d635 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.exe
| MD5 | 10bfa6aba1f68aa508b060c43a53ace1 |
| SHA1 | ca83fe87268a147429bfd0492b8c3abaa8104de1 |
| SHA256 | 11afe63387ec62e7feef949893b04077bbc9dc59bc8574c5aa4c4ef4f60abe95 |
| SHA512 | 86ace25a2160876cd222f642dcddaec47660ccc95378ccb4ae13ce12cbd7d834a36fc63655b307e43968788a542a6f8b3b35d64af9db21e5392333dadee3e99e |
C:\Users\Admin\AppData\Local\Temp\fMou.exe
| MD5 | 425993518f0136ab3ed23f58d85c43b6 |
| SHA1 | c1cf11beed66ffd095cf5103995d3de07e619427 |
| SHA256 | acb13dabb15463e8637b48b6a4818d30ba70e39e759902393cb5b5f2e261ccbb |
| SHA512 | 015f3dc9067e1002c23b363c6ec0558890499ac842b25f17d3448477c0bd8f1945b00a2ca3237d5ab01a3dfca15093c576de2e29632b47b892fa7a4d1d09cbf7 |
C:\Users\Admin\AppData\Local\Temp\XIES.exe
| MD5 | 7ace8fc883de8b29417b5cdc448b1db8 |
| SHA1 | 122277c7a7ebdc27e5dedc199e8b7fb718a54f7b |
| SHA256 | a3e0f324c56e9e27fe9f6efecd07036782ca4f4c8adfcd1a79578c6c13643538 |
| SHA512 | 8958384ac44b23335c8f83e08c4eb64cdd783f9878caff91e0ac16b90b0b013243678626e3a0bbed06bb796b0d9b0c2434b7a8061bac969522cdc1db0abd9336 |
C:\Users\Admin\AppData\Local\Temp\YwMS.exe
| MD5 | 0ccc2a777511bc76b09e745d9e2ab43f |
| SHA1 | bce7b81c1b78f3449330a8771669af65775dc07b |
| SHA256 | 0a4388d880cadf923fa5c6fdb23cda2fe4809595d29863d967ea420748fe2368 |
| SHA512 | 84e0a9f27dd6adacfeda8900bcedd39d77228ce7fee5a006d504ac838dc6db1a7ab613f4a7110310a80bf8fd77a6afdfe82f5931c6a5ea95780dd55e012eb628 |
C:\Users\Admin\AppData\Local\Temp\LcEM.exe
| MD5 | c108c87b1b9f0dac5a03f659b159810c |
| SHA1 | 142b667b8d02c544ceec87c534ab4ebb27a54762 |
| SHA256 | ba619cdfcb165c553d8339977b26135b4baf37f7f4eb58488a42f5d56475aa9a |
| SHA512 | add393541704fb4c0fb30858e3516e20effb5197dfb4d9574a295dfec77fcea9a8ff31405506cb2d2cce3fd39de7f99f0d60cf753ef749767a457bd90d69f848 |
C:\Users\Admin\AppData\Local\Temp\OgYo.exe
| MD5 | 006246186e38a113241940dd56aeb78a |
| SHA1 | 9e80897763dcdc796a2e675daae5964e7fbdfd2d |
| SHA256 | b35906487c0588dc2337b4f9815c21d43006ee331c5b2878ccd4800eb219ae1f |
| SHA512 | 2963a1c95f59243f3ba867dcad2d4e74470bb05f9c071cd121c77bf0d5d2a1680261c8f841a573e26825dc39bc94ab8d1f6cafa4af443fef8fb30d3fb4526288 |
C:\Users\Admin\AppData\Local\Temp\awIk.exe
| MD5 | 2c03f8d7bfcc38ac698c2e198053b859 |
| SHA1 | 12bc52a14cce1cca8ae200540fbe541e9c751d1e |
| SHA256 | 341862f22bbd3bf0cd45ac1e084daa75ab9ee849418d91c3db2607755020e95b |
| SHA512 | cdfa830bad00a8048590d68b65994a9b51093a7411df192cf318c24691f0d87f62c241e6d1c00d31491f69cc2e0c892a431d133c139fda73213682d1f03a2760 |
C:\Users\Admin\AppData\Local\Temp\wKIEwMcQ.bat
| MD5 | 822449a1e9cfd833cee6a6ded5f70cde |
| SHA1 | 028d716dc72077471a460b590f36cabf2233793e |
| SHA256 | 4918cdf3b0dc6e46bcd0741cbeacec6d3357cef12d51f70029ad4be3006e6766 |
| SHA512 | f2b5dc5c1b0a968f5d2ab24332208e55fbdbf0f47334a8d1465053cbb6e3674f3cf18dc3a1d242db54359355c195aa38a684811fc069b6aa0a40ff117c0e4e84 |
C:\Users\Admin\AppData\Local\Temp\xcgE.exe
| MD5 | 8e8072b851d63cb33b16e5d8db8dbc80 |
| SHA1 | 89ef30d42447121850253dd856490e76dcdaeb1f |
| SHA256 | 2b0aa5b58a5f2806fec4931a5063bb280012d407a06a64979a714cdb58f38dc5 |
| SHA512 | b15ec31d7049dbbf6bff60f0075c6584b67b094ce042a877c42696a44a60d2f171a24721d84f8c149addbb3b5be164431b33f8fac770a914b77fc7000eb9d38d |
C:\Users\Admin\AppData\Local\Temp\YswC.exe
| MD5 | 42a685f40e387fac6727738591acdf5b |
| SHA1 | b99e632c9874a4f2cf5664850455e662cad22860 |
| SHA256 | 1449d1d899bab0d684b91e69a60611a88f30d65a4c683f206d8f00f56589761f |
| SHA512 | 55d13a6f1eb052b0c8e0ab63e0e6bfc164c59fd308c12008f2868837b4bfba0f4d994b9c9cbc1f1cdea1500ceba5136b52d1a0c33df8be740a752e202dc927e3 |
C:\Users\Admin\AppData\Local\Temp\IsoM.exe
| MD5 | 81648915bdb1f88c17b5e9ce0222519e |
| SHA1 | 3c980af32784c02f39735c84993a55569af6376d |
| SHA256 | a0335ba19c922fb293bc9236601006a160d11749b85a2b0e88659afe540cc2d1 |
| SHA512 | b58c98754775ed02bd2f26696d2083a3b38fc857ccd95016c8ef506dc72e6aa7a8273db33c47515ed813a07c209c4ce42b30fac6fcfb86c3fdd06a6af5db6066 |
C:\Users\Admin\AppData\Local\Temp\LsIc.exe
| MD5 | 3687123076a716bea95821ac445ecac2 |
| SHA1 | 924479b958151d07f073ef0792cd4491d2a6f206 |
| SHA256 | 36534ceb420f6ff3c8e33834ec172c88b11de730f898ec1e4918f7234190e168 |
| SHA512 | da1ae79e2464c33058c59dc1a0fb39cc68582f5cccfcb527f7230be7817e503563ac4c251a1491b163ee1e0754505b4ab9757146c6383699b21fa9c3d29e0d12 |
C:\Users\Admin\AppData\Local\Temp\aIsG.exe
| MD5 | 6a08b92634803461c9e03a0f147701fa |
| SHA1 | 143b5a26b6d7263f11a1003858bb812dec4624f0 |
| SHA256 | 19cec1ce932df4de0d315208efa92d0a397aa4595cb5c7ae3fdb974849925638 |
| SHA512 | 559b8271e058227cf1897949d9f2d498519932153a65995e2b661b2b75ffa3732bc9310657f559dc9c554380e3f490f62ae3c7d65a8173201c2596e2db67a57b |
C:\Users\Admin\AppData\Local\Temp\nmUAIQIE.bat
| MD5 | cb8b4de4ade82979f37d784a40874a61 |
| SHA1 | 5b37b00245f87d23c7efe9e3b67d2c3a3bb2c4f3 |
| SHA256 | 788f58ec6041a2b032e147356811e52866d14320f0f4420fd5147870c46eb293 |
| SHA512 | 91368baffed024b55d2bcdc6e0b94f8760b157826175e85eaff73f5c5b02cc4192507c035b7a6d7006b6b53b79db9eaf6a71056629fcddad80e2c33a700a8ccb |
C:\Users\Admin\AppData\Local\Temp\cMci.exe
| MD5 | 7411b71a0d3b47f573cc1c0e8ff5095a |
| SHA1 | 8461e4497613f938da19c6ba806c0731e42b06bb |
| SHA256 | 20503379ac2adda7adc215ab39e021d7260e614fac5865afbcd670db8b58ecef |
| SHA512 | 0551ccdc500c842488cbe9fb857bfa44dbaaaa30504a0ccf49a21a0f86a282d48ee59a767a389dab1379327059a9161d78c564b9d1d02f499338c3c67165a74f |
C:\Users\Admin\AppData\Local\Temp\tIkO.exe
| MD5 | bd9951d238de145995a06bfbec06c883 |
| SHA1 | cdbabe8b48cb58ac2e640b0f8d563608ad33d133 |
| SHA256 | a65de142aeaff470336ee83872c7a991573b54ebca5657f6ba1131781c66f6bf |
| SHA512 | 0453b9401cf77aac9679a1a4c9452223a7902a2ab8046e384b45a44f72b6dbe270aed3a7fca1f925128f2340393715e499ac7a59254954d1c275003310997982 |
C:\Users\Admin\AppData\Local\Temp\qUkckogQ.bat
| MD5 | b817af96ac4346761a17637d4e97b848 |
| SHA1 | 6fd7539c6613caa52dbe7851450258ba8fa1892a |
| SHA256 | 33f0752229e662a5b61bfa67dad7c2082f570bf11c44b0c9d2c5da1569544c90 |
| SHA512 | 9011dfd00c32096a51dc8a44780a519d6ee802799d15f56f95477b870b3814055f20b9ae94f6e51307108aa891cd4d58e0ba6303411e943458fcde1879585fbe |
C:\Users\Admin\AppData\Local\Temp\YKUQsYMo.bat
| MD5 | 11a747691431f8ab6de5a3d9d763a7c3 |
| SHA1 | d082b767bdec0e93b99254d4b00080725de11a80 |
| SHA256 | 20b7cfff83340ad0bebab0ea764f5cfe400627f1093b966aab2f04e7e7fa514b |
| SHA512 | 824bac67f3ab5c5e96261d3245e35321c1a99dcb2f0635b2c10d7ea9f2cf39bb30b0d463fb06efea5a41533c72158d1cf414000b58778a9ab0fc4bff6c2b460f |
C:\Users\Admin\AppData\Local\Temp\TUcs.exe
| MD5 | 11db37af4af89692fdb4248632036608 |
| SHA1 | 9e8073ad273c7f0866e196dd267b14ac04e89a5b |
| SHA256 | 521d3fee73ee71ffa8278472a36163dccb1efc799a5cd50da95829359113eacd |
| SHA512 | 41a8d477c94255ee0f6fa4b820c368654efa8cf66a00170131eb4435b0c9ff322ae0dc96f72d3f083e7e63fd0393c501f3f8567a2f1d54555f002bbd1c476c6a |
C:\Users\Admin\AppData\Local\Temp\UWkIkgMg.bat
| MD5 | 519dd848df38027387e572e73d5ca342 |
| SHA1 | 76686f14f5a1a991dd0d6eb3a32b9615d7e05ac9 |
| SHA256 | 03983ebca81ebe56989c0ff292a443871704c3ff557e93e29e7943aa4f310a0d |
| SHA512 | 8e563f921e122c789d8e3da082d95ac38e5514c7e7cf57eef47d65e273a7f6af15034682107b23316152c74c9090d0ae166bf3120ecb4a09ab4d34d9fa6cd38a |
C:\Users\Admin\AppData\Local\Temp\JoAO.exe
| MD5 | d8a891bf7e5a4254e762071ca694a683 |
| SHA1 | c86056efad27119ecd69c33b29b55e389b0b1350 |
| SHA256 | 1b090fcf6d73578383df542c1abfe79757f6f4553d8ddbc0ceaca108949d9d12 |
| SHA512 | 19622b8c23c4e428f2b2b7bea2526e2222f7103fe5293a4f96da0876b2e88beedba27e60e29466afb32af59429e3f9d3cfe8f33e210d5857c23666c71850fdff |
C:\Users\Admin\AppData\Local\Temp\Ackk.ico
| MD5 | 964614b7c6bd8dec1ecb413acf6395f2 |
| SHA1 | 0f57a84370ac5c45dbe132bb2f167eee2eb3ce7f |
| SHA256 | af0b1d2ebc52e65ec3f3c2f4f0c5422e6bbac40c7f561b8afe480f3eeb191405 |
| SHA512 | b660fdf67adfd09ed72e132a0b7171e2af7da2d78e81f8516adc561d8637540b290ed887db6daf8e23c5809c4b952b435a46779b91a0565a28f2de941bcff5f1 |
C:\Users\Admin\AppData\Local\Temp\bwIM.exe
| MD5 | d382d61d07f73a91674705be91803106 |
| SHA1 | 59f25c9d24a590dbd2da4095a5e015307e33ece7 |
| SHA256 | d31f02b5b09d658f07a5835f0d4f232b0cc115102e621a711319063dfaa2541a |
| SHA512 | 36fcd32b9026c3cac241314c29a0470a0fa38672bcb4b396d561510499514851f010145e53c801e3a5749df4a4e63fb43706270bac4602fc530ecb07ca115f96 |
C:\Users\Admin\AppData\Local\Temp\mYUq.exe
| MD5 | 02f4c4e38edd9d1a674194ecc54d721b |
| SHA1 | 1de9e3a66c59cea267bfc0888180bc56d50614b6 |
| SHA256 | cd8f540220486c0158870ccd47dc12f0a66d68edff347d4e21c0871586e234b2 |
| SHA512 | 8e1354d6b8041cbce4f746e9d90f96a85de44e71692c2963a44fec9c97637d99de0263d18444099223f3dbfa73115db8130dcb69e66abae2c7567bfc7ad8ed59 |
C:\Users\Admin\AppData\Local\Temp\uQUS.exe
| MD5 | 6ce08f2b1b63b49b14a7831158390dcb |
| SHA1 | 9132dd22fa9fc2f52d54301ab7928e1a8f24c823 |
| SHA256 | a2246749f7b503a6ce2627591fafd4fec6128e395db6d522ccead3a05134790c |
| SHA512 | 8b63fd67876955655d2112acb1270342de131f4e4c4e17f7002ac5e423f7f4bf2d0b0532c8b3a8accf44e9b80be589f1cf241b5b88a262986f1e122781b8b0ee |
C:\Users\Admin\AppData\Local\Temp\XowgggUs.bat
| MD5 | 14b74649b4f7e9a334475fa07927e74a |
| SHA1 | 455f5f969d29ef032d0072ed75ab66e1a5c50230 |
| SHA256 | 9e1002991955b2bfa47453ec91bc61c8f9349b5ee455cda02b50d14c7aeaa82f |
| SHA512 | 204a3e034130babfee5010499ede9ccefbadc80d4f09ffea286f81bf28775e5d4752e7e6e200d82e058a5e73c5caad72975fe3ef116682dd24394155533f7cf8 |
C:\Users\Admin\AppData\Local\Temp\LsMQ.exe
| MD5 | 918dc562433477ba28ba875fbae3f5f4 |
| SHA1 | f55c16e63f62333441964ef1b939cb595275ee42 |
| SHA256 | 267b26826784d6b097cd91956fa05fbafd42e5d4215643c2cd488198df3aa043 |
| SHA512 | 3cbb2cb1af12537ed6f990be6fe88ac4aa08d50293644d9c958e3db2b763164d7e2c184dadebda861237e3c317ea1ce4840fc909004a01214abb4dbb23b94fdf |
C:\Users\Admin\AppData\Local\Temp\HIou.exe
| MD5 | beb73a8371f155f6e68dd8fb30967d64 |
| SHA1 | 2e0510b4cf0ff46fd108fb5cb3bd4457948c8112 |
| SHA256 | bc4088c14501a5755b3250bc5aa82809d7e6883278ccac3893e2f034cfa94be1 |
| SHA512 | c208574fd3e8112c59bcf86ecc147a1808ed7e71f0d1a0adc7616d1d6fc33ba5829cf9f2518ef8a17c569572e8e1211bb4c5dc491a31a3fb87ee2a4d1bca5c5b |
C:\Users\Admin\AppData\Local\Temp\RwkA.exe
| MD5 | 79adb71befa9958541371ba36e933a8f |
| SHA1 | bef3c65d2f456a8b64d7863eb415e339eb32efc2 |
| SHA256 | d35c8d377d1ff05f400919b3674bc5fd4c08546852a4b693a14ab715059beb0e |
| SHA512 | c532f0b19a5d80fd76a33e9a59c17f9495b06e59a49ce9fee868759285432931d1eadf6c6ff4fb22c16357611176c28dee33b66ce095ef0ae23a138c1e6bf244 |
C:\Users\Admin\AppData\Local\Temp\zsksIUwQ.bat
| MD5 | 8304747a692bddf5bac4c8136c83d356 |
| SHA1 | 7fb3e62073b345210f1f1b44dbc432b15c058a2c |
| SHA256 | 06d65971e58ba7624a3b0483a5c83651e07633a51c181f838b3bb5dce5a3e535 |
| SHA512 | 72b76e3a739c10ab90bd4ba063f7750d95d304dc47c564df233bee6abd8c6407f94805c1e646c935398a2f40ae7edb2d533f3091f38366f4a2365397c14217a6 |
C:\Users\Admin\AppData\Local\Temp\SEMe.exe
| MD5 | 205ed7076af92d4059050546434954e2 |
| SHA1 | 000cc16ba0ede71bdf9c3fc7077458519101a949 |
| SHA256 | b9bc0cc782b5cb79e993097cd2ce1ed3f268f5f2744b34a6fe490f9177db99e2 |
| SHA512 | be009f1f259902606778bc26dcc4f22d24a2d7c891f21ed24cfd0f96a4b0d31d632f6d25126b49223d0486fba9ddd9fca3c959de37cb3fc493c89e9dad7747dd |
C:\Users\Admin\AppData\Local\Temp\REQK.exe
| MD5 | 6699ed48d596d8c8c8aab5b7774fbe7c |
| SHA1 | 55fb6331f9c2085f2247c334c4957b36211986e6 |
| SHA256 | 37ca34d28b5e1da467d8e25177999887fa5c814da732df7b439e5472fbd57d6f |
| SHA512 | 98ddcd8fd58c830b1f4235cdf1eadcb10ecf6587a6367d4cf9489b490fcf176b3a1dd266cc3a57938ad248a4065a445e35fdc3c8decbab09efa53bc1eb8d131a |
C:\Users\Admin\AppData\Local\Temp\cYYM.exe
| MD5 | 75f633ec806ea0647222ffec2c37ea74 |
| SHA1 | 3d872836cfb073280f7e55cd51ff7de0f77d3f93 |
| SHA256 | a2ef9054b6e15cde6f468ac8f7b8ec4e3854cad07cde5c83bacecb1339c04d51 |
| SHA512 | 9667f3fffcb9f39d470644121a43578f605efb456edb83e591aa48e79ad7c293342ac489d7e6dd93a23e1d894bb6cd48c91267cfcf01d8b1b324ff4442f337d7 |
C:\Users\Admin\AppData\Local\Temp\mIUa.exe
| MD5 | e4f9b8e8870869bd4f269cce7ad09f03 |
| SHA1 | 6626190a7517994af1cf837bd46e9084080d8f69 |
| SHA256 | ff594157f469d86cb246d86d84a5465b196423c4faad4e2da83ab8aae2bd0acf |
| SHA512 | 589fd486a14f9985d0df3083597c1a85cd9e7b0c5f8643090fea60265dda4c19cddb33301fd1a3b09e15700a4eb33ffd2f255fb5d6f48ce3e3bca0635fa064d3 |
C:\Users\Admin\AppData\Local\Temp\nUwokcQI.bat
| MD5 | c9fd31ca9bf802659e93bfe83cab32ff |
| SHA1 | ac46da0e78e29a16704ae0ed100ecba06a24eff6 |
| SHA256 | 015743f739b9bd8f906dcc6c7fd6aa55a5bea5fc81e55dbc54f5f732b9227db8 |
| SHA512 | c5d024ef5e34ccc7a8be3e5028e5cd09b18db77dd190766501999923611ae04774a0cd6729d673478909c4180ddc7ff57299f5ae1d89889d56da0bfb0030282d |
C:\Users\Admin\AppData\Local\Temp\Icww.exe
| MD5 | bdd755b608ba315fa8304852eebf408e |
| SHA1 | 97bd79f8fa847773454e132685c7531c073f39bf |
| SHA256 | f544bbd7676a0c7ad4da643f840d5c2586114162ad2fd2c5bea89fbf1a5e200c |
| SHA512 | e190177c25cb5e9c53db60e68c4b0026b1f660f8066e6c1fd007f227f55fdd4894f98fc5cfe94798ed3c5d6040b07a0ca3260a5b3ad58857d206c663b2b293a5 |
C:\Users\Admin\AppData\Local\Temp\LwoM.exe
| MD5 | 809d15fc1e7e1d6d158590c20d719ce5 |
| SHA1 | 7e820b2ab96c9660bf1a41ad322a005613d36831 |
| SHA256 | c64f0d704f0b6f8e81c557c8b025a343f4dd0edd3512a610cd9aedd9d74d0430 |
| SHA512 | 4a690071203f1b872444dafb7fc041e4fcb0afd1f3dac60c89cbc42f3f3abcac7838f6c33587995f6aef500b631d70f7047c04e810cdb01cfe51c3dc552105b9 |
C:\Users\Admin\AppData\Local\Temp\Sswi.exe
| MD5 | 08b8ac9804ce9fa404b0eaf0f32c5c07 |
| SHA1 | ca0c6308935b6d68e900354a29a4dded20fe2742 |
| SHA256 | da54a4934a5836321fce6e69b76770f9d8967a14b7977e4a3230e46b2a395c1a |
| SHA512 | 4774d3b7360de1b5b8adfda34ed92306d599cbe1dd3bfccb79e5d67045690dc56de346b7c35ed307e4a2e9b508619becdfa68c7856fd772a24c3a956ff7cc234 |
C:\Users\Admin\AppData\Local\Temp\KgYEIEAs.bat
| MD5 | e2786573f06ca258bece7fb323b9b7a4 |
| SHA1 | 27e18ab6664e7f3b00e66f5754f52fbd96f6e4e4 |
| SHA256 | a8930c211805a583b945cbeb58513cd303479441d579884f06e94278f599ed26 |
| SHA512 | 988f9d05231329bba1085c7b0a5ffb345d88be714d8149cceb8ebf6e9718a3133ed94e862051ca7c05e3544a81a8d25c5c128bbf06b2d7b58ed56d5cc919f2d1 |
C:\Users\Admin\AppData\Local\Temp\CYYM.exe
| MD5 | a2828dcfe51fbe19e8fad22c7adaca2c |
| SHA1 | 451d600ac042efb1b98f9318bd2dc37ba4e62b6d |
| SHA256 | 9e743e45ec1143a39723241f2299d20578a59cb349f50310054a8fc2616c8517 |
| SHA512 | 812d766944f07afdd1e95f01e16ac61dbaa9b90fe3ad5da7e68a02fbd3b5b4914f2673ecb8a9f9eda9ff07e387aed3c1ca291b8a2e20d083dd65c68db7c02d03 |
C:\Users\Admin\AppData\Local\Temp\VkwO.exe
| MD5 | f4a833598b6ba85465f7da1d4b073c55 |
| SHA1 | f71936e13d428e5fc97b7b1e895ee9aaa38d640f |
| SHA256 | 50ff0e243ef76eb003a95e0f16fe5f01d2691cc269def46794fb373a5f79ee48 |
| SHA512 | 0196f6328773c6a2bbd72d2de2573bc601115db5bf48fe26015d520468deccb822484721775270abbcf7990cf42042c514a0bec6d8936c56df2d0d96a6d0f015 |
C:\Users\Admin\AppData\Local\Temp\PcYu.exe
| MD5 | 3f70c453e6fa9ccba6d3df4dbb6926ad |
| SHA1 | 2b4833c81499da6154a102ab34a74d1102f23a55 |
| SHA256 | 14379492e09268b78cf58b3cc3170f7e492ef49806de24b6eb4db4c53198d8fd |
| SHA512 | fbe32bf95e81a9dfab5eb428ba428007a1a20872f1362600a801f3c9e1d6aa8dfd10a011f456ce7b389d3a0f2fa32b1c8c2a959c7347f92554b17f4863a2710f |
C:\Users\Admin\AppData\Local\Temp\mksE.exe
| MD5 | b659abc66594342d394fc73abfac7a6a |
| SHA1 | 3cf289cfeb0dee0247746e3fe3f01b51b47e8248 |
| SHA256 | 7b8f319b191e8015f428f1609b6ad3cea781868818ab70cd824c095f20e8a0dd |
| SHA512 | 227649659559fb44e675e9fa71692ca04621f58d7c69e670f8b37b47c87b56b96bdb58366a462cc77c939257c05c0ff62d003ef824f66c37c4e1e0334207f6c7 |
C:\Users\Admin\AppData\Local\Temp\yAgoAAUQ.bat
| MD5 | fab5cc02c57fe6b0a0b8b307f261df8f |
| SHA1 | 85140650fd58be51e3734e6b352847dbe2291544 |
| SHA256 | e8e1c5bfe2b1ea1d4864bdfe171a4d9f37c33299f0d94eab81c33fc6a531abc4 |
| SHA512 | 88a8747df8f3aed573aa8427a7d02016f90d926cd34b5740dbb1087b5b7c6eea5713c3932aac15d262be040db3df0d666d7c9c67b37534a68a5e940becf2cdff |
C:\Users\Admin\AppData\Local\Temp\Sowk.exe
| MD5 | a99cdad04f9185421a29768c9c48639f |
| SHA1 | 80806ddb0eec55c3802d4013f8a5c414630d022a |
| SHA256 | 745247d0fbe1cedf8a916c0a98ccaa29a9bd1e65ff0bc8beabea0b78dd6ad08e |
| SHA512 | bd73b1f5b53b99d8ad012fbb4353e109c9b2993dda2b701a7a360a3a503563333716ef7d48862b10d85d38df8b6be497955c0ea6bbe8e507ddf2db896d3b2ba4 |
C:\Users\Admin\AppData\Local\Temp\qQYc.exe
| MD5 | 4d4e702efefb0e35cc9071ce69ce29f9 |
| SHA1 | dd56cf9c77e56c33ee71c80c22f8764a6123c77e |
| SHA256 | 2c06769a039e23c65f9bb306d6a94de2c8e2ca382651c48ac02e181657614e67 |
| SHA512 | fbd8391c9d1add47be39a280ab08410378d6e9dfe5178bc671283ec5059ba5c35450a38d719aad30193193a8aa9e65cf6a4485e50bacd4f48738758488e5a0cb |
C:\Users\Admin\AppData\Local\Temp\NAkocQoo.bat
| MD5 | ace230ceee25cbab84a2508418634692 |
| SHA1 | fcba7b9b910554f4268bd31dd5e49b7083d0e4b6 |
| SHA256 | 44700b3e18bc7c4c0da018a3c1e895196bd426711fd972142d862fa67c3d7fbe |
| SHA512 | 922370be98094b4fd3c82dd595add38f971a1b77d32d942463d4f23a3d9ef8c41cd42ae2fb76d2c3696edb1310fec117eeac02aaf8a679c414760594c8d76e1e |
C:\Users\Admin\AppData\Local\Temp\RcwW.exe
| MD5 | 85f683efd58566ccc26e096409488e8d |
| SHA1 | 7f25d465e6590f94745cd514b3d0d53190b823c5 |
| SHA256 | a9026248f839914f5a7785712acfea747176731286a885e09518f1a971219b77 |
| SHA512 | 775e76a443a6949aba6c0f0f9cd50378f9a712d9b3d6fb8bf2cc39f9b77c25f1867b9a623fb3d8b4c65e059c31fcccab2bf7f1258773636573794dddb9c4493c |
C:\Users\Admin\AppData\Local\Temp\AUos.exe
| MD5 | 1223cb82b5fe66c2c3f0de60caf8eaca |
| SHA1 | 36be1bc03ac75f1509b149393853ebb0bf486dc4 |
| SHA256 | 23ee18c4af981e78aaaa412d26bea856d9953a9eb455a01e224b172df64264dc |
| SHA512 | 379827d17b2f0a6912355fa6b657a5da5afe8189b592fa26ec6f488971b9e758dafa7476b48a5787acb30c9adde004d5e3924406eb5fcdb6dafdd9c2f6afaad3 |
C:\Users\Admin\AppData\Local\Temp\aAIi.exe
| MD5 | 6b1fde902a3c88639947aea3c35fdae2 |
| SHA1 | b5db19becae6c80beb9b367182156253e20fe54d |
| SHA256 | cb623afe3ef122056f470f4ea313cb925e53a22e5e73a0715591bed1af366b56 |
| SHA512 | 88eb29451fe2dffb9d294037029965989df0072a4b9482f95529791407e46db524c74e41c4e61711c2808fdf62cb101f61609e327ad2aee039ba9ffb722ecf1a |
C:\Users\Admin\AppData\Local\Temp\hSgUoQcM.bat
| MD5 | adef1738074f5601f407ca71da2ab7ee |
| SHA1 | 5b5bb198633821d0c2d0f2ace018c334c4a07363 |
| SHA256 | 110a9b93d4943c8d7941a75f2328ec4a2008aa52ff68a6190ef08171f0fdcee1 |
| SHA512 | 51bafe99bef4071005d308fab41d88dc2fb9c0bd840714315e453a01e52c04678a5eda6d10b9348e56451f51d2f3a440435d9bd762b8a9fbd1486887adf2b312 |
C:\Users\Admin\AppData\Local\Temp\IMMu.exe
| MD5 | 8450b29d15911d84616d90ef0567012c |
| SHA1 | 6f6393615b2fad67b06620076790320ea033dc1b |
| SHA256 | 985b9afbcf2d53826a70f6043e7e06e867c344cfe1d5c4806169608483fd39f4 |
| SHA512 | 3fc529885f58c79b30afd2b8ccd392c6b4abcc3d517645688c71696eefba91f4470f1c9d68d1e0e2f79491407b6761f1cafe3f985443431ae06b5969e960b2b7 |
C:\Users\Admin\AppData\Local\Temp\bmYEQAcc.bat
| MD5 | bb7f9b13f8775f74333d3816657fbc86 |
| SHA1 | cefdeeb94eea97090c60ed6b2337a5b23df445fc |
| SHA256 | dc3977f8be984149f30ab297f62b6e0245953c7d4d69e5a334cbf1bb2814716e |
| SHA512 | 56dd770a9f8e5d7b68e859c3a65fca1920c219f64c5d50fa2f7708156f0a027cdfd391c43e858417a8f28bd197196c1f09630d091cbf4e97d6f40a4884270451 |
C:\Users\Admin\AppData\Local\Temp\nkoq.exe
| MD5 | e2ab108d7c47232ea286bea24d71bc2f |
| SHA1 | 8621db95b1fc28cd4a662e4b386063ecf93c1836 |
| SHA256 | 94378becf79594e58a9e26ed7a407858ff55f50ee3393abeb67e53d6e5b44df1 |
| SHA512 | ad47e2df506db8091c0d72b56ed7816f9bc987e3afd58b3647e94390689a9468727b87f338669296b565a5a9121c3f540e1a2e2ba8b11086604738b908eb1960 |
C:\Users\Admin\AppData\Local\Temp\OoEi.exe
| MD5 | 6cdc477f0bc2b07677688f8d0e743890 |
| SHA1 | 6200b677cf137b284855637f7cb096c2691c44bf |
| SHA256 | afb8b1011f967164c8f6aaa0242fa96e96bbcb18b8f0203c1b35fb295d72b1fc |
| SHA512 | b14d6c96b1673437f8f0da6c963254c9c07e2d02dfffb615fa3375d915141f2a1c1a91b35e0454ca73de0b4a4c1684bac0aa6e498ebd3a03a316235202ea5e16 |
C:\Users\Admin\AppData\Local\Temp\ekgO.exe
| MD5 | 3137f7d0337a4dfd2d975855a4b2dc96 |
| SHA1 | 4b36a4f60b4d42c79bb9a98f3f40586a815b02f7 |
| SHA256 | de6212ffa6feb58410d3118923118f40eb7473e2f0283f38f31b46b4a42563f8 |
| SHA512 | b266dc3a3ce9e015156499737ce2bef3bcb89bb0401c3340abdee7ab98407e2244bfa1c0f27a10a97670354e66cecfdc3b1ab16018c4c0fd1d0aa6da055fcec3 |
C:\Users\Admin\AppData\Local\Temp\MwoYUEAM.bat
| MD5 | 67cc489ade813466070eb8f55791c4a8 |
| SHA1 | 4b8511c6c0e5829924e3b818f6eadc19964550c7 |
| SHA256 | 35be1dd3772aaa1edbea7a14be3838987122de92eba7c3bd3175f2024db409a9 |
| SHA512 | 2f4d2b45a07277ae2c157fc53d27a8277dba0d8229c24b297c0c8801cc0d2675ac0c7b059ffbde383c92ac670ac5919322ee12de948d0d4225417c6d8314f8db |
C:\Users\Admin\AppData\Local\Temp\REww.exe
| MD5 | 398b9755f840797cdf596ec860799cf3 |
| SHA1 | c195d487b503172ce3e0ca421c8a539e304b0df5 |
| SHA256 | f2abd90ca61b586bf2176035a0a2b10fe4783a111c8c3a7349c50d1ea75257fd |
| SHA512 | 3667ce090ea9c5fe101cecd8792560d40d631d068465d0ea12a142fe10c41acbd0b9d447cc54aa47af1aef79b42a16a83d15c0eca58d82f9ec006be46194f72b |
C:\Users\Admin\AppData\Local\Temp\eEUK.exe
| MD5 | dfacc8877e5e337ae017f70efeb5f727 |
| SHA1 | e0b34750cc9234a6415e280c0333b32c088219ec |
| SHA256 | df08368e68291d1bb8ba4c1eb2b356c9f1c5d1cddb68af396de56ecaaa2b3dd5 |
| SHA512 | 236ba4baf1474dcbf383078bc2ee881dd997a312c25e1ba09d9020323343c231f0b48926f8e06910042044cd7b029717a41e01680eb164de110137bef3edb0ce |
C:\Users\Admin\AppData\Local\Temp\gQEs.exe
| MD5 | 580cb892c47684b6e3fb702e7c808ad6 |
| SHA1 | 1ec3b6640c5aedc574949b5c63d2da991530fb6b |
| SHA256 | 692436ff8711d02b3e5d17035d16406a3c09339d14f9621813f2f78f1a7bea65 |
| SHA512 | 28806d23f31edea53119e1800df50ca265306ec2b450f9e21b5417e3e0aab3a3a48c85112aebf6881fcc132896c7fe069d4a0be9c2a01f0eade8bb3ea18efa84 |
C:\Users\Admin\AppData\Local\Temp\Oggw.exe
| MD5 | 548e79d45d470a5e267811e6d4b1981a |
| SHA1 | adb3e81e9d9a932690cbe535c6b806ecbaacb451 |
| SHA256 | b2c44341ceb00fcb03511118cf8ca5bc7325dd32b412174bd37e58cd0354b11d |
| SHA512 | 039c4daa293c01ca7fcf9bb6520682325cb41a29e8209444f19f25b9555b183c71079e9666cfd26b9f1464b3c530ea5881d761c3934bd7f8c837e8c910992d97 |
C:\Users\Admin\AppData\Local\Temp\KcsM.exe
| MD5 | f150142376b24fa75f10658af50b743b |
| SHA1 | b364e293fb8373104191534f4cc713f820683914 |
| SHA256 | e8ad09f3feed244e02532e96a4d44d02a6c81768be9f010e448a85fb5ed8ec60 |
| SHA512 | ac81636bf74b538ba0620e2cc8b1a9302fdbe0872b01e5c9e313d7aa19f7f7711e7ce9a1f70e28cf06c0f034eb27e742585ea36a19c3b66cda6aa4c8c8e44b72 |
C:\Users\Admin\AppData\Local\Temp\QcEA.exe
| MD5 | b8bd5cbf874d6bc779cb88487a97b464 |
| SHA1 | 13e551436a18b9f86112992f0153e575930b2da0 |
| SHA256 | 48e2623ed0a780ff5e2075ecc474f025e0c284400127da68eff65f63d24b2c18 |
| SHA512 | 0ff04cc3e36ec484c2b45fba48f0559c102a6d6d368c844c42729dd6483059fdc759ccadc2c62d098dd4ffa0a2957ce8acdb077adfcddc80ef58bb39f0d2e2a3 |
C:\Users\Admin\AppData\Local\Temp\RUss.exe
| MD5 | f82d2eec3401835160ebbe2c8180eef4 |
| SHA1 | f93af6853c1b667755909f0265976ccbba529ad1 |
| SHA256 | c46ca2b15f036d165af18cef1464f8548d186d127f105e73edc1f8285410912f |
| SHA512 | 312142a3f7dfd57ed2c08d4f021fc5c7bd37f7cd949c4eece3d30eac1a8e79958babe0f22c60b0d53e667c561261ccdf1cf236755980885b0e5dddb7b1942ce8 |
C:\Users\Admin\AppData\Local\Temp\EwokQwwk.bat
| MD5 | 6bf282a74918890e4ef28cb8574d963b |
| SHA1 | 2138050eebabf561bebb339bb1ebdf678438ec4c |
| SHA256 | 0606178dfc91fc1783d0ca4a30b2bbbbf0e64f18a35a611ea34855d21d113b30 |
| SHA512 | 8427a0c37504521b50ab6ccdf4d1b80057f0a6d8af20342c723c35ff0af27b6fb6e0ea013dbc3a5ca8e9a00b2790d28a7a0f2a9782baa5e41282cf08f96a2c94 |
C:\Users\Admin\AppData\Local\Temp\fGUYMQEw.bat
| MD5 | be1c1f9fc4b2e675d98e64913e523ae5 |
| SHA1 | 8b9031fe4f76f9966cd0e4f86bc36d522beaa22b |
| SHA256 | 9ce9e57f3c0202c8edef2e663700650bc88f23f70f85e3dc89d24e8356ae9f63 |
| SHA512 | 222eb680f0e16915aadba92bcbf2191a0ca02d59e3cdfbf4c9e494601401c45a692803882cc18018712d210c4eba308d5829c2208a2166345a9acb82f1736c96 |
C:\Users\Admin\AppData\Local\Temp\EwwswUEY.bat
| MD5 | 467ee3d0d05110b783afe2dbfebad6e4 |
| SHA1 | 1f0024d4faa4d162400ba7f3c21ae8c779d744bb |
| SHA256 | 9de3926915abf9ed8b6be4277e10c22b37dc96196c9a6ae5d17da5ad92fd381e |
| SHA512 | d4694183b8d8f2c3a7519e73c101aa0b8a9336022a4d39c5cb90e687410eddd89e33cf53f043bf630e6195e3844dd4a5b2d24910321c38595250b9255790771a |
C:\Users\Admin\AppData\Local\Temp\FQQIUkss.bat
| MD5 | eff34a47a9e173c72c2db1ce20854548 |
| SHA1 | 5d5a916ac8841eb92e25a84422c7a4494faa3172 |
| SHA256 | 4bd8e27377dbc62ef433f25360192aeb5f1c25b9694c03e9344c4fdd30b0a756 |
| SHA512 | f2d5de6422afb31fdfa22291aeb639bec32a0230231d50ffbac5dc95999a035d394700639ce12e71d9a05a65aa2473c2b4df8291e976e962ace548c35845bf8e |
C:\Users\Admin\AppData\Local\Temp\EiUoEEws.bat
| MD5 | 7b09950fa43dc58b1cbba4e1d746df26 |
| SHA1 | a87b1d6165d14e67fef0a212cac926a2c50d97c5 |
| SHA256 | b052fff9bdc0181ba47bc4a7a5d8fe2dba4ee81ec6f40e029f8142c21426579a |
| SHA512 | 5da4171bed73382e4e673f0751b79cb80e7860e44a3f21a6be90d599a1522256e5d62f636665a2929d8c8653d43350ba52e63d2aef118d0faa7d1a3e6b71e581 |
C:\Users\Admin\AppData\Local\Temp\pqQIMwUI.bat
| MD5 | a74791feb7d0a2384cedd05fe15b4ddf |
| SHA1 | f7e2ff531920d55a5c9001e1daea2f25c0aff76c |
| SHA256 | 169e34c84311d15be4e474692727abd0d1e0a556eb85304ae291b68a7a552a5e |
| SHA512 | b8522e720bf9af672f93585f1f7fd3211b81f584cf68f8782d405499bdc8f3e78335079f74f978d6dd79239b427a45058b5439e6a0b0405b848d2a0de9689c7b |
C:\Users\Admin\AppData\Local\Temp\ZogkYYQM.bat
| MD5 | dbe487b046cf55a4d11cba6c1e1f8262 |
| SHA1 | 250bbc8ea86a7032d5d61ca5c5d1dfadbc68a8ba |
| SHA256 | 6d926a84a448443d8d8f6b91f871ef143935e2e1bbb71ebe0376d907f4fe73c6 |
| SHA512 | 1bd860a147a4fe9aa3d71064d679df4eabcd0197469d0194575b2f3cc978fd2e8b62cf51c01eef658c00f18c21f0523dc864f7532e6d28725dcead312f5f42d1 |
C:\Users\Admin\AppData\Local\Temp\NgkMMQUY.bat
| MD5 | f5b57bbc1a830a725ce7ca884c72c45c |
| SHA1 | e0acf38d317491181293fd50a724a8d6a669c530 |
| SHA256 | d0137cd12d390a612aad0d1d4f46d2e14ba4abb9c4597edc9cf71e30386a5318 |
| SHA512 | 464515d0adb7050ee929851a35c8b93bc1b2b7ce0b59290ff1badbe850ab7b724960b96cd92991fd69bc480cbd60c1386dfb7c1580e7715c57e71455ffdfd42e |
C:\Users\Admin\AppData\Local\Temp\HuAowgcI.bat
| MD5 | eaf62515873fe3084ef9828daa7e4046 |
| SHA1 | e4086549480e831b6c9ad113ada2f5eef6cc65b5 |
| SHA256 | 9677392095002e110bcd0988025d9cf5ac448de441167318bf59f0a3119bf0bf |
| SHA512 | c031aad14bfb9fa5e2435d54cc0c209df763266c096d67dad1c630b93c0e147ab38197601a2d74240d0b9703daf15d9dd5dcbc59ea153f313b0e3abd09ce21cc |
C:\Users\Admin\AppData\Local\Temp\LWUIEgYw.bat
| MD5 | 1315e6a0fa3359eb523335071236c4f6 |
| SHA1 | fb5d0dff72900957205d8347806ac8169ca9dbac |
| SHA256 | 7e2dc1c00cd01da00934b222eff6a4fbb466bcd6f5a721288cc71949e7a68af1 |
| SHA512 | f7ffafb88f777cf3c87356e318a79ec38e7548ab179128614a12c83e2ba5c19b2a7e01be6a6addd448cfbe3c45a9c7aa63a69478c086bf7cf8f1460f52fdc962 |
C:\Users\Admin\AppData\Local\Temp\vgoAoYkE.bat
| MD5 | e770c2b1a19dc50d1bfa6f8cfe84da0a |
| SHA1 | 8bc53a782346c761c0d11321a2ae80edf64230a5 |
| SHA256 | a3b24d6928aa4bcaa2067bee6f5660fa7804db3f3385c160e120ccaff7363eed |
| SHA512 | e2bf1971ce87385b84441db167794ca8b8da150c694b9909d3ecacab496bdbf8b376955ffb1e15479f8d1f3d3bfc47872340e1387f3bed99ae53bdc2dfea9386 |
C:\Users\Admin\AppData\Local\Temp\nGQMokAI.bat
| MD5 | 753288c20a81302a9c89bfd6a74f2795 |
| SHA1 | 0bc71e26470f4002f654489b0b3280e9571b4773 |
| SHA256 | aa62d12fe596768d97316953d891f30a6bb5ecd412c75c195b67aedbcb5be8a2 |
| SHA512 | a9a7c8873bc243aa34f1b781d2416c3f9d128adf212e68f553cbf984ead1ac8d073fe09cba1577485e698e770c68a24bcab1ee3d92b14221541be926510f8b63 |
C:\Users\Admin\AppData\Local\Temp\zCcMcAcc.bat
| MD5 | 4a00c3d8cb841cbc282e64c5566b0a65 |
| SHA1 | 264b69066fc7a42f245a7ae1f1c1822d98ddc117 |
| SHA256 | 54685211efa36dc71b6844a89f9ab7b494a797e116c4349188c03fe52b87467c |
| SHA512 | 4a06d6028d008668219b9c9634f01c2254f20308ea0ea9574f6d0063c9093bf07c7d8a2531923fec83805326bfc50291e11ff359d832450402ea378aaedf1a3d |
C:\Users\Admin\AppData\Local\Temp\OEUMEUYU.bat
| MD5 | d8114366465114acc4a62a670c718df0 |
| SHA1 | 3046b2a500fd80140b5708a15daabbbd0e642693 |
| SHA256 | 1faf3dbdd590cad60d18832a9fbd51d0ab82c89f20927909ea68fb292cd88b98 |
| SHA512 | 13f762cfeba0a095f1abe8c378a68ee5cc0bb37bc3784e15c8f082de417ba9d305512751e72b880fbbcdaa39e37927084667d19e1c0f6d154af4ae5ad7f8a09f |
C:\Users\Admin\AppData\Local\Temp\LMAEUIwE.bat
| MD5 | cd92bdf34b37ac79d01510469964287d |
| SHA1 | eda63403f40ddad2368fbb7f4f80e78a6360cc5a |
| SHA256 | c494028ad9cbd5f95d3ff354f2692580c1e2f7e65900e41a9f6d0034e6b999dc |
| SHA512 | 931a34387843cb624ee8b4586416ba329dcbe03a65c12ef11fd0dc6cea1285995c71f155b8a9145c92364791acb6f0f805f4f4db1d0a6bd5766a7d93da7eba12 |
C:\Users\Admin\AppData\Local\Temp\VIEoMEYA.bat
| MD5 | fdf7a9a7e07b7dd4a076ccc25569f7c7 |
| SHA1 | 9a4cf9e2d1204e2e0677b6289abad8009f6b06b3 |
| SHA256 | 1197057dfe7da6ae714d323553578794090a3db5008171ac39e865b465e5f0e0 |
| SHA512 | d79bb2f208874f7b68598d8e65e93850d704300fd7c2e374b7ce0f4354b20168b65ac5103cf33acc2243d5e11b674043e8254cf24ddce9b5fa617b884b698bb3 |
C:\Users\Admin\AppData\Local\Temp\xsQQMwAA.bat
| MD5 | f1c8a8bea091556fc06e460e16ef9a40 |
| SHA1 | be6c48cd84dec2fb97b5b544a0c7dcd2d3e11ce8 |
| SHA256 | d8dc883041f7178566ba4fb1b67d76d4b9cc1cbbc3a38fad8bda5eb8d2bef11c |
| SHA512 | e297201532afb2acb61265c985937f0cfe1f1ea7f065b58915573212e8064fe246d70455f61c728f495b712f96590b7392ca6d7287864f9460f59adcb181dc99 |
C:\Users\Admin\AppData\Local\Temp\LgYcUIcE.bat
| MD5 | 48e4b6e48758dcb19eac02881a99ecf4 |
| SHA1 | f511d7ea38775ec8673c905f4d47493a06f7db22 |
| SHA256 | c0e52ddb33267844919180415ad2e0b6cfe27620ea76ccbb3883fd3a8ed3fdcb |
| SHA512 | 033dec6172cc0f077b097236fd66db448d40e94f1776be010024f193628fdac92e64046c622fdc337bb3eb5ce498a7f546cab8f8c7929e39b9cb8485f60c768b |
C:\Users\Admin\AppData\Local\Temp\VSQEQcEM.bat
| MD5 | 44209efd29eb06c27aaf21b76686d896 |
| SHA1 | 8e70298b268bdae273ed4ff37b8e51f894d35776 |
| SHA256 | 85565cc7a59b33ac95d1a9684d426603b1c8703ffccb3ce939ce460fc5a859fb |
| SHA512 | 9ccacf8d3e117c25cf45745e893302ac72ec840ab289c55e97d117377406e1b8a1df041101203d46198ec58041f997ba047b0f291b758d390aafea2c02bbda34 |
C:\Users\Admin\AppData\Local\Temp\YekQYEQQ.bat
| MD5 | ed2fb463a40048465aef2e08b4b5b562 |
| SHA1 | b32cf0c7c041b441ac5a6fd3d96dfc5d223a4604 |
| SHA256 | 086f3287aaeed70a54da6010b1fee10f51d491e30aae8f671782b3c84905f7af |
| SHA512 | ca6b41b79abf813a5581fabb37c5b06d218ee06aaa40e22f67590dfab75ed8d2a95d0f53233f1268a3744fce1eb772bb0f26a173ed4193e4266856e2124a5db9 |
C:\Users\Admin\AppData\Local\Temp\ngAEcUMs.bat
| MD5 | d1ae67738efac8c7c9a68666243f0975 |
| SHA1 | d9871e7b5b02ddce8917bd4e0790ecd8165c301e |
| SHA256 | f00437a928649cf0c42249a604e5bb4f8fdaa32c476a3707830ed7e6979e190f |
| SHA512 | 2fa889de9d99f03851e966679a0d5f13c2fcdc6392d9a85690d31c34f8a240c2a0f965a94b79b16897d9049a58ac6dd1e4edda003b6229e1d81c20e319a08cff |
C:\Users\Admin\AppData\Local\Temp\sccUEUUU.bat
| MD5 | 83a882fbaac509e371834d359fe41be3 |
| SHA1 | ba560838cb53c53691d4c0cac9a126f87860f7df |
| SHA256 | d242b2fd546c29cf84de15bb762df72a5b836d589cfade12c80db84decc49274 |
| SHA512 | 21498ee1a4e536371c9af1b5d21652a1613f4e447f1c2aee3727a012fa12a83c220977378f708e0b189c30d9a329c6da7b28457b5cab81d381c84058ae69ef53 |
C:\Users\Admin\AppData\Local\Temp\KQAgEYog.bat
| MD5 | 3fa4be18dc5616daa7dbd69b5aa5870d |
| SHA1 | e960c17299cfa14f8cd3b8a5470acbffa0112c3e |
| SHA256 | 6dcfee6c024b97ad9c146ffa4aba07a99f670064aaa45d4b383da19bbe7ce01b |
| SHA512 | 973f052e4fecc3966c3d0d5140368ac0b43bcdea39f74ba2ea9215c08c891bc487afa890355974b8cd65d58184563a0ac7f2a1b0788efe4d96805d0a30f00d92 |
C:\Users\Admin\AppData\Local\Temp\RKYAkYUI.bat
| MD5 | 787d69ffb32211eede3ba5e9d22cfe59 |
| SHA1 | ceec3baee12e845033fa14594e67de05641e1ca5 |
| SHA256 | bcdbe5cff9a4d2c6c57219545c9a738568abced0c0735c491a1c29df33af4b66 |
| SHA512 | 65e890d80824488e87c76c96c9f43741249e47e016a4fb6efa1f811277c4aa94bf92494b7351589da3a415592ae609f9973473d4a1f0987f40e8132cc0203b60 |
C:\Users\Admin\AppData\Local\Temp\LuEQQUwc.bat
| MD5 | cb6f52e109e34c42858cad48346adb09 |
| SHA1 | 04a1d881b6e24462bdb5ad176245cd3735582f0e |
| SHA256 | 41f76bccb9b0ad9d41fa125e01f628cb24ddcfe5e82a005979f05486bd47d755 |
| SHA512 | 3f7193afaeb133fa2bae6b822019a7ba1229306042c90611af96132136bd180d780f90a6173cfe68669d3df2a119506c83ef4ab7f3ea20776263b8e8577c7b67 |
C:\Users\Admin\AppData\Local\Temp\fMYe.exe
| MD5 | 434b1970f321b08c768f8ea9b31399f8 |
| SHA1 | d111c87ef9b2d8aa90be1ab4f54fbb53f331c476 |
| SHA256 | 09566de04b9a77d548c6cee82f16b1c18665f2ac3325b21a5e46a9e99eca12b9 |
| SHA512 | 61bb481f62fc9e4ec1fdce2af6f004df9b2e561606e0f5e115ae462334157f8214fefd7551ac6d42347180a67dd6508909e252694b468328b66baee33dfe2d1f |
C:\Users\Admin\AppData\Local\Temp\wEEQ.exe
| MD5 | d4fadbf2c226dd04135a523c96fefe59 |
| SHA1 | 9bb8c7c1466f498c50c3aaa384df8a6c8b788b12 |
| SHA256 | afa3c050cd233c12eae5f8efb7d7518ccdbbe95ac8a2cf7c56c1b37b3438d68a |
| SHA512 | 38815b695be285b292792eaffb7aa2b048b240dcfb279724c0880b6a8f23a95aaada27328eb22c18e5f96d81c64e0234b185078f98408c41d1ac23c5d97dbecb |
C:\Users\Admin\AppData\Local\Temp\EosM.exe
| MD5 | a78084b964d367f85ad1a7ba4e59abda |
| SHA1 | 00d1a76b97e0c6ad99419a46d42e239a93e627cc |
| SHA256 | b141132ca1c723dc7b0e8c6f293443d1428f3896cad3aa3e31cbe7aa2681a59b |
| SHA512 | 67feb8a4fd060db6e05449552ef2b14dfae479285cacc64802056204060eb26a5e8625487fb442057dcf22825909a86facbd87d3de9b848b4a06c956681bdf49 |
C:\Users\Admin\AppData\Local\Temp\ZAsi.exe
| MD5 | bd8fc511133d717c935b513ecc368678 |
| SHA1 | a4a5d7d1c39623a78f269c3e7f4d0b9d5dd14add |
| SHA256 | 608083d41a4d0999149c82498ab5d744b6f0bff286443274fc329e84880f9210 |
| SHA512 | 95e256e89e3d582b7e3d4f230317f97656ae0fb6d2ea0fd8b308b7e1c7d94768b003286ae58afdec5955334c0d97798f0c1f31710343166119713cd56717361b |
C:\Users\Admin\AppData\Local\Temp\VUYYkokg.bat
| MD5 | a4447440d2f7adf0ad048abc9dcc5570 |
| SHA1 | 1c343ce02be9766c6468655113bb8595c719ba36 |
| SHA256 | a1c4ad4816e02df1e9b8116ed88952ed37ef2dfc3dfd433971e6a194f56e6fae |
| SHA512 | 087f09af5026109253621920448e4e9c05966e69211d8f36ac98ea4c485ed7ee54e0e219b3ce608853a24b4bf4fb41935d4aa995ee3e9078c994c2f2da0a71be |
C:\Users\Admin\AppData\Local\Temp\naQooIos.bat
| MD5 | e99c360457338e070988b6c5615dfaa2 |
| SHA1 | 52c1cb1aabd5945d92c36e9cb139b12c397a072b |
| SHA256 | 8d5ec9945d0720f1fa2b938ff79d80a318f09f894af744b22d139db20dcd2053 |
| SHA512 | c14aba969067877c6461df11ebc48d47ef36973339d2e77efff77b392811244770e0e39ed917ad595caccc848194bfecac17a766f5846ff86efd67bc2f7e3667 |
C:\Users\Admin\AppData\Local\Temp\OSAQQAcY.bat
| MD5 | 2417cfab6d87ec2beb1f7223d9eac29e |
| SHA1 | c0a940135a65530dc8a062dc0c94e336ffdc5ea1 |
| SHA256 | a0ea8309bd8a8f2b6a8662081080942eceb0d4b8a462786ce79f9cc3f741c306 |
| SHA512 | b256624e026e978f7b445c19b8b480e668392918330bd57a0efc07ea1841077ccef0bfed20bec6de2142bc3d872be8bf31cc1f87185c4fdf98e0e87f0b0ac333 |
C:\Users\Admin\AppData\Local\Temp\csAkskAg.bat
| MD5 | 3e0901319a411619b6be737cbea26793 |
| SHA1 | 91d8bac95907248dff30aeb8bce4fa3dcb8cc199 |
| SHA256 | 5db294b03c6424c92d2ce42f06fdd4311b96c24d53cd9773c3dd984c1757a042 |
| SHA512 | 6e5ddad03585e47666f2f9116c9588d9d66c69ba9ec378008fd7d5fac97c79511877aaeeae6d5d6df8ad753b21deb38c62ed296f95ec3635b5a6229db2cc8e46 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-01-25 17:33
Reported
2024-01-25 17:36
Platform
win10v2004-20231222-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Kinsing
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\System32\Conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\System32\Conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\System32\Conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\System32\Conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\System32\Conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\System32\Conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\System32\Conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\System32\Conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\System32\Conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\System32\Conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\System32\Conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\System32\Conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\System32\Conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\System32\Conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\System32\Conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\System32\Conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (79) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\LyUgggEw\fsUgAkso.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\LyUgggEw\fsUgAkso.exe | N/A |
| N/A | N/A | C:\ProgramData\IScMUQMA\mUgscsUQ.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fsUgAkso.exe = "C:\\Users\\Admin\\LyUgggEw\\fsUgAkso.exe" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mUgscsUQ.exe = "C:\\ProgramData\\IScMUQMA\\mUgscsUQ.exe" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fsUgAkso.exe = "C:\\Users\\Admin\\LyUgggEw\\fsUgAkso.exe" | C:\Users\Admin\LyUgggEw\fsUgAkso.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mUgscsUQ.exe = "C:\\ProgramData\\IScMUQMA\\mUgscsUQ.exe" | C:\ProgramData\IScMUQMA\mUgscsUQ.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\LyUgggEw\fsUgAkso.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\LyUgggEw\fsUgAkso.exe | N/A |
Enumerates physical storage devices
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\LyUgggEw\fsUgAkso.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe"
C:\Users\Admin\LyUgggEw\fsUgAkso.exe
"C:\Users\Admin\LyUgggEw\fsUgAkso.exe"
C:\ProgramData\IScMUQMA\mUgscsUQ.exe
"C:\ProgramData\IScMUQMA\mUgscsUQ.exe"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ICYggoYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tkYksYcU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fKAAsUUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dUEQsgAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XmcQcwkU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ssscsEIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cMoUscIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ywgsEQUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EYoYQogo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HSMIEMsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dSIAUEgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RqAMEkUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TAkMIQMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ISEYEYkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ecAoEMwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kgccUAsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dIUAcgwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lqcogcUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JqkwAkcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rMIUUgYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KOMYkMwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UmUIggUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eykwgQoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DSgIEMQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LeoUkIgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vcUgoQsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sqkAEgcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QQIQckwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UwgkQoMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vmoEQIgs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nuMAgEkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nWYUossQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PigkoUAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KYowocQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EcwAEYsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\System32\mousocoreworker.exe
C:\Windows\System32\mousocoreworker.exe -Embedding
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GAAAEMAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MmMAksEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XUQkMYsw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pyYMkIEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LagYEUoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yKwEgQgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GiUcMEMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yQUIcUIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xqgMMwgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HOwIYIoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BYEsgkMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PSgAEQMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BwYgAsYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oUUcAQcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KwcocMAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gGQYMosY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NEQgwIsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pEEwAcYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZcQYMoIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UWksoQgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SewIEIIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QAcokEUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fiEYkIQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HAUUkwcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JQwMEMkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qwYQgowk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GWososUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eUssgoQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dikkUQAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pWcQIoog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HYsgEMwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yCAkwwkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iacgsIok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gwQQMUok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AkEIgAQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fuAwMAAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\haEIsUwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NMAIwEYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TgkkMooU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oSwUAksg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YigAUoAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kqkwQYkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rMkYIIck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PcIggkIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XAokwoQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TCAEQwcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qiUIIEkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YUocgUcg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BKIoYQQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmsAUosg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mQokAQUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bWQoUIsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xqcMwkwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NwkQgswo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kUUsswsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GEIYYgcU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ocgsgAIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EqUUoIkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TYsIsQws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xwQgUQsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\biEsoYcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QYAUUEQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KWksIcUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KWsAQAcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VkIQwEQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lGgUsocA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JOAoAYEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uaggMoAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ueMEkEgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dGUsAIgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DuUskIcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rgQYAIIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tWgUYQYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VUYgIQAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UogEwgEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GsMYsEME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aGwgMosE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pukIMksU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fyIksQwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rSgUMUIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JOokYIEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cmgkEQcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MmIkYsMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\agMUsQQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RmYwggwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xIMskYAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XYMMocIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZskgUgIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cSsMYkso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UgIEIQoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YWkMQsII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\heUgMAAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nQQsYoQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TAIUgsYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock.exe""
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.180.14:80 | google.com | tcp |
| BO | 200.87.164.69:9999 | tcp | |
| GB | 142.250.180.14:80 | google.com | tcp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
memory/1176-0-0x0000000000400000-0x0000000000437000-memory.dmp
memory/1244-6-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\LyUgggEw\fsUgAkso.exe
| MD5 | 7a6c998b8cd74a2f13031a4a016138d1 |
| SHA1 | f0728076daeac2b1ee95a3844311e8b16c359ab2 |
| SHA256 | f983d4fb18f01b35e778afeaf56f1cd8531f98c2f4f898e5e59528ea9e17dc4e |
| SHA512 | b324886f87442b23fac414409891ade30473aa8905a718bfc6b483fb1d832188bf93204ea4d1c247a5fc3b5b10176d6ea5f83e24cf1239be2e6df9e6a7492b1b |
C:\ProgramData\IScMUQMA\mUgscsUQ.exe
| MD5 | 95b337aa80812eafc9e81874e8ad3a57 |
| SHA1 | 0a59bbab4bcd126dc93440a7c0edb0c761625bf5 |
| SHA256 | 663a87e2945b8569f7703d154cdb342a2cf148976a8034f4ae3088ff41d33d92 |
| SHA512 | 75f9e800f11fd047b1a849a2cb5f3dbcd1239d0fc28a1ac97b3824dafe432e9beb4fae2acfec28b86e6a7b5f7582410a1578a26bb47b923f11232b909281c8eb |
memory/3448-15-0x0000000000400000-0x000000000042E000-memory.dmp
memory/1176-20-0x0000000000400000-0x0000000000437000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ICYggoYk.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
memory/3936-30-0x0000000000400000-0x0000000000437000-memory.dmp
memory/4432-34-0x0000000000400000-0x0000000000437000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2024-01-25_a4396d5a9e6a31e5116c75ed8445a710_virlock
| MD5 | b1d0a5c199d9edc1a273e408124ed491 |
| SHA1 | 82dbeb87395618e9292b9dd7a414086ae43cf412 |
| SHA256 | 512c67620d9906aa3db4ebc6839e4a74c832e750d4805c77d6de0e6a76740d77 |
| SHA512 | 3c3eefcf3679d578fe6d4891071ee4bf2d6e7ae9366affee4838f7a161005035a390aaedbce5527f55fdbd622bcfc47a86b094feeb7f7f454bc71bcdbfd746d5 |
memory/1608-42-0x0000000000400000-0x0000000000437000-memory.dmp
memory/4432-17-0x0000000000400000-0x0000000000437000-memory.dmp
memory/3936-46-0x0000000000400000-0x0000000000437000-memory.dmp
memory/3260-54-0x0000000000400000-0x0000000000437000-memory.dmp
memory/1608-58-0x0000000000400000-0x0000000000437000-memory.dmp
memory/3260-69-0x0000000000400000-0x0000000000437000-memory.dmp
memory/2576-83-0x0000000000400000-0x0000000000437000-memory.dmp
memory/2156-80-0x0000000000400000-0x0000000000437000-memory.dmp
memory/1892-91-0x0000000000400000-0x0000000000437000-memory.dmp
memory/2156-95-0x0000000000400000-0x0000000000437000-memory.dmp
memory/2512-104-0x0000000000400000-0x0000000000437000-memory.dmp
memory/1892-107-0x0000000000400000-0x0000000000437000-memory.dmp
memory/2512-119-0x0000000000400000-0x0000000000437000-memory.dmp
memory/3952-132-0x0000000000400000-0x0000000000437000-memory.dmp
memory/4992-131-0x0000000000400000-0x0000000000437000-memory.dmp
memory/2852-140-0x0000000000400000-0x0000000000437000-memory.dmp
memory/4992-144-0x0000000000400000-0x0000000000437000-memory.dmp
memory/4912-152-0x0000000000400000-0x0000000000437000-memory.dmp
memory/2852-156-0x0000000000400000-0x0000000000437000-memory.dmp
memory/4912-168-0x0000000000400000-0x0000000000437000-memory.dmp
memory/3260-169-0x0000000000400000-0x0000000000437000-memory.dmp
memory/464-182-0x0000000000400000-0x0000000000437000-memory.dmp
memory/3260-181-0x0000000000400000-0x0000000000437000-memory.dmp
memory/464-193-0x0000000000400000-0x0000000000437000-memory.dmp
memory/4164-196-0x0000000000400000-0x0000000000437000-memory.dmp
memory/632-203-0x0000000000400000-0x0000000000437000-memory.dmp
memory/4164-206-0x0000000000400000-0x0000000000437000-memory.dmp
memory/4556-215-0x0000000000400000-0x0000000000437000-memory.dmp
memory/632-221-0x0000000000400000-0x0000000000437000-memory.dmp
memory/4556-235-0x0000000000400000-0x0000000000437000-memory.dmp
memory/4768-246-0x0000000000400000-0x0000000000437000-memory.dmp
C:\ProgramData\IScMUQMA\mUgscsUQ.inf
| MD5 | 9a34109f6900c2df0489fa6956f96f1e |
| SHA1 | a92e31c97631a37c6e3a61089a202c77ed3ff578 |
| SHA256 | db7f1bfb5362a69213d5f42c86e95a8be1e9a46c98520408cbb9a38fa3033828 |
| SHA512 | fadf1ac1fc8e5c9d1283ab0cca7316ea25a176635305c2fb37981e8703120e10086f70581b0a01885c9f198fae5b23fa0dd6bcd9e8c844e6cc87883785f2173a |
C:\Users\Admin\LyUgggEw\fsUgAkso.inf
| MD5 | 90500fde514d3f611605dfc0e5b8124a |
| SHA1 | 38894060432918e7a1a8c08a7efd3e1d9360aee6 |
| SHA256 | 08bb23b79da985262c2e9d085728cdf88ce679c32a0ac24bc3cb9fd2cb8a935f |
| SHA512 | ab91a8ce971e75ac6b28ca0bd149de9161379e084c499370b405ffe5d2e363238cd3552514de4d319a13ea928fa19b0f748387344aabb29ed50bb9a1fdbc562e |
memory/3436-261-0x0000000000400000-0x0000000000437000-memory.dmp
memory/1892-262-0x0000000000400000-0x0000000000437000-memory.dmp
memory/1892-271-0x0000000000400000-0x0000000000437000-memory.dmp
memory/2360-272-0x0000000000400000-0x0000000000437000-memory.dmp
memory/1416-280-0x0000000000400000-0x0000000000437000-memory.dmp
memory/2360-281-0x0000000000400000-0x0000000000437000-memory.dmp
memory/1416-290-0x0000000000400000-0x0000000000437000-memory.dmp
memory/5044-291-0x0000000000400000-0x0000000000437000-memory.dmp
memory/5044-300-0x0000000000400000-0x0000000000437000-memory.dmp
memory/1812-301-0x0000000000400000-0x0000000000437000-memory.dmp
memory/1812-309-0x0000000000400000-0x0000000000437000-memory.dmp
memory/400-311-0x0000000000400000-0x0000000000437000-memory.dmp
memory/400-319-0x0000000000400000-0x0000000000437000-memory.dmp
memory/4272-322-0x0000000000400000-0x0000000000437000-memory.dmp
memory/4272-329-0x0000000000400000-0x0000000000437000-memory.dmp
memory/4508-331-0x0000000000400000-0x0000000000437000-memory.dmp
memory/3704-335-0x0000000000400000-0x0000000000437000-memory.dmp
memory/4508-339-0x0000000000400000-0x0000000000437000-memory.dmp
memory/1256-346-0x0000000000400000-0x0000000000437000-memory.dmp
memory/3704-350-0x0000000000400000-0x0000000000437000-memory.dmp
memory/1256-358-0x0000000000400000-0x0000000000437000-memory.dmp
memory/1712-363-0x0000000000400000-0x0000000000437000-memory.dmp
memory/2112-367-0x0000000000400000-0x0000000000437000-memory.dmp
memory/4128-372-0x0000000000400000-0x0000000000437000-memory.dmp
memory/1712-376-0x0000000000400000-0x0000000000437000-memory.dmp
memory/776-382-0x0000000000400000-0x0000000000437000-memory.dmp
memory/4128-386-0x0000000000400000-0x0000000000437000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\egky.exe
| MD5 | 508775342f488bf3d98731bfd221d131 |
| SHA1 | 8e58525c5ba609d8f0d50f8f35641223f92ee317 |
| SHA256 | b9911bbdb30fc152fa13c9932dcc000f8e635cf761217723ce8f581fb448fd6e |
| SHA512 | 66fb2254b21f7ea6d817a40cc54c8d1a6b792adc9bc77d1e5953d4ea67b10a7596690e4331ab02e0264026558d254addbd8ba7a034b151d3284bdf2f2e245636 |
C:\Users\Admin\AppData\Local\Temp\cEkY.exe
| MD5 | 84e87d8234dd3a025b247f7ac8ceb84d |
| SHA1 | afef0b27de2c9100584a9d0ca643c5608c6bb6e2 |
| SHA256 | 6f94c4634d76794f8ba20116b0b80ac4af96783bac0fbb2935319737e5687a09 |
| SHA512 | 7d55b26e4fc3785c6985c02a071873536565e2f6657cdd545fea7c62d105389c27d2353432033cbb816db669ebd2f9d122679d373180ccca78966e89cd50bbdc |
C:\Users\Admin\AppData\Local\Temp\KIMA.exe
| MD5 | 42373454ed08a5c12ff5ad3be1b4dde8 |
| SHA1 | 5aa379d7f413a84571318d3a9ee0603284c9f90d |
| SHA256 | c0cd5e54e4de909074fc5dc882fbe7d218ed0638077952f681294f39e9349163 |
| SHA512 | 0cddb926e80110164fcab124f43d9581e9652850df5d371ee43b19d9a995c574072bcbc3c2451d75b71157a55eddc2e8dd615263df754630ad21e35db509cd61 |
C:\Users\Admin\AppData\Local\Temp\ioYE.exe
| MD5 | 72dae3c84a72e0ee2fce9617e073bd4e |
| SHA1 | b141d6b4616f8e66ca261fefe0355e78c6087d6a |
| SHA256 | 76a0252898de98cb66e427c03bd7262144ec1d54b1928ada559c920e3ca3816e |
| SHA512 | f1cc882bb52cf38b2a90e4a52bcb6cf3725a4ab3ae91c4918880144c0889a8a6a9cf9b09bf62e91447aca9c027903e8bc9756bbe0cd5bbd17e3e222365a31f1f |
C:\Users\Admin\AppData\Local\Temp\CoIk.ico
| MD5 | ee421bd295eb1a0d8c54f8586ccb18fa |
| SHA1 | bc06850f3112289fce374241f7e9aff0a70ecb2f |
| SHA256 | 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563 |
| SHA512 | dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897 |
C:\Users\Admin\AppData\Local\Temp\mMUu.exe
| MD5 | 5b08c8a1e16a30478fed2d9f62f95f09 |
| SHA1 | 45534f1472dd739ceed7961320ffeaa1418a3d89 |
| SHA256 | 420d578aa0ec222cb6ccc89993c952a6d0fbdf8457b5edbf6a120762ac7ff031 |
| SHA512 | 5606346f4f2eab8e7445cd5d03bf35fb401d60bf4192ad3f61c396663971914148fa074851f9246cef1c6d34f7166fa6c539171430a96126de2ed55bde9722d7 |
C:\Users\Admin\AppData\Local\Temp\AUMU.exe
| MD5 | e86e1db5c530497e7858360b497ad9ae |
| SHA1 | e8120f7c33f620fb3930664e1982169e3e7f91d7 |
| SHA256 | 1955c1d60c9e9c0b600773f729eb5b360f78c334cc967db33c5b3b20e498a1c8 |
| SHA512 | cdd4103f12c8636e5d925d892a05896eb1b3cd961267a968a6005cb0c365e94c30fff353c207daf823b98c377a6216526a05889e22797811c54d2dc176abe6ae |
C:\Users\Admin\AppData\Local\Temp\MwcY.exe
| MD5 | 4fa7518012a00e627319ed7e16398fc6 |
| SHA1 | 3c54f385b26b9e09146a6750100a2263938ac829 |
| SHA256 | 61d8390c22b08af31cdc58baed9ac8ec6592cd89d79e14ceeed12ff06f85bbcf |
| SHA512 | 7a8cdd0f717b7105e4be487dcc3e557365d3d3feef9a0cce30ecff4a55a447effad631d4452d68c3641d05b4d11cc8e59cc551f7c3b53a42a7786eb0b7fad55f |
C:\Users\Admin\AppData\Local\Temp\kcMQ.exe
| MD5 | 9dd5f4349a818cfe258c54d7dcde1910 |
| SHA1 | bfd6762dc01de294e1405dac47e954a217692e9a |
| SHA256 | f401a38b92a764991e1feda4fa6a2ae4bde07afaf54cb046e0dad0d6ea3f84c2 |
| SHA512 | 609bbab3d2a0cbc02b4b0d07f3b23000a1c86ae057ed35a6ebfad816772ded0af6242249be6816cef20246499a31143d5a7fb8dd89f952bcd733ba984497070d |
C:\Users\Admin\AppData\Local\Temp\eQgW.exe
| MD5 | e136485ae0c0f397f4839c85ffb8565c |
| SHA1 | fdb037b5b1f432365382d3b5a7fcc0ac2888883f |
| SHA256 | 6a6628e35d6a251091f5713e12655ed5f6f157fde5c9d6916e15699577258ca6 |
| SHA512 | 5a90a418a3d4f03c151573184e09f184243d01a140445f9c798491b84b5f7116c1e72966be9a4fb28a03edf06a8c06281ad57f4aa64588807b596d858b3cf714 |
C:\ProgramData\Microsoft\User Account Pictures\guest.png.exe
| MD5 | c3e3a26e24095fdcc5354d8fc4ff705b |
| SHA1 | 20bc38fd689f3471a568d7ff0538290f343e257c |
| SHA256 | fca3a9d00654bed292e1cf2e8b1162febac93d23b980d60949388cf22cb19ff4 |
| SHA512 | 206581781edf8a8e2ea1c8ba9e564ea1db2f6007fd43ac0a7183b5ece8373289fe0aef7de48ddfc49b03424303e8397af9094a5c6cfba174eae422ca989b6b97 |
C:\Users\Admin\AppData\Local\Temp\qksK.exe
| MD5 | 242b0829a3d52b7dc01db6f2a288a533 |
| SHA1 | 26611f42f87291499dd7a18f8424ef8c9cfe2404 |
| SHA256 | 34d435ae19ecacaa7f31c4e71593420954036965261c3d7b84f00e52542e57e0 |
| SHA512 | 8dbcefee29cfd12e636381002d324e54faccc8d9288239bb4f89dbf1be7225205bbc8954e1a3120f28c78bee09c8e4e5d7fbdc94380d2baf6febc8d7fbb54454 |
C:\Users\Admin\AppData\Local\Temp\OAow.exe
| MD5 | cf2886ba4d351ab412aee05668128811 |
| SHA1 | d6fe643a9b8c138e6d53dcbd3e136fcf65c4bbf1 |
| SHA256 | dd7bb76ef8d5b82c29870e2d79be323ce318058e3ea550c1eeaeb7fd857fea23 |
| SHA512 | ac17c0881c94f5b034527be5a849e59e915208833860f6fbaf9eca20eacba978b8a67372c281bd21c999a091f4dfdc62eb80c4068a1baa166a84a0399be5254d |
C:\Users\Admin\AppData\Local\Temp\qYUm.exe
| MD5 | 8bfc5cf4d406ff49db42779aa55ffdc4 |
| SHA1 | 07a70ef5364cd56aadcc7fb5e4a42c5d1d0b662a |
| SHA256 | 18f59088fa015e7f17acd47e911227152478a060bef49d45a12034e266bb3a5e |
| SHA512 | 880281309fe6f4d186f6afc5817f4c73a983dbc83f0705e6a16d1f8774ed0cd4aaccdc8a669fc5bf868cd639ba22da705b6a20ce0501e0585f961bffd04a6879 |
C:\ProgramData\Microsoft\User Account Pictures\user.png.exe
| MD5 | 25a457adf41e0bedba98ad63959f8f3c |
| SHA1 | 2b80290f90c1f3d2749b888eb1fa17f0f45c9235 |
| SHA256 | 8c53d78eedf03523aae6f7a1728cf9979c0222b3f125ed67febbd1e616367dfb |
| SHA512 | ae6f9c9468f7583971cfec6a310e5bfa91fc65666cfc362c60c8c1e8b4b70fb5f55cbc834a49ed3a5a45c4efbf26f51c4900249e6d9e2a1f9dd7a30639e750d3 |
C:\Users\Admin\AppData\Local\Temp\cwQG.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
| MD5 | e1fe26b37f83575d5746edb20c2b2a0a |
| SHA1 | c211f94d7f5da66a34053d479b1c6e89592af562 |
| SHA256 | 31718052bbdc4b06876a914a2d8eba30a3f8101762e5c1add938c63efbe96ea7 |
| SHA512 | 98e371b005f44b144ad755d1a2b0be4aaeb72a7a4d46340a9c5164c88ab80d7255595a72a4e5f7c16caf108441102461ccbcf2ffc0ad20023e289c4db1270ab4 |
C:\Users\Admin\AppData\Local\Temp\yMAO.exe
| MD5 | 7014609405cf0d510ed1c5d4176c3f9e |
| SHA1 | 0f9b3690e3087b9b21964dd5c85fd26453200464 |
| SHA256 | 806cab95c4e35dea81e26396ea3d27fcd4897281191c3d1dd7324c3cbac35c50 |
| SHA512 | 0475a332d08d5e664d3082c1e643bceb150eb6c2be408815ddec5206fdb75093c5f4b01d218f1b448aee5c06afa6459e49230a5c8d97bacb2814c7488443f354 |
C:\Users\Admin\AppData\Local\Temp\YoIe.exe
| MD5 | d775385119f3725c02a69895818d7d7e |
| SHA1 | 4327b25e82f228b3ba55b1c5fe91a3b67a234baa |
| SHA256 | 4c5a045a21ef389e177e69f49573fa837763985abc71b71abe10943bb55eee2f |
| SHA512 | d9fcc3bae494e8782fe7405b8989b538c8aba3ec5b54635da4d6c62d5b457a76b6d6d594df9764781be06b460fe28b16b1a7b48c147656e5ffce9437f273f34d |
C:\Users\Admin\AppData\Local\Temp\oEYg.exe
| MD5 | 062696ea89e31e9f2f34ee31f3c1ca30 |
| SHA1 | 52b86315efb08562c3d3f9c0c7f7dee451138f90 |
| SHA256 | 33706189a2b1490228f5f8e5712a644acc2f1a3f25f8b06f079924b9f3db94ac |
| SHA512 | 71bc12c598787dd56d71c0faf9493865478881f3b6b49868428e9dda6dd6514c9300c92cb3ef1d7c1ca04bf2da2d3868d2ee9fbc9891d3b58cfba34a1577a063 |
C:\Users\Admin\AppData\Local\Temp\OQMm.exe
| MD5 | 273b099e1bab10eff55a2dac0879160f |
| SHA1 | b8fac7649b7221865a0e0e6140161fe204d10e2e |
| SHA256 | 4ac176b90ca603884bffb8cea41d945e732d77cbf4460797e15a0382e83c99f2 |
| SHA512 | 3a1e9fe6c3a032c799286826607f6a9b32956c9a61195e12373083468f634b1ea0a7fd3b2008385f9855007635fada5786c100c6ab42674758026f6a3fc0f2ff |
C:\Users\Admin\AppData\Local\Temp\wokI.exe
| MD5 | f70b4be116ea0677e819f703c6d8e83f |
| SHA1 | c5e8861b80e18268eb2192c96046a4db3a596a6e |
| SHA256 | f87246a28cbadd1b1e108cc30441b66ea38fa72a797bc57fac1851ae716356bd |
| SHA512 | 70021e75b8c2e48d9b9017c918c4e70b1f343b21a90ca26542b3ac433a4f53961620df3cf46bb13ca6ee1dd0099d74fb26f35addf0860b3ad2962f9a5665a3b0 |
C:\Users\Admin\AppData\Local\Temp\ucAQ.exe
| MD5 | 7b39db425645a822266f741eed52f4dc |
| SHA1 | c44c63c5824b10fd374f67fe4a842774d00b0211 |
| SHA256 | 99caf0b0546075acc93175f03a7649023457ea1e2fe28f51f5a4eb35f2064729 |
| SHA512 | 9714bb09db6d4601064ed5252b505377d55c3bff54ee384fa97e05b0251958a82c2e136d2209e9c9042a40fefd1a5456ddbd446bb754c39ec7ab5f464d6413a9 |
C:\Users\Admin\AppData\Local\Temp\kooK.exe
| MD5 | 1528a3b7b00817b6138d61d049f3023f |
| SHA1 | aef486cc1114a7eec5757d17715609af1a23c9e9 |
| SHA256 | e24aa84c745cef8cf1b29ecd7b6c9863dbf4070489e2b9841e5e66ad42a5b8ba |
| SHA512 | a789a427cee44b8872b40d0fc7242fb3c68be99caf69025ec9b9c0955e72e6dc7b0c99d5ed1d883ea0c0f90df688dfaf0b5b3e6fc421815430fe27aa16e75a86 |
C:\Users\Admin\AppData\Local\Temp\wMsK.exe
| MD5 | 710a915043dd7fb1320f1c52c5ea4e12 |
| SHA1 | 7172c0e010485c475a91613def3e1655c0ddb7b9 |
| SHA256 | 915e7b723594fb2bf17fbd2c792ed774085ee307b4c1e57cba0cb8720844b7e5 |
| SHA512 | 7b219eb9fe030ab3c55d959ac9e1e745e46c543a673099ec7bd83a93a6a09cc705e1c8af9b65494eddbd547ee8eb03d4b804377c0ef3f17a30728acc2e43fac8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\icon_128.png.exe
| MD5 | 136b03d6f984dbf5df08c2dd5c70a38d |
| SHA1 | c168caed94a775c74b7c487a1bf0726351f46c61 |
| SHA256 | ae448bdf184682e5cf6d1a57fc94b5ebad9ac45e58bedaf956419b475c7642c8 |
| SHA512 | d6f4a7e43cbccb5390da7847214f3639e07b9c2644584fb7ab188e2e2286d38a95707e2a529e478cb8d212ce8a0819270e63919044b205ed3a4455f7debd0393 |
C:\Users\Admin\AppData\Local\Temp\yQAy.exe
| MD5 | 528bcdceae30f0f99d98bfddd81942e1 |
| SHA1 | 2f19beb68e29c5a69a2d649239cb9fbbdd386e1d |
| SHA256 | 9fe38584663a881858be06bbcf566f03acf08339df69f842a666597520860fa9 |
| SHA512 | 6685a983bd88036ebedc40ca5fcc2bbe9c02e0731088fe2af1657a377868af812755331433be23e67479bd8cdd76d857b22e17fb3f3adb8f26112ad232d42d51 |
C:\Users\Admin\AppData\Local\Temp\McEY.exe
| MD5 | fa121116480d1a3db3bf799d4349a489 |
| SHA1 | 003185b6f14f3485b668478cd8b8ff2f436c2a1a |
| SHA256 | 7850d7d9534bf47825f7589ccc25dce350a77d09818c00269d6173279f56c37a |
| SHA512 | a786b1f24270c01319f1f584461b999b34962ef5df33ec838ad36c6975559c75ee8016db4fd92cbdbb13d5d0e45e991fe2d053c7b0fee843953958b67df3c63f |
C:\Users\Admin\AppData\Local\Temp\sUss.exe
| MD5 | f5c4f7413b8f83d0ffa6508a0d962203 |
| SHA1 | 52d51f162fe127d605d22e49a3f286233bffe1d2 |
| SHA256 | 485ca8b499685a1a94a139355d902729af6ced600dae5a20ac098d04d466a240 |
| SHA512 | 136d95e66e96d3e4ddb84edc465345d90f75dc638cf01b9cfe1519af5e495e5082affed586f0371ce460ce4d5a2269f7d629db5ff398f3ffc997c9c4d5115719 |
C:\Users\Admin\AppData\Local\Temp\gsAY.exe
| MD5 | a9367e19e91714b5d0c0a346b9a512cd |
| SHA1 | ff981affc223c52e3597d5b6ed15cca219009f67 |
| SHA256 | 36bdcc520974ef5b906b8d0037077fd2c0b08cc7e8eb7dc520d50e136eb44e2a |
| SHA512 | fac9376307aca79fe3931b7f81232962fc4787e3720528f5ebca820acbcb1c39a03d0965a261d57393d25bf06e7a99ea717ce1d7f1e7af9859ab578dcc0094d7 |
C:\Users\Admin\AppData\Local\Temp\ywgO.exe
| MD5 | f37d0c59278f664d27473f81ab73ba6d |
| SHA1 | b917990e9a196b3148f737a82489f53b28116304 |
| SHA256 | 90acb42242a261690ae60a9bba8dbee9c850adbccb3e672fb83498d10eb4a848 |
| SHA512 | 5733a8238b255c45fe8ce609ff08dc2b96820698e4e59b930c4117e7fed54a55d7082324eda1eeec39e759738d8610e0a387e1bede3f9f62b8597527ac5b701a |
C:\Users\Admin\AppData\Local\Temp\eQQS.exe
| MD5 | 16838c12a15b65aeef6e177acc3d560f |
| SHA1 | a78438daedf6ef777c75aa72ad7f268b338e0441 |
| SHA256 | 51f8b8364b383521d20acc1b1b7419df07a57756ffbe60600965941a1cff7a17 |
| SHA512 | 1d9f3decfb10919b506018a50b5fad909b7593631fb67ebb50e6b2ecdf2004ce5374559ceb13dd7c110654d51692224d71925b2b79164375b2037d292f26d1bd |
C:\Users\Admin\AppData\Local\Temp\Aokm.exe
| MD5 | 09169decb38e7e59d8e9aba58e8cde13 |
| SHA1 | 31d49bc2b4b79c96711b2191fac11054c41867d4 |
| SHA256 | 04a38dabed51e6b594e33d9b83922134ed675c500994be23e407bd6b5331e778 |
| SHA512 | 1db533398da02d2de2cd654366e5abbc6fa93b36e6dcb5b8c8cb9fd6cffc10e7159f0dd2c8fe48bcd7d59262ecb409cfb50a8ab9b6dad63ab0e8ae88fb841cb3 |
C:\Users\Admin\AppData\Local\Temp\QEgw.exe
| MD5 | 289f39267e6c2b2fdfbde5880643d71d |
| SHA1 | d8493849814455b3a85e51bf48dfc1c30b197007 |
| SHA256 | 0bba882fcecdec9abb33812c0e12d541504938d98f62a93e39ff27861d27ea64 |
| SHA512 | 174a711de999c4de9dd3e7db2264997c96fa1dca05bd9fa3a5b26b8f8d0b473714ef880b74b50b7dce02c97bba96eacc56089e6d01ebefb81db9ffac38b1f332 |
C:\Users\Admin\AppData\Local\Temp\QoAC.exe
| MD5 | 2da313fc2f90ec19c60ed525235fb371 |
| SHA1 | 04ca92c381e2dc600bc1817c7cbc7e9a302998e5 |
| SHA256 | ed1d0d97421cb0792a15e697ee484d891fa5721ba191466eb04dc3fa9038db49 |
| SHA512 | 3cca13282fb92dce7f1d76013255861e373f6056030651597bfcefbdef456094a66d7708e809103d4513adb7642c2b4376e1a0de0085e2f404946f0bbb2c39d6 |
C:\Users\Admin\AppData\Local\Temp\IAIm.exe
| MD5 | 133a58122ceb4f7e2be568e875805230 |
| SHA1 | 80d435331fe1c2ad9a96bf7633d5d328b957ee0a |
| SHA256 | 1e03605bb51919bcf4937933d9230996a79e508f5767f64b499a0c9229750c79 |
| SHA512 | 847abdd7aa4209d4fd45ec519281727550e5a515266dc8165218a4090e08dcf27e8fc5a9477485a6ce05ebd13cd1d32b6a57f4a7d8f18cf594c81adfb76ca2d0 |
C:\Users\Admin\AppData\Local\Temp\IIkk.exe
| MD5 | b2e0214d5c67f18e184e6670de91be73 |
| SHA1 | b82a728863625b528fdba1a99a829a49571ea4b6 |
| SHA256 | b5bfcdf6ba1063de8905adc634414adb71d03e5e3e54aef8d42f118386076ac6 |
| SHA512 | c744caaa738ee37f0374391a3b5fbc0aca98d1d66a84a808e30db6326d27451f8fdcea5bcd751fe77eac7049563d0f74e0cd5903d641b29bd21fb4ee60e6047f |
C:\Users\Admin\AppData\Local\Temp\UIUI.exe
| MD5 | 602a02cb52f61b5e6e443c6d0b1546e8 |
| SHA1 | ddc8fde872f64f1fbf9b6ad2fc8ab8e73dbf9dce |
| SHA256 | 4a646122edeceb2991ca55129af6f4591598b2b7625fb6063930b463cbb7fe7d |
| SHA512 | 3a35bafe924b781dfd962e0cc89e511d259bcb3cf2d6e1e4c9ba2bfe20175c705647624cc3a45b4456ad8bb46c44c835d771a671b14ed39d471fbc6dcde57b60 |
C:\Users\Admin\AppData\Local\Temp\qYkm.exe
| MD5 | ecce57053c3ed0ff2a78d6dc11c5c222 |
| SHA1 | e47c5c19b79dcac3f201d964e7fdec07ee98be14 |
| SHA256 | bb50a6fc5945965b1b1044bbe8424caac9f85bc799d7dcbdcab5721b0a44a1cc |
| SHA512 | 717356b8600b8c90b5b931543d0a84653bd0a2fb096b2335c2ab7bb35ae05bb93063c163e8e627f6835cc70430f7275d05d6404825b425338e8f8294fce186dd |
C:\Users\Admin\AppData\Local\Temp\CwAo.exe
| MD5 | e17833d5eb55493e8ed9fedeb806be2c |
| SHA1 | cb15d6dfaa11b23a81b3519e5f9b0ec722d3933b |
| SHA256 | 1ac00b7ef1c90c815d61e84d2a631282495d7e388c55725e322207a8018290a2 |
| SHA512 | 60cb6b166034e30fd399ab41f4331824fb222b1da8ed6a56e75b5b38e0fae224782a8fd483339b67d87f44b3b6f5c6c1e5029e61a176ace10214315bea97e3b4 |
C:\Users\Admin\AppData\Local\Temp\wcAK.exe
| MD5 | f439137d3c21de44a0b147d9cc885f2b |
| SHA1 | de8aeda7d03cf170c8585984c1b678d17c23b8df |
| SHA256 | 4481be86ad29c7c7ddeeaac3e89dd24cf015b2a2b0e19db102ff6306563deda4 |
| SHA512 | 2bc9968cf8d32e8463f079ed36261dd61ddc125daa7e838e9bb9aed2e897f719fb0993002abb30b0c15bd79f481cc4dfcb635fed869a869ca562c535a07c7083 |
C:\Users\Admin\AppData\Local\Temp\ykwE.exe
| MD5 | 2393cb79460dd07d4fa16a606eb6d048 |
| SHA1 | 350ae650775c92cee22e2047990062f313fc6b4d |
| SHA256 | 5e0b9c09a3a37fa87dab0797f67296164c2e878227a46c93ddce5ca4e029d26c |
| SHA512 | e37df0e3a8c0bd7383a229728c7011590f45c9d41d4866c0599187a43484158f2ac5b391507a86d785b84603dd8a71f20bb5e5b96e28762d89eb86e49fb1be6d |
C:\Users\Admin\AppData\Local\Temp\CMwc.exe
| MD5 | 1c7721504f3b5fcf743529d44144ae9c |
| SHA1 | d7cff990ba8ecc6869cda5ffc640cfe0022d9ece |
| SHA256 | 8470b5eb8d5a52e15f113855baa8c57956639896872a26c13435837fb276b64e |
| SHA512 | ffca612c5007cd33ddf50e06e2046970157f6eead34abc2296855b9c28793d6d1377e33cfb3f8bb85ace1fb53f883207e6e9288d2180db3d519fd3aa79dd241f |
C:\Users\Admin\AppData\Local\Temp\sgYY.exe
| MD5 | b738ca0655f9584ed4e9321c274de3ce |
| SHA1 | c9d40c05440821c40a3a7105df15f67b090be0a1 |
| SHA256 | e800fd7efea3fb4b1d2b5e546f8aad1a696e76f4ee0b648a3cd3f93610715cbd |
| SHA512 | 668b73f7e436c9c83e7d5ffaf626fb17f0b7987b5f4b315d4f5d51d92c663e434c90166ae8c9bce1cf9b4089d0fd6bf70111e5f901b69130ed44c1817573fb3f |
C:\Users\Admin\AppData\Local\Temp\eMEm.exe
| MD5 | ab8408eb135ad28561b620d3ccb270dd |
| SHA1 | 8eba2e29e38134e129315df5dee2832c7ce092d8 |
| SHA256 | 5867bad29a8dc4cf4eada92180748e88955cd70f0f4524227429110ed9f277ca |
| SHA512 | 052e726e82b4f0b544bd64fa8071da7dcb44c1f150d29e20df3dec36b9d7c3b411093c8aec8a2a2383e2af5ef48e104067312f9a27082a49ed94d1a0348d9b56 |
C:\Users\Admin\AppData\Local\Temp\wsUw.exe
| MD5 | 8ff069946a77e6e4eb39489f92267745 |
| SHA1 | df3c33c94c7c4b0046d2c67017a3d0d24fa6e274 |
| SHA256 | e82015f01df46d97de044d87a015c6a1da784a78e63f79ad926893bc43a909b0 |
| SHA512 | c4029a825939ea8599cfc71730755044ced71e2d839a6bb4479a91223aea6fc784320dc5db03631e9d5602bc4237b5eaf3be2a971d0822be6b7787a4cad798ab |
C:\Users\Admin\AppData\Local\Temp\iQkS.exe
| MD5 | bc3177c8c8f214d7b1a64255ce2bd2b3 |
| SHA1 | d30f5fb2f0bacdca51e66136e4c4537f85d9acde |
| SHA256 | 2e5e1d26919f84f38547abf1e98d7bcbfe1b07a4fda50f57bab90cc321c6513b |
| SHA512 | 8a325caa5d449b1b599c8c9535269bc179209c927232d1e66b1f002695543f623ea8ba2aeb1c6b1a75d472758ff6e6dbe06cd5d4f2325ca578639cba119e50fe |
C:\Users\Admin\AppData\Local\Temp\mkgk.exe
| MD5 | 8022dd5924d7726b19dc4cb34de4ef84 |
| SHA1 | 56c49c880c619d0d05c5e2eb1cb054c833be523c |
| SHA256 | 70f1a59ddb914740b54a704e071a51a19e5977168564892d818a9c4d6bf0a3c6 |
| SHA512 | 7a83ce07ab276c93cd873547ec923e536f6f03658e663625db534f693d77b5588f67a80ca33c44094f4e328ffa44d945a3c3cd0af36c551e610d1a4c83bbd2b4 |
C:\Users\Admin\AppData\Local\Temp\YwUu.exe
| MD5 | c7c71f7462c254b5b21889555336b09c |
| SHA1 | 8a7a54bea4d915214d86dfc89e168fbb8d0ff31c |
| SHA256 | e56ddab00ea8f68067e43c3b6f03c4111b639ad091c309131db9a6e9510a3acc |
| SHA512 | 1237a3f2d16325ca70a659f47b46d05f1aca5a6d5be473e72334d97f2f635f25ee7ab848c5419694907bc681395316b001974f99ff1b3348575f73400ec6171f |
C:\Users\Admin\AppData\Local\Temp\Sokc.exe
| MD5 | 992798b86fa52d141c4feaf73f1773f8 |
| SHA1 | c3ac6c0b3062030687e9535da58023f2494bed95 |
| SHA256 | 33a0da35b17fdd5575a6df930576548bde4ba4d0278a916d513fc3d1a598b25c |
| SHA512 | 18140e22271334ecdea053b47cd174e15538b39a33f482c931d21ffecc9d6381d8f85414baf92068fb8161159c642a0642fd22c3defcc0c4973ec8c9f1e8e119 |
C:\Users\Admin\AppData\Local\Temp\eAco.exe
| MD5 | c6615cfa0615d580248ff59568121460 |
| SHA1 | 1352c1683c7f847c5432506a8d8240f260a2ec0d |
| SHA256 | 60f3ffc9fb99916bc5b13c6777e9b4b0d9efeca04dc4d4fbd25c7fec15baa5d5 |
| SHA512 | d0710402ba649e573ad574a99d00c3df54ff2b28562253ce598c86a55eddc788b171aaa13c470beca9f6e7063a6f7a8a80491dc3a7c73791d60d94484e9edc11 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons\128.png.exe
| MD5 | 9b43ec770e8c75b7f1a1c0d16e274bb3 |
| SHA1 | a2e338919aec42d563c42d8c656457b28cc8470b |
| SHA256 | c69f116a5e4c81b627bacce2ce778237b3ba3ca4f8647b20c1b036df39d5cac8 |
| SHA512 | c186b0df349b01e557a676b9bc734601dc3f831d694865d413ad4a6d4d2c1644f6a303134f8e30fc065d2de9edfcd20b2838b082a822dd2690126cb3aa69eec1 |
C:\Users\Admin\AppData\Local\Temp\oAIS.exe
| MD5 | d596280b48989db82653b2371bbaf4f8 |
| SHA1 | 57aebf43ddf3c53c4d3e7bfd45d7f955b3d10326 |
| SHA256 | 850fa75ddc19d91f07e7d399ca0968b8cd6cc7ca2ee5e3a5d008bb3a8dacd0d6 |
| SHA512 | 911e0f5f3f3bbf58d2491eb415d430a48e22b090c827d76fdb27c4f9a361481fb110f557089033130da31627ccdee1f5477bde4677fab68da85d2fbf214b6e9a |
C:\Users\Admin\AppData\Local\Temp\gscQ.exe
| MD5 | 53ed10f73945bd7350f2674e821570ee |
| SHA1 | 04585e57d644e6350f6d981dc48eeea3fba44927 |
| SHA256 | d2ccc1dfc6fc0aae6748bec727b40684bced9393992fd9276c1df76aeec008ec |
| SHA512 | 895ea22e46a46a8181410248ac6642aa0dcca825cd8754c355e069958317a8aac8cb854359b0e67924d334d235cd8c0ae379a0ba1faed66396129c50cf0f6a2c |
C:\Users\Admin\AppData\Local\Temp\SkEe.exe
| MD5 | 60e02a36052b9e4de5df9ebd18de0823 |
| SHA1 | 476f5d074bc6993098db2e6d9fe8ff938fb99639 |
| SHA256 | 1027422ceb02fa029c5c877994485163c9e84ab759b8a425cce0f5303a1db345 |
| SHA512 | 440fd3458a237049dc73049e553619c5c905098d6fe176f7da6e1ff512020992bd09c0721d0ac0a2d4ca9052d9a3fe9f27ee4f6c9db7467f1202dfc5531c1212 |
C:\Users\Admin\AppData\Local\Temp\swYa.exe
| MD5 | 6bddb60dc3b522f391a8225a6957142e |
| SHA1 | 36ff0aeebe9fb38c166159194f01c64621cf5afd |
| SHA256 | b16789d0fbb84d48ca2c32546857a4116f9c8868f8a1614294155d37649c8c67 |
| SHA512 | f7ffcd62b1d0a46c76e83649e86625911f722666bc2c998d337bfa79fe830ec98b1b4348b9b229edc972c493670e78b62da80731604de74e8a9212006109bbc0 |
C:\Users\Admin\AppData\Local\Temp\GUcw.exe
| MD5 | 94d011440bce088567fc39f7bb3a6934 |
| SHA1 | ae3a3570d8cf9dae2fb4ef668706244878d5dfcd |
| SHA256 | cd1af3cb25028b1d6ecded958d2fa73c385b106c83ee73b15a831793724c82d5 |
| SHA512 | b656469c8b244b8ecc1f436db4af070a36ce517e776975092ff2aa76920d0669b9adc22f125327bd904e6aa31363cb0046dc8cab28c407e28b5dbb2867a9cc4f |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\AutoPlayOptIn.gif.exe
| MD5 | 31df8b4aa81e0da5f89e907eda05874b |
| SHA1 | d69b69e8149891e65bd2f8120ff421d06422e211 |
| SHA256 | d14cc1dedd5875611c4a30ad1a1d0c7371975475a8caf5cafa621d7610ddb73e |
| SHA512 | 4ff7cbce065b0a9e2ddc6e2ff7d7042ba89c22eaa9c938d1e617f5dbca64985f9a3a69f141ae2bf73c0051b64d2467f7a2017e2d8f5602a106a3211b8e134eb6 |
C:\Users\Admin\AppData\Local\Temp\cowq.exe
| MD5 | d2d883d7a76c96fbf7e92f7bd8ceca0f |
| SHA1 | db3809f2c3219b4f3651168f257fcf809992d635 |
| SHA256 | 7ea1e4f9c3ea13bb36f4170b0ca12baebaab7043f1d7cf46bb188e225e6bc561 |
| SHA512 | f4f913cee8183b9fac64f24a37b6cda27de8397cec6f377fb61aa20536dc35ba5e2ce15bb7f8ebb8ebdb6912216ad0d42a4dbaf7c75e9916d7a7671de9005f01 |
C:\Users\Admin\AppData\Local\Temp\Ygsm.exe
| MD5 | ca9f81853fea7f12987fd05479b7cbf8 |
| SHA1 | 9dc1d16da41a8d66f9a568606514f65fd01f2565 |
| SHA256 | 51aac1e3e63a55f8f061ea02761458201a97e7e2ad62cfda342000ac5f73ed84 |
| SHA512 | 7cbf5636bfa8d52c89afc100df22d8594adb5a63096d2b7bb56b77a108653b44c23e67931eef960d35d9cbae3083ae2bef9b5948629dc104aa38afbfb726894b |
C:\Users\Admin\AppData\Local\Temp\WYYS.exe
| MD5 | 3691e39671b1c3adfe0aca8a853e6b7d |
| SHA1 | 7fdfb836464ccf4336bc23404445ccbea986c78e |
| SHA256 | 99d7ca8ad8c0d8e2b885291789ff90ae5e5ed299bca3be7206dd25647b69271c |
| SHA512 | cb3be8eb14b5da3275fc31c90c86461fe88743bb0e00d13b447b70ad43bc36db5ae2fbb9cf4478680d67b973baa88da5aff70340d1a57f98df1dea7d1d106b34 |
C:\Users\Admin\AppData\Local\Temp\WosA.exe
| MD5 | 6b0c82cb129f8ecf34789af9ec5b7081 |
| SHA1 | 49adab735b8be347afc03b15070d3d98fa67d16f |
| SHA256 | 4d927a144664e802eb645ac6bd304be299da72408838b7d8be20837d1cd74468 |
| SHA512 | cb51fa0168ab6afd135fcef24eee4eca6be0c14b6470b7fe5ad25c04f1c65377435bfb3dfb19cbce7500e9b03a91c342df338091c2085e2be5e0d57fbb10cac7 |
C:\Users\Admin\AppData\Local\Temp\AsYM.exe
| MD5 | ce1263a4b1e5a5caf9190b4965660019 |
| SHA1 | 7138516d4793e93995a324a75ec766887db97c28 |
| SHA256 | 5576e7424b54f62e3a22f149e0b1ab1fec3f1519906109f6989cc82bc6f99c63 |
| SHA512 | f7383c4674fcba02232e24c6623be4b2f00a4ec56a09e569a9ab501fa1f3733dd0425566061a8a4b235e8a89844eadeaa10115973db99a5cfda9d48c11fa0d6b |
C:\Users\Admin\AppData\Local\Temp\OYAU.exe
| MD5 | ceac83641bbf3f805504fe268d071426 |
| SHA1 | 53f9d7f5faf52143d7bdfdf22cc3a4533cac04ba |
| SHA256 | d40c268f90fcfaa9b57f501f10a26c935b5a97cd865071ea00f3532f411a6a8c |
| SHA512 | f96cf29e2610d210622cf481a5478828b62c434c936dce29eb8cc81d34ebe7a24e47a020df74e39864718c94aec238d17e1770e358e85f3fe4247a72f6c0c52d |
C:\Users\Admin\AppData\Local\Temp\ugcY.exe
| MD5 | c9b2ed239e380d2e6cc044c7e71790a7 |
| SHA1 | f33bf197826c061904c726914cf8d1a5d2946409 |
| SHA256 | 76ad6e65ef8256e90c095af2f33d23fc3d6ef549335280acbaf40a35fa8fa3e1 |
| SHA512 | 6c3bd1bbb43665d2516a47723d7b59507cede60039f101174027ce44a7223e292fa4e3370acdace72cff0c0e556f29758ff5043c76a1fb774bbbc5caaa5315bc |
C:\Users\Admin\AppData\Local\Temp\Qcsw.exe
| MD5 | 8eed99f501adbd2feff300dd695fca7a |
| SHA1 | 390c09fd32ec13f2da9df18e902b93bc3606c02d |
| SHA256 | 5fe4fd316818535ad8271aa36bf7c3f1b07dc6c1b411f0e94954e6a4a4324d55 |
| SHA512 | 4229294a7a0b896fccd064513f6253ace0cb27f12144a4b727370e9ad75d5e161855a0cd427114c01ff6fe3d224f9e9dc13b6aa67464be728cd88acb4b01e4cf |
C:\Users\Admin\AppData\Local\Temp\skAm.exe
| MD5 | bf7d13489295b74e47231303232e3896 |
| SHA1 | 2396d0038ac646056cd96138da69343e976ee997 |
| SHA256 | 565d9045e5db9b1e3c0643b13321e913e0c52f3ba10ff33e1fce9a97e3a6ff4b |
| SHA512 | 58da8b5c58eef7df6dc8b976ca557bf12edd965ee3d5c8aac6738f0e0f370c43775a3c8339349b390a5ea9958fa59f6a1892f3d1d137abc725f62d8a8db7719f |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\QuotaError.png.exe
| MD5 | 25f9b98e45813a2745f484b49dfc1ff9 |
| SHA1 | 72a5b82a882a36ca247fc6652ff313665da391a8 |
| SHA256 | 4c1969d4b42442a76cb158e0c9f6a880d85f51d2d8c570a702d3a9bff381645e |
| SHA512 | 56a223bfb5927bc4f5575736c980a0970305f28ec018eaf1c86bf44ed778b097387eb364a53bf8e9aa27e75c599bf445c4dccc456ddbcd0653d56eaf3652f01c |
C:\Users\Admin\AppData\Local\Temp\MAAi.exe
| MD5 | 69a944710128b58480601f9fbdcedb25 |
| SHA1 | 5072d77af0fd12613be92e7c30ff11928e7774c2 |
| SHA256 | ca0ed60e2d1893ed6b36be834c4dd0135f22002308acc56cf6941258cc19ba48 |
| SHA512 | b876758c8c8ec9cf79c2d7430ec9e3169a3dd684138aa1749a189c710d0fa5d9b954e8234f6f3aa6d7fd876d1b61bbd5f268ee2d04cfb4c09ea7f173e058b1ec |
C:\Users\Admin\AppData\Local\Temp\wUUW.ico
| MD5 | f31b7f660ecbc5e170657187cedd7942 |
| SHA1 | 42f5efe966968c2b1f92fadd7c85863956014fb4 |
| SHA256 | 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6 |
| SHA512 | 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462 |
C:\Users\Admin\AppData\Local\Temp\kEoi.exe
| MD5 | 9a7fb0ad0aa70b310f2b06c8852b2f2a |
| SHA1 | bb612b57a15e944aa18e3614d304af63406ab527 |
| SHA256 | c8694bbf9e0ef06e9c2e46f0038b3d898c29c7df47310442c6e3124f3e56d45d |
| SHA512 | a9596b32c734265584b3aa6ab6afb07eedbaa84a02a3d3ccace665907dc106230630ae614155934397a7d497b2ef8838d54ee0f69635616a29e9c2b2f415953e |
C:\Users\Admin\AppData\Local\Temp\wkYY.exe
| MD5 | e901153e81d1d15a38f151fe48626fd7 |
| SHA1 | 3fcaa4ef0e858a1ce67222f23db7a24796e603ec |
| SHA256 | 63ec5f086eb594b8db2e1e7b939b777c4e8377e7724e338c3b47181ba090f5f4 |
| SHA512 | 96be75d9de29f519a3bb245cc87afc6e7bd586a207c6ca91ae7c0af0c145ed4d3d2a4fa251ba062a1e9c44678a20826faf1b74fdc2c7f149e9cb3060f8e96484 |
C:\Users\Admin\AppData\Local\Temp\sEgW.exe
| MD5 | 3ce7119bbcc57a5058b58e96b4399500 |
| SHA1 | 18ec78e76e8c713853788b5bb14309225c4c334a |
| SHA256 | f208e6590f65dec26993dedc6e6f1737c2b8d94fd9e5ba09baf9d2364554f72d |
| SHA512 | 4c23431536e25425205e7da913abfc76fea394e75d0a1ba4cce4ba2b3903cf8a061dd52593395fc50392df3452b2f89992b39e32b2aad22113b3c0f214e12b1b |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-400.png.exe
| MD5 | e81378636c7aa46402ae1b4558fe40ea |
| SHA1 | eda2d7c5c7dd053551f6a150aba7af04bb65b150 |
| SHA256 | e87f01fd825a7548a3fe082a0d304b6e1e5deb30a0ba1f6bc702aaaf9e196b0e |
| SHA512 | 719a328e6f40975e2a4e944361865b824711a5a7a8e70eccc48248093fb99f3a2c3e19b2954a08a5c374fb82d747dadbac90e54285ff67f9c0f70a9e226ec0a0 |
C:\Users\Admin\AppData\Local\Temp\YoAO.exe
| MD5 | 2c22dadb79836bfa204901fdef448fcf |
| SHA1 | b11d450a71282848f555a7995cb79634bd697c0d |
| SHA256 | 76cb17871b4427dbf4140c924ec2853cb89075493fa37dc4579ee494ab03f28d |
| SHA512 | 0fb5ff205a65ad60fb57591050f11d7692f73b3a5b582b6532013364ec9e3fff4aa05991538592c3ff5aa77ae64663bafa60b402d00e9917d90602a3016840ca |
C:\Users\Admin\AppData\Local\Temp\Wkca.exe
| MD5 | aed1be3c6dd080e3e340e86859405275 |
| SHA1 | df50a60658b9c32f0b930758a99f90ac4b296fe1 |
| SHA256 | 34b1fb01062147dabbbfc093e2cee189a953fd247be60b20edd9337343d6fd06 |
| SHA512 | 2e7c6cefc9d38dec122c1c3e1d3a8d2a9e05c7ad5492a6cf38ec93101b901b2cdc079116dcb0ca21755a66f30611f81b1bd921c28da9f75690442044db75e8e3 |
C:\Users\Admin\AppData\Local\Temp\AEIs.exe
| MD5 | cbfcdef39d02cf2aaa1f2699d9ac7323 |
| SHA1 | 76ba7041f87e4b0b262ccc26fb493ac77b62be06 |
| SHA256 | aeb7a6a681fb7722c26ec74298157a4f83294fa52f0d83b56b94d129aed0d642 |
| SHA512 | 669478e4ac60b36195a7838f5234b59aba326334aa7749fd8bf5bb8c93328965d08969e8666123196c4491d4852e88d6f93e12bcc7782f740cbec3407466fe6b |
C:\Users\Admin\AppData\Local\Temp\CMIW.exe
| MD5 | f38724c32a2f551eb9e2e9ca7c3e2a8f |
| SHA1 | 87256407aef35ae84f9202d166ea82567dd426a4 |
| SHA256 | 2fa07ace43661ff66aaa2f7e418314ff066a1527a3d5b2150f73ba15c90c9ce3 |
| SHA512 | dc11e45b462bbd618869a9fd3211004ec96a83e8eaabe937e5d9f663fd9d0613b0033c40e10e76446d29f366a0f1ae9088a29805b416bc7a52ca38d4c57415e6 |
C:\Users\Admin\AppData\Local\Temp\ooEk.exe
| MD5 | 22f9ee84fc63e52bebd1dac4f8df748b |
| SHA1 | efa1cf826a9849905bfbfb159c926d1adbedfaf8 |
| SHA256 | b6457ad4fbb5018fff7fdc04f6885670bd759fce42930df526a4eb8b356dce66 |
| SHA512 | a7da705df9c8b8c0265cd0929ce927d4e75bae77698c324b573776a5142ad328aa31687fccb2dc66ee84afb565b810c3cb675bae1297db0ffb65e3d901babca2 |
C:\Users\Admin\AppData\Local\Temp\oIwc.exe
| MD5 | 041619356cc9cf9c5c820e2c096242f0 |
| SHA1 | 79b215dba6b9d1d1e561dc5b094ac6b30033f7a9 |
| SHA256 | 720511d1bf02ccbbda7be5f0cca18dd319c6f296962830aa39e8d847991385a1 |
| SHA512 | 4a35adf20b4511ea80cf65109e624511f5f2193ab13961ac28df35e57ba13cab9443c0526837315b40c02c2cd0a989ec6e7a91f451fdfa4f35d6bdc3842d79d9 |
C:\Users\Admin\AppData\Local\Temp\yEYG.exe
| MD5 | 9f7518030a50ee0b32d26971483d3adf |
| SHA1 | 7dffca1e5cabc67e879eb4695ac748872ef8e3eb |
| SHA256 | 1a4b46fe979384f61fab7a6006f5ba6b5be6ca9c537be7022e0d6e11ff305b9a |
| SHA512 | 4f352d6fa5666d16dff05d28dd7e6cbde1f963bf904bae1b65c555656811577fb7ad1df47ec047294eaca520a8ccb437315640f281625f8e4102efdde2e224ee |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\38975140460\squaretile.png.exe
| MD5 | c1f6941b8feedf9ca21ecf470ac08275 |
| SHA1 | 95f703ac4254f467075f495d72248031cab2cfd5 |
| SHA256 | e89cda03b9d2413381e061a30f4c929d5fd43409558f27b9cc240fc32f7ee020 |
| SHA512 | 8a0da43f03589810db4e6928084be7ac78b0890f928794509401ce4059b47973d8d8d407e1240de68d0f67923873ff49f486cb1d73f43c77ba063c8aaebcac24 |
C:\Users\Admin\AppData\Local\Temp\mwAY.exe
| MD5 | 0d7ab6964b998764f0c24162b1245929 |
| SHA1 | 8db39c99cf656f52316e56ae271665a7e3a79974 |
| SHA256 | 81bac2e6945a2e78f1aac0ccd1ec09d6b7f064e41633eab590c9337453d87344 |
| SHA512 | 8e8f50e480677f98b9a6f6cb940c563b6c55e8d1c9b253feac72504ef3c347fcf6dab3dda86239c1237888c69916f9acd04a10ed21c77143d97d4d829f17ec8a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\6501008900\squaretile.png.exe
| MD5 | f34d4de986fb8faaabc6b8b65bff6e59 |
| SHA1 | 85fee1195e56b4940a2220f1018ca97c57789bd9 |
| SHA256 | e1a7a3af5564a762d5569ebf0c33c1034761f6e502d5f73fa8fba2e55f372e97 |
| SHA512 | ed9ca2651821f280c402fb61c59f9a2c37812090325707b5e91c717c35701bff7b6533a4c16579c8a97778cac2dd3110e5b478e2f63a0ad1d452850fd0341012 |
C:\Users\Admin\AppData\Local\Temp\igou.exe
| MD5 | 2e97802d70dc67a5e2437f0811a5ce17 |
| SHA1 | 437c5e10f21844ddc8c883c0594fc5165e677039 |
| SHA256 | 6155aa33d49e649b3315eb91a22bb36182abaff118d5ee910c6598aecccfcf76 |
| SHA512 | e071b1f71c7ccd1bfc0022973f01cf3a2a1f96e96437b02840a603b59c9a6fdfa783bd71cfeeb50631b0615d89a557edf51265fd12493f7f2eb9a006ae2b6a17 |
C:\Users\Admin\AppData\Local\Temp\sggc.exe
| MD5 | d93d29b176e99797e5f8a3911fc974eb |
| SHA1 | 4f70a07d06008b33fdc12ce4ebcb69910ec53074 |
| SHA256 | 4e6af5787eaf9c4e030539464daca04aca5924aac873b802f3961dc2fa5f8bfe |
| SHA512 | a055dd9d1835386ac5666339933eefa2f24d9cc1a1d84f776d439570a14a1c46950206ce269e92fb52db4fb9ed681ef0f61671ada185975076268dbc9649b8c2 |
C:\Users\Admin\AppData\Local\Temp\Gwss.exe
| MD5 | 162817d48b0d847fd850586109733267 |
| SHA1 | c7d328bd3440ffcc56b132c950b044d42584239f |
| SHA256 | 11499d3574200ee7e2bb24de0701f31dd2dda9a2ada0f915d710aa9568227d33 |
| SHA512 | 87de8ac7116a84fea26c20de2c8a5e47660a33c47edd90e0428e8d108fd5eacded1dc4dd4af07d7c20e38bcc53070689269b9067fbd314e67a1d103d930de6de |
C:\Users\Admin\AppData\Roaming\UndoUnprotect.ppt.exe
| MD5 | 06b1c47029bda8a7946f328939ff3759 |
| SHA1 | abea4df5df6d4f12955d24404691392ba294893e |
| SHA256 | a62d5c4a1443b0c554533b4ed09a5f00a2c03231c416dfa6c13a5052d5f23fdf |
| SHA512 | 686118fb551528918cb084ac1bc8fd0662bd229d62d759af02cc2e321dcf3084fddd9c83882d5e58677141da30c595e830f4cb4901f84f9de8946fbb97aff143 |
C:\Users\Admin\AppData\Local\Temp\MIke.exe
| MD5 | 3d6ed8503e744329ca072ec389c2b234 |
| SHA1 | 219b8f5c272b86900e65f44cf13cd6e8c985ee96 |
| SHA256 | 549120f053ca779f00139a454f03bef6ede6f192999d4b1244c2ca48832877c5 |
| SHA512 | cc9e0cc90bca70f2cacc46bbbb349a853e525f6ae128712f938a0da6c3f4213b64446b3937ff048a5359220b3f8609509e35ad57d22f843c8326a34f7cb3bf58 |
C:\Users\Admin\AppData\Local\Temp\ocUU.exe
| MD5 | 76c7f71556bfafdc09a34df4b07c0bfe |
| SHA1 | 26d89aea6ad7f7d53cb8a48f62217cbc0b8057db |
| SHA256 | 5a589ee430351f6a7e221dff7ca1bf2727c8fa025417d4cb87f0b78ef498efe4 |
| SHA512 | 33462b141ef79ba0c76e8013141659840e297818148a660db6fa14d757c318bf9db561b9b6959fd0891af2727e031a56153722ba37b36dc729038f0bf3d62778 |
C:\Users\Admin\AppData\Local\Temp\iQwo.exe
| MD5 | dc9d196d781e3beb9db1555f853d3bb7 |
| SHA1 | 1e5a5831dbe6431680141863423f95b2edfd39c4 |
| SHA256 | 27f0c76dc81c21b8593a3cfc37908a1912e3a1b865e78ecf2447acb9264679c9 |
| SHA512 | 96e3b30d146cb5a3f2b9c98c2a413c1680125af40c4b919f9a01704f8b11117036a8593c6c5e041e8c732b557e2fa32e43587bb41581d20258285271b5e8b8f0 |
C:\Users\Admin\AppData\Local\Temp\IQEy.exe
| MD5 | 45237525889184ae0e4ec2d488c3e908 |
| SHA1 | 30c5944e74cee44eb61bd2f98c9386f4038900b5 |
| SHA256 | 6cedef38fdc431747c68bbc2b7453f0dd07e910256287ae0571c754101de14fd |
| SHA512 | c3973e12aa859bdd31669b4573a8389d538bb2995dc1277879c9f2662594d916e3d4389bad37d31b3a8a2d59aa6949c39fddef05a333c04838d7580b5f3ff0d9 |
C:\Users\Admin\AppData\Local\Temp\ukAI.exe
| MD5 | 741b0cd651c66967b4a2289129b64527 |
| SHA1 | 8f94e173fc6e3bf9012bf67e0cc62eba3059a801 |
| SHA256 | 62900d4112a8313c2d86b280b326c703662c1e38370b5d500c51907211c19278 |
| SHA512 | 2cfdea2f01405810ec2686f161f3b57c497872c28ac1ab2d9392fc2b240880ea8900396f80999e1e184f722365710375416bb851b1b698819338b24602998ef8 |
C:\Users\Admin\AppData\Local\Temp\Cgka.exe
| MD5 | 1165cd21f96e26c2fcb942022ea3f993 |
| SHA1 | 6be076ab5b887713b77e14215b5fcd619640b779 |
| SHA256 | 6bcc742a0b57d9a7d0bdcf70e23cd1d2001f3bb57a08f459ca9f9750f6ef4c8f |
| SHA512 | e5f8c1f41705c88a491697620fc74c8a928ac57440929ed3bf31c3a8ea53bea62c331a3cf840a1af61e16c64758426511e4a771d3ef97c2c747c54a59170788a |
C:\Users\Admin\AppData\Local\Temp\UEsu.exe
| MD5 | 52ee09a414af1f3cb4ab74b5e6a3946a |
| SHA1 | 8d04d148d83af456bb1934ef1ef7fd9aad54e1b1 |
| SHA256 | aabc7d81946fea0fb781cd3a7b317dd91dcdb60996030f19902896b92cd93ae4 |
| SHA512 | a4957477c2a170deaecb1784f1c2ae3449fecd3c24baccdd487ea5cacd74b976c46b47ffa7f5b341b7c17ada76457d4f3936f0305fe45a3ff9236f797218e7e9 |
C:\Users\Admin\AppData\Local\Temp\OwEI.exe
| MD5 | a2b513ad27167791eadb68779084dbbf |
| SHA1 | 7a0ae202e69bbeea3545e60f1f37eab81d1fff70 |
| SHA256 | e3b1fe51c10fe0907abce74530e566ddb3c8c12fb37f95b8ce04d675ddb3731b |
| SHA512 | 13d84d9c3ae9f6969e5406472090439d2c720ade9a5716431ae2ed283308b105ef1985e09df87e34566a4102a483dac21e32fd6698e73292bc66fb4fd89ea680 |
C:\Users\Admin\AppData\Local\Temp\swoC.exe
| MD5 | eec157313c15f0422fa2604fb09b3f7b |
| SHA1 | 53635e291a9a37ee8e67624b2bd8b2710bdb56c2 |
| SHA256 | 4ff9d73af26c710c86b1e47647d0d3dec74d468bcad453ffb53de1b1a408b20c |
| SHA512 | 2532a14dd8238f1e9fb832313be01ca7d2f9e7a226cb4cae0dea9430e5a6d6e2be6f386b3dcc4fd17bbec31a5c82857bc0e605307e58f7c7972b17cd0fa761a0 |
C:\Users\Admin\AppData\Local\Temp\kYME.exe
| MD5 | 534ea02d6fb5401c42cdc57e7b163980 |
| SHA1 | 099e45b4266e407100a476bb55914d7cb1affcc1 |
| SHA256 | a722a5dfce2eb16d0f57b05a9efbfd436b92d0034acc9ab9cd47be9bf7a60cf9 |
| SHA512 | 12414c12de883a9fd72d466f4bbdd5f65801462392aacdc2d57f7e880d62bb9072964da9767d2df9a3eb78f9c6d1dc0c960514da7c50a700c5da5a1020e9cfea |
C:\Users\Admin\AppData\Local\Temp\EEUo.ico
| MD5 | 7ebb1c3b3f5ee39434e36aeb4c07ee8b |
| SHA1 | 7b4e7562e3a12b37862e0d5ecf94581ec130658f |
| SHA256 | be3e79875f3e84bab8ed51f6028b198f5e8472c60dcedf757af2e1bdf2aa5742 |
| SHA512 | 2f69ae3d746a4ae770c5dd1722fba7c3f88a799cc005dd86990fd1b2238896ac2f5c06e02bd23304c31e54309183c2a7cb5cbab4b51890ab1cefee5d13556af6 |
C:\Users\Admin\AppData\Local\Temp\OMQc.exe
| MD5 | d399c33de1aa9c82f8d1f3960fdecaac |
| SHA1 | 795ac8ac1eebfea0fd9f6695ef980ad050605d39 |
| SHA256 | 58fd0c0ed8b42d19c09b0111f5998431620759f6920e78bf5e3d5948cc071091 |
| SHA512 | 740f7e45cc02e562788f0c33c00960ff76bcd56c7a38b6c782580de16d4d243879adda392289617ba92f67200148e1e71bdb6ff4f4c295323a4642cc4079ff54 |
C:\Users\Admin\AppData\Local\Temp\SUUm.exe
| MD5 | f6d1c3049bc1df4ea0db8568485c6712 |
| SHA1 | 7788ff94252e0a18bd0d24464b267b774a946880 |
| SHA256 | 6a3f02de00011dba397ced6474497be1de88afab64452c6413d1f77076200b6f |
| SHA512 | c0745e46acf24b2cceb0ab20c734044d5369e76e066b9ae7c14722eb2b2073c529b442ee622ccca0e430a16d70fe66ab2b206a368854fb567ed52df42c7b0947 |
C:\Users\Admin\AppData\Local\Temp\KEcu.exe
| MD5 | 1d52d4ac39ffb88b80857ab75fe5d984 |
| SHA1 | 81163a51f35760cf1f41cf14a817aaa50812b014 |
| SHA256 | c3db0050dc2be62f5e7405d925cc9f18ca5196b8eb7082a6add5a76ee42500df |
| SHA512 | 1ecc3009a3fbb32419b2405876aa71d18e12ceacfc7f2aa1261b6fe1f4b9de44faae2c8e109c122efe178596607bd2d07ad8b557a9773b682d32db711adc54f8 |
C:\Users\Admin\AppData\Local\Temp\WgAe.exe
| MD5 | 71cbca9690e9777fce3f526c3c385554 |
| SHA1 | d852d8b5d9558e1f74acfe721fc3a7db626ff416 |
| SHA256 | d6bc7b19cb04f4d62b0676c2ebb2ddc85a9f030ee5c63647d3b0283322dc0b80 |
| SHA512 | 98abf0324599a19d29a72d78d1c660fe0f96efb35677b497b2829a65949b3b23474216b33ae09b341e1a5cd2ab60d6d8fee01dbaea42be24d779e3e5d3a37165 |
C:\Users\Admin\AppData\Local\Temp\CAoI.exe
| MD5 | c15d40bbbf842f21e4c540005afe0b67 |
| SHA1 | 9f6ded890ccc30685bde805dad63d311d8dbd0a1 |
| SHA256 | 1272f43ee13ed4e52e1254489ac7761550bd74d69178d628d37b7857f658a4e9 |
| SHA512 | fc794e028e5f21d6f7fd5f76e9b2baeca81cf7807fedd291489946eacc025d5ea858dffdb37f807ecf54549ccc1495f128fc078b1fd7fcf5e754dd66b6f8651c |
C:\Users\Admin\AppData\Local\Temp\AIka.exe
| MD5 | 2c0ddeff6120f5ef29a973867345646f |
| SHA1 | f57143a085ee95958f89d71435c22d719aae0ca2 |
| SHA256 | a45ede2ded97932bd7e12510487e80e6c3e03a55f51aa5490eb8c9845ef0f430 |
| SHA512 | 4981274f921bf9b28db6a30a715f38c3123b8608f1c9d5b6eb35e46fca4010bd05ddacbdb2330754959e7eed1dd4ef709ee8f8604c763a0f9ab34dec673e7f95 |
C:\Users\Admin\AppData\Local\Temp\CIYo.exe
| MD5 | 23b1df94e0b484deb9fe01d9c2392d5c |
| SHA1 | a60a3ae4a5df4a21c2fc8d43e6ad53fee089ec68 |
| SHA256 | c82e9640a8a785ba8dbf9505ced22fa8a527ab2947f972f758d16ba1a16f7d51 |
| SHA512 | 505ca00056b66ab24e9a557b8613dc170ba9415f1beba7a0d4e9f2de02daf56e7b57b49915d91bb61c8a439d813d369a8191253451ca87070edb5a284eba18fe |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.exe
| MD5 | 30766dd672944f0120638e39d628b8ce |
| SHA1 | a68143ab2796106be09c490fee9ff7a904687fc3 |
| SHA256 | 4adae8370b9e7c8fb406504137a99c65d4936834fbd04ba68de9788e3b7059a4 |
| SHA512 | dfc76317f9056e0f710044987e20fc1cf4e692c6c56ff1d1763b061e5c733e97f174c6e692674611feac448855256d0d13ede1915388b91c00b6fed0a41cbb44 |
C:\Users\Admin\AppData\Local\Temp\MgsG.exe
| MD5 | 4834c6e2bc7494f0869400402288fa62 |
| SHA1 | 0e4c06cad75ceebf78e162392378c6b1c2b514b9 |
| SHA256 | 8b6a390045a89bdbdc4a522d2284898e5aabcd6f078a970e0f5ee5785146d8c6 |
| SHA512 | 8242abefd799c792448c4794f8c6695a8f34b9c845bbc94526df9ed7e343d9a95953b09e087cbb8a58c48de84ab88de99167ccbac960a41eb997f0e7f4a88ffd |
C:\Users\Admin\AppData\Local\Temp\ioMo.ico
| MD5 | ace522945d3d0ff3b6d96abef56e1427 |
| SHA1 | d71140c9657fd1b0d6e4ab8484b6cfe544616201 |
| SHA256 | daa05353be57bb7c4de23a63af8aac3f0c45fba8c1b40acac53e33240fbc25cd |
| SHA512 | 8e9c55fa909ff0222024218ff334fd6f3115eccc05c7224f8c63aa9e6f765ff4e90c43f26a7d8855a8a3c9b4183bd9919cb854b448c4055e9b98acef1186d83e |