Analysis Overview
SHA256
aac18a3c24ff00dea6849b8a5460a176eab64e1c59e292cf7cb5f1fa4215f79a
Threat Level: Known bad
The file 2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock was found to be: Known bad.
Malicious Activity Summary
Modifies visibility of file extensions in Explorer
Kinsing
UAC bypass
Renames multiple (80) files with added filename extension
Checks computer location settings
Executes dropped EXE
Reads user/profile data of web browsers
Loads dropped DLL
Deletes itself
Checks whether UAC is enabled
Adds Run key to start application
Drops file in System32 directory
Unsigned PE
Program crash
Enumerates physical storage devices
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
System policy modification
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-01-25 17:36
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-25 17:36
Reported
2024-01-25 17:38
Platform
win7-20231215-en
Max time kernel
150s
Max time network
123s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cmd.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Control Panel\International\Geo\Nation | C:\ProgramData\paMAgwsE\ieYAAsMQ.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\jCUkkQAw\rUUIkMQA.exe | N/A |
| N/A | N/A | C:\ProgramData\paMAgwsE\ieYAAsMQ.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ieYAAsMQ.exe = "C:\\ProgramData\\paMAgwsE\\ieYAAsMQ.exe" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Run\rUUIkMQA.exe = "C:\\Users\\Admin\\jCUkkQAw\\rUUIkMQA.exe" | C:\Users\Admin\jCUkkQAw\rUUIkMQA.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ieYAAsMQ.exe = "C:\\ProgramData\\paMAgwsE\\ieYAAsMQ.exe" | C:\ProgramData\paMAgwsE\ieYAAsMQ.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Run\YyQIYgcc.exe = "C:\\Users\\Admin\\gYAsgMQA\\YyQIYgcc.exe" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\MyAkcEsY.exe = "C:\\ProgramData\\oUssUokU\\MyAkcEsY.exe" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Run\rUUIkMQA.exe = "C:\\Users\\Admin\\jCUkkQAw\\rUUIkMQA.exe" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\ProgramData\oUssUokU\MyAkcEsY.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\gYAsgMQA\YyQIYgcc.exe |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\paMAgwsE\ieYAAsMQ.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe"
C:\Users\Admin\jCUkkQAw\rUUIkMQA.exe
"C:\Users\Admin\jCUkkQAw\rUUIkMQA.exe"
C:\ProgramData\paMAgwsE\ieYAAsMQ.exe
"C:\ProgramData\paMAgwsE\ieYAAsMQ.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tSksQgIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XkEQgIUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lOEsQAIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WicEEEcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zCkUYoQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FwEwAUAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oSwgcYMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DEUosYws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yowwsoUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\askQgQoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PgwsMUwk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LiIUAIYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\gYAsgMQA\YyQIYgcc.exe
"C:\Users\Admin\gYAsgMQA\YyQIYgcc.exe"
C:\ProgramData\oUssUokU\MyAkcEsY.exe
"C:\ProgramData\oUssUokU\MyAkcEsY.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 36
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 36
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1622013401-1604789312430926808-1057466542-1847100674-955527633581573436-664902483"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "440678800-4767653592445005321843080467-2099834461-13328397871807229282-482738179"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jMAsUEsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wosgQoow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NkAcUkww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-20322298221975120677-81208961114166372711888260101-1118161619-1226830892-161773561"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EYosYgIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-821004663366676814-2106208192-1401329610214717706216515407701257690045-1719862454"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wgcMgokQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qEsgcsEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "5228125411996989603197674451054902753-760896670-13975573271710164512331450697"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YiEMoIUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ikIwEIks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iMUcMEkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1885089342-814866151183420636129144022921186317331187064433639143160-1136947847"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1267181251313298261-26840491014674369531589998661-1333193896-959795480-182528515"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zAsIUsAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-19968528485801820941941416239-2018777482-213178048922140348-164913470-1359162306"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1972197125-517454848-14666178298462339211756823966231047688964790831-381354091"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\POUIIIAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BAkAckUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "250364338170774778812722742061506565825033080681844854794-955370420871143781"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.180.14:80 | google.com | tcp |
| GB | 142.250.180.14:80 | google.com | tcp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
memory/2476-0-0x0000000000400000-0x0000000000436000-memory.dmp
\Users\Admin\jCUkkQAw\rUUIkMQA.exe
| MD5 | a0c33cc811df28072eeba24c5ca6cf68 |
| SHA1 | e84946f90107b1fb4dc4b22e0de979aa13a316b1 |
| SHA256 | 0f72cf04e9fc45c5e29417a5290571c173805868fd60d3dda1d77172cdbdc73b |
| SHA512 | 472339d4b70361f76c54ea79df2bb2eefb0e89ed3f01a20b0b22e3564000311eb0f992b89ec1f3d72ff271463aacd66493045ca53a12c951e508919a8230cc94 |
memory/2476-5-0x0000000000460000-0x0000000000492000-memory.dmp
memory/848-13-0x0000000000400000-0x0000000000432000-memory.dmp
\ProgramData\paMAgwsE\ieYAAsMQ.exe
| MD5 | 4f01eb12ab0d784a13340557d79581db |
| SHA1 | d08038af85b6a9948bbe3187ad880ff6fcc04377 |
| SHA256 | 6f55944803b25078cce4bb97bf1b97c4866ea86ccdd93e2b954a3afb9bf79895 |
| SHA512 | 9380202bbeaf5ec78d75e85d4ff331391f70034e455db16ec50cb70d21179275f35aac3b4a1c4dc516442d3bcdf9b7fef6f33930701f49352f5fe0877e619779 |
C:\Users\Admin\AppData\Local\Temp\xAwAMMkI.bat
| MD5 | 094f51f7e9b1991511593b1184283135 |
| SHA1 | ce617beadfdfaa679caeba41ee2ccc9fb49397c8 |
| SHA256 | 994e7f821fde7cff2275af2ecdd1073b6da868e0a540d2f37d478a56a3d1b42c |
| SHA512 | f44014018798c9310980b36beb85d2066b832a89db751e087ecf988c6a4059db9c4e2c44ad285c41685de91f045c1fbff80f61f85c8c6535f5eb72ff8628e9ad |
memory/2720-30-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2476-31-0x0000000000460000-0x000000000048E000-memory.dmp
memory/2476-20-0x0000000000460000-0x000000000048E000-memory.dmp
memory/3032-35-0x0000000000510000-0x0000000000546000-memory.dmp
memory/2964-36-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3032-34-0x0000000000510000-0x0000000000546000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tSksQgIA.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
memory/2476-45-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
| MD5 | 2cfa6796fc3ef55c4c52c89ffee69a01 |
| SHA1 | 27f7ec659a880adc68377806cfed8a19a83d7a19 |
| SHA256 | 01d3f4fcf587946f892683a96fe4417b877cf8e6ff40ec63c769d5133364d5cd |
| SHA512 | 68b90ed4f4bcccb864a60e89489b6a11812c229e3b04b4ee526f4f0a0ed434883b1ed0d241e7098143b172795761fc6e0af1ae07155abb7c9ca24c3d979cd610 |
C:\Users\Admin\AppData\Local\Temp\RIIQQsAA.bat
| MD5 | 05fe7678559c5129fa3683017cdc0266 |
| SHA1 | 7116fe7a41f17c75b6f7a3cb9df8dd9b59c2f25b |
| SHA256 | 58774e2bb2a84ae32ebb43856b4c9aa66f3e8e1a7a1c28fd68c87f046246dbf0 |
| SHA512 | 253318aba5f278a07ab9d776062f64eb10a8f6ebf538f86c2f72d30d9918f3b47774c08a646134679e94e5cdacc7bb10ae36ffef99337b29b7f24ba6ae2422bb |
memory/2340-58-0x0000000001F10000-0x0000000001F46000-memory.dmp
memory/2996-61-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2964-69-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2340-59-0x0000000001F10000-0x0000000001F46000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\pSgcgYYI.bat
| MD5 | 59a991fde1f13a51e6e446a11e1e653e |
| SHA1 | cf769b36612a136048094248f33d28d3b8022a49 |
| SHA256 | a22ed0f46f21ab48af7d3aeb6f51140955c93bd9d7be15fb677237130623d1c9 |
| SHA512 | 7d8a41631e1f5a0b0be224e8fb530782748ea40cd1cd2ed4a4bc91f958d110913998370a960c8ec4f63cae74ec8b0f3ca993d5472ad3e54ce6b209b810a8f768 |
memory/2996-90-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1612-91-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ZussgoAY.bat
| MD5 | bc5ffc4737aa8f3782d46c4dc01a6357 |
| SHA1 | b513fff2fa463c342face82c8a7217232209577e |
| SHA256 | d5a0c09959a5f7bd9da98a58cbf6e4c1440250db4f63e81291cc131a4a6ca4ff |
| SHA512 | 27089403e63b93a8855ff7aac8e6377f205e12213d355bc81f10c816deed4221adb5d280a5a930c6c9cace8730f4bd7c426128f8307a327a95d4493763ce6d83 |
memory/2336-104-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2336-105-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2072-107-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1612-116-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\jcgkwkII.bat
| MD5 | 2fc27a711428464760c1d423bf692245 |
| SHA1 | b77759590d3fdcd6fc1c926b8eaee3a54f80879a |
| SHA256 | 233e337973e89c63a00905d70347f7a4d14812536100d3b91c001fccb7fee486 |
| SHA512 | 34e5d153516a2c255a6fb41b41125a236b6179f074ef326b21506d466cdf54b44b337b532a89c0295f5dba87161e3a137a2ff7f6588e24aca7ea532bb6913668 |
memory/2072-138-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1360-139-0x0000000000270000-0x00000000002A6000-memory.dmp
memory/1360-140-0x0000000000270000-0x00000000002A6000-memory.dmp
memory/1716-141-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\vmMAYkEo.bat
| MD5 | febe1ee2fb7e1f266d3a916497c7759b |
| SHA1 | ef8a2313847b7a5d88b68cd5b94835d0bd52c209 |
| SHA256 | 1548019c4b5c9b42d82f2ef5f052a070189f5b32cc69f4347b1101a6c6c508d9 |
| SHA512 | 6d4cfb79cc38f19c3c777905ba66c0fc67891c3d219f8ec871f835353ea1587ec89d738a39b4ddc50bf721d71fd367c0051d4dfcecfbcb64f2e83049a7e2b305 |
memory/1716-162-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2212-164-0x0000000000120000-0x0000000000156000-memory.dmp
memory/2212-163-0x0000000000120000-0x0000000000156000-memory.dmp
memory/1568-167-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\wYQAAoEQ.bat
| MD5 | 3ad035521da58b05304cda4b0b384128 |
| SHA1 | 074813aa355c1957f78695741c593402e0cf013e |
| SHA256 | 43d22e05baf86b808a1af3716c48f3e10c28ee02654265a85279f2a6e9754379 |
| SHA512 | 57ee5a8bb1a2949e14ed5b007ffd64b3360c37e21c7108feb3bcb36c4bece8e9b7973dd533c8ff23f73b5bc578677b6f2a24e788fecf0164885a402c5ce7eb71 |
memory/2988-180-0x0000000000300000-0x0000000000336000-memory.dmp
memory/2660-188-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1568-190-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\JioIEMUI.bat
| MD5 | cfee61008c93d00571d709f05aeeea65 |
| SHA1 | 489502ea70c87783e9cb7e9a9822830662239f6b |
| SHA256 | 733624bb1b55b7b16a6feaa6623961ed3d6b33ae5a37c5592426bd492be8cd37 |
| SHA512 | a371b38abb850f010587758536565de51a1319b8ad09da25fe637d85f247cc723d9d882548fb33304e1ed1f8fc1e4f1317c6bd21dc0ba6e5cecdd8307aa8351c |
memory/1924-203-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2876-205-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2660-213-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ZCgwIIQM.bat
| MD5 | 60bf700817607f1c8c06419b1fac1823 |
| SHA1 | 8461afd39e2533c16b8d01fe166e8aef09cfa013 |
| SHA256 | b35d3ff73fe7cf7892e873731c4af4b1448b19588fca8a6972468f1c1860e939 |
| SHA512 | 1ae30c939c2c82e3448876a174856d7ce251aa32c5f9d0a2b2d8717a9c4202c113025b98f76ded51ad3888bea32719413358af0a3cb0dc43ad6ffc2bd578fbeb |
memory/2152-226-0x0000000000360000-0x0000000000396000-memory.dmp
memory/320-229-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2876-237-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2152-227-0x0000000000360000-0x0000000000396000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\eYUkwgAM.bat
| MD5 | cb7a4e78a8d37929388c318a54e4f4e0 |
| SHA1 | 241245fd23fe468f5466833ee253a2678497cd09 |
| SHA256 | eca7efb437f1d4dd919bd5e1334bb438383d71e3b95cc11ec857bbf10523c73d |
| SHA512 | 523fcb22c6a6755ce539a86d7799a56cd076fc3690e309057201e76e4b69f099e25ee4611082ca32cb33cef6df8c5efccaf9ae86a80df8f3684b46ff74bcb0d4 |
memory/860-250-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1824-252-0x0000000000400000-0x0000000000436000-memory.dmp
memory/320-260-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\bEMkQcQU.bat
| MD5 | 249969e6997aa85f178dcaf9b63a3737 |
| SHA1 | 106cced98025dac6009b705603bc0795ac58d1eb |
| SHA256 | 56c4e29a957246c7d23211404f66527c7707a10165f91660529ee69c53f3a109 |
| SHA512 | 8b7d40b97b0eca1c74c3bc90c5573ed5832e480b34cecfe69e05c3ed7775b2928cad330465f2193223e0f4b7ebeecd823f18f683df8789e2e0fd82e6f8ebb486 |
memory/1824-283-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1956-284-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1956-285-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2292-287-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EkYAwYYI.bat
| MD5 | 8370c0055619157ae71ad11a4e53028e |
| SHA1 | 1fd5add63133680dd641da7e6929dd34db64cee7 |
| SHA256 | fd49d1240fc9da80418bcdef0044349c8e3313f010c2761d5fa0761ab3f751ba |
| SHA512 | fd5a4ab38d886a6e719803766734eefb594bb2c892781f4ff33fc8901fb852730be04f4120e4c5d3d151de4cfc17734a705b7e4076a76c5427f0352643f7b632 |
memory/1960-306-0x0000000000120000-0x0000000000156000-memory.dmp
memory/1960-309-0x0000000000120000-0x0000000000156000-memory.dmp
memory/2000-312-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2292-308-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2000-314-0x0000000003DA0000-0x0000000003DD1000-memory.dmp
memory/2000-315-0x0000000003DA0000-0x0000000003DD1000-memory.dmp
memory/2788-316-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2000-317-0x0000000003DA0000-0x0000000003DD1000-memory.dmp
memory/2308-318-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2704-321-0x00000000001E0000-0x0000000000216000-memory.dmp
memory/2052-323-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2000-329-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\xKYkAgQs.bat
| MD5 | f02a95f49b90132183ee71af86ab7988 |
| SHA1 | bf5a890f7f392b083eb4a402c46939ddb6366922 |
| SHA256 | f82f2042711c67b823b65e9c71129d333a444a8dd36b928260a4fe3e18979879 |
| SHA512 | 40bc404dd69939bd3f7382b2830c43466bd0213ac1ab4376e64c702e00f569bd0beabab6de4519b934dcc5a6176d0935c7fa38df2dc0c9677d57743b2711deec |
memory/2860-350-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2664-341-0x0000000000300000-0x0000000000336000-memory.dmp
memory/2052-349-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\NEoscoQQ.bat
| MD5 | 879eed56adde8858a9b24680aaae093d |
| SHA1 | c10009e219210017d606491c8fed6e7222ae0f67 |
| SHA256 | cbd074fbd8b2217ef944acb82592f7a031c9fde223da73eab49623e769707a06 |
| SHA512 | fce43ecdd51a5d813d3471a7f79a4d381a1aa219ad474a5dae5d8be2e2f11d3bc224ef545299674d60ff2a1923e563640dca88acd8a8ff83d7f87eb7ea140468 |
memory/1740-364-0x00000000001A0000-0x00000000001D6000-memory.dmp
memory/2860-373-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2968-365-0x0000000000400000-0x0000000000436000-memory.dmp
C:\ProgramData\paMAgwsE\ieYAAsMQ.inf
| MD5 | 778fd9554be2084a91d39f6adda1cd10 |
| SHA1 | ad08b310afa93b855cd60c9449a6b74ca5ede7fa |
| SHA256 | b44444059b40a7dcc10f758a56dae88cf98a82d2e7643f279c7a2ced872b46d1 |
| SHA512 | d219e20f7398bc03ad22723df809550968b41f2b211fc9947c6daec3ede31ca2f05c0c431d956bcd9501e2dd49e61799f598cdde8a16433a63695947d7c4a58d |
C:\Users\Admin\AppData\Local\Temp\MkssYIkk.bat
| MD5 | e69d8a53b656c4c50e3b2a159efd1ea9 |
| SHA1 | f35b1a4878efebc79165e1037f281f753cfb2666 |
| SHA256 | 72c4bdbdd6ad53f00a230fb983ec6075fafa4759e272410723d7938b02dc818f |
| SHA512 | 3604d71abfd2a211c7d2168bd2e8e60aef89e9e77bcac53ceb32484bceeccfea7e7627c2c42588b7bf9a1baf3e620baddd8c35c94118b83d57636c3896d3783c |
C:\Users\Admin\jCUkkQAw\rUUIkMQA.inf
| MD5 | e9ddd264b41f3e5209d4743002c26547 |
| SHA1 | b630c7bb000646b1ee8ab225cf7503d105c4ba1a |
| SHA256 | 97ac7b33f41aae54f7f9c9313318f8caf0f7e1c3f72e93b22929c44a0a534fdc |
| SHA512 | 60592043800cf93d5ac78ea30372a483dfa691a25783451f97b95c9a3680ec80887504cc4917c3866ee1897e78042c3db348e1a970d455804b70dff5423cf21d |
memory/984-390-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\DIgEEkkw.bat
| MD5 | a6d8f0b8542cca532f602be7a5b65a78 |
| SHA1 | 2e40e7b6959806ec8041abdd78333fa91839641d |
| SHA256 | e38fa98776cd9cbf0c1e5893cd974d83cbd33d18cc53de13f44d2dd00a7f6b91 |
| SHA512 | a6b5d6e4e35567a6c1df33588a7b52a4d2d2c11d76fc53dd887c50972b278bd452c4659ab5ab909e23c2665a7e6ae9447def7454c90e6447cdfeffd4f9c916ce |
C:\Users\Admin\AppData\Local\Temp\JucogQwg.bat
| MD5 | f853493937f2298326d29916345b45c1 |
| SHA1 | 9576f14945e347e75115750e1ae634a8a9d9e25c |
| SHA256 | 1e178a8770f5d95c3bbc63a19c6e9840b81ea8ad6376bd2a6933fca1f33def13 |
| SHA512 | f90bc59348aaf18c3b36994fae6a8d95fe822d4df768fdb14d472df724187f532e34b93433d97e2a4f5fa8b62fee740a4c54c853c4e16862daff5532c832cb10 |
C:\Users\Admin\AppData\Local\Temp\quEwwMwI.bat
| MD5 | 8439e09b3e0f142dd0da532dc90354d1 |
| SHA1 | 4c453ebd711257ba94f2780bf58065c452d6bbb3 |
| SHA256 | 1ebc1ebb08521a6aa345694d577fd901b9771d1b75419e39aa1f66fb7d8970f0 |
| SHA512 | 8d3dc2ac1f248ad892cddaf310217fee916500fd4cf32b6d34758b056d19c3109e4cf4e168acb8b1dacc8122ebcc0e1abd8b0c247defb1ba54a4050176cb43b7 |
C:\Users\Admin\jCUkkQAw\rUUIkMQA.inf
| MD5 | 77510a5d33886e705291ad6476b66777 |
| SHA1 | 2bae7b4287066033bb949b402d72055b8971ceca |
| SHA256 | b3ac516b34a9cb3e5159cba9b87e8d8d7495a9ec1ae41dc83eaf6963c6231930 |
| SHA512 | dd04f37d1fb96c75fc995f1956111e33d9434d576e2e383a02b16bc55f9084ea48b0f7d19b990c5d0ee64bcce7cab07e48b24a5f89c766a550e5b884ff550da8 |
C:\Users\Admin\AppData\Local\Temp\XKEAMAkQ.bat
| MD5 | f4c05e485a78e5634dae3a1732ccc3b4 |
| SHA1 | 5f1740ae0012200cfc26e696d0cb9cb16b2fc863 |
| SHA256 | 90e77e2469713f27c978d5d6134aaf6b45adb5d430105c4e0e7a8073e03ff4e2 |
| SHA512 | 92fe3540992719c9d7274e4c3ea08cd83d6cce4cf839754c8789ae2d9c1820bdc94d8c80e921d1bb3248df380e634555da13e7a7fc582ed933fb2e4c3d822f31 |
C:\Users\Admin\AppData\Local\Temp\RgcAowQk.bat
| MD5 | cd5b0d8256e5129f5275bedcdd348189 |
| SHA1 | c533b5f8acf93e74ff35826d56efe13b13f58acb |
| SHA256 | 0ae082417a5c421610f1db9e2df4b7886793d8ec4dc226892d36ae1109dd253a |
| SHA512 | ef655dc5d7399191a8cf5ee3e4d02992e2484a077c679a2554120874d16da23cb79f384bdd8f6f0a8ce54a94f0f686f9c916bda45344152841cd52e127646634 |
C:\Users\Admin\AppData\Local\Temp\uKUsYQkk.bat
| MD5 | e3e7693b19a7e3d891115bfe4401d8cb |
| SHA1 | cb7b20a73def9e961f23cd96aca75def284f222c |
| SHA256 | 2859ce862520c0824b5ab7f802cab4edff22398b2095a74af13093fe4b8343fc |
| SHA512 | e6c04ee4666b60faa8ec2c5efabcde14595f1c759534b02757f3f4bad28fd444013a7d370f820e66a00b9f802866569487ccc9a0462f3c34a55fff048d57d10a |
C:\Users\Admin\AppData\Local\Temp\JeEsUEgc.bat
| MD5 | 540057535c98e9465e0ea3e84ba94dbc |
| SHA1 | 07c4d0de8b2bda42684f058687b58dd3b9664d38 |
| SHA256 | 18aa8a6ebf21d56656b98dd0a5666c549d4cd239e769de7680e0137180e3136f |
| SHA512 | 11193508bfcbd83cacd4bd82ee3873735872782d93202ea2180e2e16ac3c3a848d7847bca81cef0c3c10f646516c86382f23cc69faf937eb2d6f6140e32c1b06 |
C:\Users\Admin\AppData\Local\Temp\uuIcokgg.bat
| MD5 | 5d54508407c8725fdbd29514c4614af2 |
| SHA1 | 519c7c6435c017859a00880adc6d826a7964c6ea |
| SHA256 | 06418c5270369b78dad96a3c54d6d51b2b8c5f37f7f9e4998b536b6549059ed9 |
| SHA512 | acfcdb56785a5d41840709b0ee755ea8eb9fd995e65f36640e9e6e147e34aa8a831a51cf95faf7e4a43a5c333c518e5c479cf7d42ebe0e6784487da1d12047c2 |
C:\Users\Admin\AppData\Local\Temp\pEAg.exe
| MD5 | 43927c9fdae07f13cde58f77654227f6 |
| SHA1 | d31b08be8dfa4a0ab54d7c969c2e5cee26604a0e |
| SHA256 | d3a4a6e50c89b3fa4e8314edc96c94cf099e91e73f1ecd124eeacceb3bd3bd13 |
| SHA512 | 8a9d838201985600d5d06be126aae6f0c4b7434ae5f8028ae8bcb3bff8034cf6cd1aa8a2b32b080d022950b54ddddfb53185bc13eb89bce4801d3af040ce55fe |
C:\Users\Admin\AppData\Local\Temp\sgAc.exe
| MD5 | 457483af72ef8324678c2b023c844744 |
| SHA1 | 8f621a446bee58e0ff8614f5b08fc9c60ba5ed2c |
| SHA256 | 2e6b7a0c53b2f04a164908f64235730cf77d63e6a97267ae5368206c5ff9f8a2 |
| SHA512 | 5a2d358c193cc1b4a09af024238db50ca636232dab691c5e79173cdb3e7a6877dbc437fb257d705121105a848224b4c4e659313485615b249072334637a50b91 |
C:\Users\Admin\AppData\Local\Temp\IIIG.ico
| MD5 | 47a169535b738bd50344df196735e258 |
| SHA1 | 23b4c8041b83f0374554191d543fdce6890f4723 |
| SHA256 | ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf |
| SHA512 | ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.exe
| MD5 | bf1d8df12bd8ad9c788034f196d9719b |
| SHA1 | d81ef7966c118a5bb848c5dfa9891c5acb31749d |
| SHA256 | d8fc194bb8e4a4d61bf0571604205437f59d3e2af2ae9394baddd115ec2f6b5c |
| SHA512 | 80adab46aad4aa6a38c09bb40e0ba2cc43fd32e7a27576c6dba6e1bdbdd560f8b1d58a965b55dda9f625613934c3c38ec9e2d0a0df0ddea05cd55fae7e0d005b |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.exe
| MD5 | 1ba63cb8533dc69683063f353c2db9bd |
| SHA1 | e8fae6bd5ca5e1d3345f21f13f51ca86a3fe667e |
| SHA256 | 7fe39dee3b7f270afb39d316cdadf0a857ce62a15e4663330b1292f65d06d9b3 |
| SHA512 | 80b2154ed268dde917f200dd1f56be6ce10deec1ee19923db693489a7d4522d0264ccebba9c68a56a358eb907670156f6e6b2b1b2123c695972568543cf81198 |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.exe
| MD5 | 83ca9f6f1eac8b4f8e4584977bce980a |
| SHA1 | 5a33d8c6d347c02cde88cfd5ded1d93a4b291582 |
| SHA256 | d1dd1aabe5071226116491dab13419706d1d4557d9c813ffec8b54c961eb5243 |
| SHA512 | 95b638b3a689ff639f31c0d1510c0dbd35dd54a808cc13b353f6cad551006e077f7736548a06407fbd596ff959d003aec0807eac6aebed930b2d1e2b410d19e7 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp.exe
| MD5 | 114127bade5d1ebd2a9e4ddb25431a79 |
| SHA1 | de30fb0b347e5f8490791ba417a2e250d9fae1c0 |
| SHA256 | 7344f436d0f2ae28f1eec0479123eb341d9eac21d1cc6fff84eacf4de032fcf3 |
| SHA512 | 867009c14a5a13ca4223d55a6418dc14b0e084fe380bb18fe7264639193a9ea5dedb890e00b020ea36b2af262eb51eed093f81f78340258149efc83c4dab68c6 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp.exe
| MD5 | a4cd59d4a66f54be604812e1a7a9491d |
| SHA1 | 7d09e6a6f67899f1d86f7a98b4d99eab0fb2308e |
| SHA256 | b8dd22b42aebb439224608b698ccea129205225d6c7018b0b903d005daa774bb |
| SHA512 | 7e7b640e14a4a348adbc821c61e5a537f09d804d1a19035f741e056d0ee956af1b9d57276e263139fcb5d98178f26f02218dc07e186f1bd960ebb55defa223f0 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp.exe
| MD5 | a9660386f417b0773ab63a8ebecf6c02 |
| SHA1 | 01fea8cee0f30e94b784c5a822953b3975f0a49d |
| SHA256 | 2a856e83c5f27ad7d8c0b0ab962f09ba3f6d37cbd383b835072e8fea18fd54d9 |
| SHA512 | 6067b9625d3db8383c4077a3a5858d5d07d475793536e93306ad9c1291c5a42d697f7ce19b951bd3aea94ee2644556e25c7d485b407061d74beab27d72532de3 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp.exe
| MD5 | ff61b178a174349215e575955134e853 |
| SHA1 | 91c278ce2f24315b79337e3e10afbf0fae8492da |
| SHA256 | 886872b401bd2085d6d5db0f1d00a30647da073c511c6be1ba92a31515851f7a |
| SHA512 | c331ed706cbd46aa4e4b03e4aa4fd0a7467b65f3e2870beda489ba7af9735657d5cbca7d8c2377f7a63de4e2d4eb2d1f3e1e11bcbc269228a8daafa50fb2899f |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp.exe
| MD5 | 4c4dc478665e44f86b5a8468d14d2cc2 |
| SHA1 | 1fc0ef7e39d33aab2d171ddf6eabb156dd94ab7e |
| SHA256 | 10a023fe21fd2bd43fa855448c29f3b21d11137340170e6882ea9eb1e87d7b7e |
| SHA512 | dfb2a1f20ecb255d8612753766e9edf6fc0592d6256059bf7ac46cae39c1eb5d35c668019caa26d38df1780c985bef431b8bca2ddb5fcb9b2bc9ec12300ecfb9 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp.exe
| MD5 | b7ff30104e4dfa1578762c566a6d2fcf |
| SHA1 | cdd3d88201b42d4ed51be7fff8b4d82252b6c95d |
| SHA256 | a3fe40651eb65ac57b656888928bc499730111b1d26488215b67d513c49e6457 |
| SHA512 | 244687053f410e3534ea0aa1473c128f7c0a3e8e7ffc92dc98cc815be7e93bc9d94132b0ef426d4fc16ed5ec0092096d5e7d7fea6114d25487faa29d6bc7f30a |
C:\Users\Admin\AppData\Local\Temp\uIwe.exe
| MD5 | 2c0f74c245eaa19a301bd33349ea01a9 |
| SHA1 | c377edea718ced7ef9fab112697bcfdce404d966 |
| SHA256 | c2a933fa3d031adb73fb38fc2d62acd5c5eefef40f06849942c119a3bff35fc3 |
| SHA512 | 89a013e31cf2cf5b5002a2077f943eead2fb2f8fa8c6a5a9bf860614365cab8c37ea54bb7e44bbd21b7ecc7c3f732d921ce020e3a16a8315fd17364ca43dbb52 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp.exe
| MD5 | 2503fe56200b4037be96b21166fa953b |
| SHA1 | ea89363e629d5df7e9bcce960b079a20fa4011f4 |
| SHA256 | 5992fb2c26848f3bf9afb1bc44f79e6091be59d8106e33e718269358173a939e |
| SHA512 | 519db177dceb421e89564947e88f70583931b3b2785497351de5b56a9db8b5f8fc3113fee38c9a90d75a5181d2b3db2c95a90b790a8929fbd471f29338ce2299 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp.exe
| MD5 | 7901d5d7784eb607016bb6194c6b5e0c |
| SHA1 | 0379fc92d19e62d39dfc986855d7d5baab092635 |
| SHA256 | 3933d8a9e00257801a1b06f289ada7fb64400967a6987183b6ebc1be3a17d9f1 |
| SHA512 | 191525a0fe4a082e9b24c0059d2f85bccd5bd5af0927bd14c503913c7c49cffc1dbeeec7d4c0c25b89001a3ce6a7fa1eb61e5741ead7fd515296544dc2490de4 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp.exe
| MD5 | 477454a3e6cb0b8a356ff355bed972c4 |
| SHA1 | 2538505eabf2680d0785a0d9096944deac6d92c8 |
| SHA256 | 7640c01a6b69007ae2c3a006c3f1d9b9e66a5c5ccd113f680271907b7691849a |
| SHA512 | 17671630546848c10e817cbca736e6f9d06ba7b286395055abd7e16a6e7f5576e006d38100437a4055b892cc148b71c19790c716cb462da1eda631cd5d8e9cea |
C:\Users\Admin\AppData\Local\Temp\sgsI.exe
| MD5 | bac02743b86f2ccbc970708f4abb900b |
| SHA1 | b9604ef9c58605842d13b2c4d815eb3c6cdd3e78 |
| SHA256 | 6736dc7b80fd568a481f448abda9c02306c32ed953b31168bed96c9db977d3f2 |
| SHA512 | b3f07856899cfbe92fdc462f2382df02c4a86ffd7116fcae683bf8839a14f194b6f0ef16d994a80e73f876e1080e05ce3928aeeacfea33fb69dab24f8da7dc7b |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp.exe
| MD5 | 0bc5708957d0cf103bc2bf0a26e10289 |
| SHA1 | 7e6308bb923c8cb0c7dd2ff1b56cd52455cb606b |
| SHA256 | a444baedd4e1ce69fed96fc43f0b4b9e5efe7245112f3ea8e6759d232804e89e |
| SHA512 | 0cade0e7a616953a0b5058d385e8e787e596e290554be7a2e15e7d4ac5bdef13cc431d445bf6972651d2856130bb81e3a43ec357a6fb33b00d5d3f38f821f8da |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp.exe
| MD5 | 28ab671c0e7373e513c2aff90323441d |
| SHA1 | fc9be65cf0e69859883e64e6eaaf4f691d801828 |
| SHA256 | f5656d41adb0284b98fd40572a08a189e1e5db8bcf4b81eafa22876b0e8f423f |
| SHA512 | bed70ba41aa462839238db1d626064846f55a06765a868a9fc59b718785172ea039db8e57f4f022bf3055363d67ae15dc553e9b8bf2da31299d1590e074de833 |
C:\Users\Admin\AppData\Local\Temp\DIgO.exe
| MD5 | eaa9ac1ef34253bb54914ea1da75f331 |
| SHA1 | c3003b0966711697acf20740df61f4468b1080f4 |
| SHA256 | 3c175990f0f001548ad61105cd9fa2f96d271b8c040d3c24db885d14378e16f5 |
| SHA512 | 233c55e40b91fd36b47d222c698142ab45d3573e648472e3a51d5963463e9091344b2294afb244d27fd1b44650a5a28cca1722f58c0bb0b59addd2d85c00122e |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp.exe
| MD5 | 243905b5bcab41572df9f46990616f97 |
| SHA1 | 97450f9b003f74d7e2ae6bf9988298a69fe92692 |
| SHA256 | 4394462a1759d9a945d99717944e80dff9c6c4b4acac844005aba9172568c9f2 |
| SHA512 | 316591491a206bc5a9891f663b874e0aba61fd81286fcd9340a109724c4f9d18a0326f548585512885fb9d4730b76206df200bada173b389531a051a103ec307 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp.exe
| MD5 | 9c76ca8860b9ccd78091dc304b3c19ef |
| SHA1 | 2af26b242eb473c6ab8180a2363e53f389972b14 |
| SHA256 | 6b557dcd51f75a43d1e9311211011750a731678b3fae668b0af8eedc941693a4 |
| SHA512 | 5fc9ed2e181e6219e85726a76bba9a19ef19334ac86cd7e81c4a052097a21c8a3dc747ce042c54d2fe2c2028956c3ae957c7402f1103cadc05ebfca438932891 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile31.bmp.exe
| MD5 | e7c29dfe14f7867990972c5c39a047dd |
| SHA1 | 20f3af81fbcab09be6949a348ec341eba4b53f29 |
| SHA256 | 8b0ae87bffac13242e579c9690ae62e3907b46f508df393206e21a5156ab6838 |
| SHA512 | 4e1cb2a22d758f17cc5ce82afcb28047d7e29983511fc39087e4c198f5cd8162c6346c54f95aa9900f6eab68cd97ca068defe51149c543f327fd743ba81c8f10 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp.exe
| MD5 | b779f369cd989da0391d48da00c40f29 |
| SHA1 | 8e6ce392564391968d1cb886755f523403f6a0ae |
| SHA256 | 1370010696dc49ace6d97fa98261c17c9120b69c3971fb596182309ff1a051d1 |
| SHA512 | 7ae070b7b48b08912200ba6dc6bf101a82bfc37352f6ace88faa09838ce4ec0c30c267ed10649d7987fc6acae03cec69aaab4bf11e7fc9d8928c7eff4023511c |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp.exe
| MD5 | d14c1addcc8fda2b0228f6144b796151 |
| SHA1 | 44d5b8188bb979f475d7b17f79c673239295da49 |
| SHA256 | 2a018be4ffb034f5bf28ce3fd9a8d7da787f53ea941fba6aecc39e7b956cddb5 |
| SHA512 | 66d49329550bec35c6a9f5f8d266410178c24edc29e2e8aa07f3dd4ed115d3879b22ee5701d3a8f299a72f9f311fe71b1b9b9d0c0787b023708a9a248c6dc5e2 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile35.bmp.exe
| MD5 | e60acff3ec82279a5a7d483dcef634fd |
| SHA1 | 8f19c57673a69a7070e542107ecb133690e7d87a |
| SHA256 | a70c87c7dc63ba68b287154429c161655fe35e72cfd37028ed3341276031306c |
| SHA512 | d33b7f4710fd36649c0a4472780526e8389b4313dbc0e71d23e5d13fd74aac60a43ac5041c92a558222069355375188b02a823c14b62aefec92517e77d205f7f |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile37.bmp.exe
| MD5 | 315a8e77f9ebaed3c610e5ca950d1838 |
| SHA1 | 421800d731cdb4e68eb8265b10f3b5134a22968d |
| SHA256 | 1a6d87942c4ffc019d6178ed234195c712fff9ff680b80574477ee6f5da7c72c |
| SHA512 | 34fe31fbd6184510cf7c60bf58b2c95d913d2fee0320bf660ede3058a3f2f142039dbe775ff4ae954c6cfcc413f4b67f78e95f7358d7dafcb2b51071b8cdb315 |
C:\Users\Admin\AppData\Local\Temp\IkEo.exe
| MD5 | 21302ac463975c8fa5301e8708fc948e |
| SHA1 | 5bf856cd96da28c620e4c6143902274f2c273e97 |
| SHA256 | 15d9b4762d55d7ed748dccd7ef309374e994be57964967364e3f10e2b714448f |
| SHA512 | 424d8500408c16b3272c0fb42331bfbd1707f7ab4781b19fbb21acbd1fd0d237d660c90d24dd2240838d924e74cada452fb7f90d7aec4e0a7c7d6db06f88fada |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile39.bmp.exe
| MD5 | 1d754363dcb3a4f68bcab2312fd4d6ea |
| SHA1 | 44a94a97367e85089a3f0bc3376cd648620ea263 |
| SHA256 | 7b83f0600e0edc51447853f3fe1fec6093cf8ac383008acdf301a63f44b79897 |
| SHA512 | 07fc5bcebe9d369543cddbf1b34a520f11a1a79830cdd845d776896dd22ae165483eda7f69c2653e7a85d308418a0aa3647ddf5a0a097426275656744845039e |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile40.bmp.exe
| MD5 | 65fe1d97f250a2a754650fdb7acd7ffa |
| SHA1 | 28a951691a26c58999a566b7b82a990cdbe96a4f |
| SHA256 | 6f4eaebb945f33ed5dff0fd64e514d8f74126d4bf3df759e3c7919fe0888fff8 |
| SHA512 | 1b6454893ecf2da501ed403db1d71da913009c6e5ee4dc46b1063c9271c2131edb60811d6c25626919d9953d8090562ccd3c31337b17f96822d177af9678541a |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp.exe
| MD5 | abe2cb9f3d9b3b36dbc2f3c6900d5862 |
| SHA1 | 259722957f04b9e34d411d74037e0508bc628fd5 |
| SHA256 | 47d7246a8ebaedfbdf09f2d65e6238d458ad446b7327bd8ca5007d44c8ecdf3d |
| SHA512 | 69a241c02f45429a9aff22c193f1cfade85d54fafb8debbb59652a5adf085db7a8db46143e5c9f38e65471b1d65a2e49153afb67f61958f9f168134457953e78 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp.exe
| MD5 | c1337a0cf445750672caae81c4d4f8f7 |
| SHA1 | bad79fe9fa9c13004e989266100d51f5ec3dab4f |
| SHA256 | a10dbb892160a988b4f14ada0c76be654701e81e7502555861978f7c16728ffc |
| SHA512 | 1daca64cee1767fa5823ad20207fcef1e4c4944b31b9045b990e57a6f5edb7c9f4c4553358979fc8bab5d627e26a93af3c5107a9d68d4e55058f37ae5a416c26 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp.exe
| MD5 | a635bfe3665d3f48e62876feff38b878 |
| SHA1 | 6fe97837c676167e131641ed670e72071034a787 |
| SHA256 | 0fb0d5bf9b23dd53eeae8bbae382967e219d7f808e117a9674676ac1e0367f6f |
| SHA512 | fa750d71bbb9d8a003c46ced13ee7799e8422eecb1cd12cf57cc8f14b77aec4a5fbf6fb47d2cc22f7bd63ba6b1f98abb3b7cf87ca627dff6d5bfb6ba865d01b4 |
C:\ProgramData\Microsoft\User Account Pictures\guest.bmp.exe
| MD5 | 5ab914a50ac524625d902d2591933c77 |
| SHA1 | e6e8a35f27d06cc1a9e1f48c2b2e0d523819f86a |
| SHA256 | 5d68f7bc95cecef2c64be22dc003cbcae33d96ec6f3c0452ad4d3988698bcb2d |
| SHA512 | ee7f24ec88369faa6ab97df2c6496cf312ec0ce9d6158c76aab9f66669ade06f291ccd1d86552b50e8f399b2a25639d8f1795c62ddef814943007bdfc1a4a854 |
C:\Users\Admin\AppData\Local\Temp\qwEw.exe
| MD5 | 7008ae44d5a99b05d251c29aeb9aef16 |
| SHA1 | 64af093ef4b84ee260923e9de8d946f963849348 |
| SHA256 | 9546193bd58fccf87a75162097a83570b682e41ef01629fe9656ad21087234d7 |
| SHA512 | 369661d57b594dea8d8c3f12137b9a84e5901ec5ab82a58dbf2b5c1fe79d5168b71c277d91f1fdbc47565ded400134686e11f37717f8261dc232e9276d2d9cc3 |
C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
| MD5 | 6e5488231bf78f918dc9635064ff1e5b |
| SHA1 | 5c590088797e1401cc29f91e5cf8daa158ba29b6 |
| SHA256 | bd0b12524c9c5ad003f2a32b6a6a4c487677eda6a0151519a73a7bef32632ac8 |
| SHA512 | 28899ddb2a0e268b998f2b66c1dd2fb38df5b78cb3338ab96fffa5b9cfbd8b91ed553aa6e0d89a319181ec2eb36254a2555ee944a45fda1a22bc035efc068503 |
C:\Users\Admin\AppData\Local\Temp\AgUe.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe
| MD5 | d07964ec343f203c288bbdc7cec9fd6a |
| SHA1 | 5d8392f72cc3a796d366f8d78d35bb06e91530d2 |
| SHA256 | 47d0abba6534bd7a4f409b082d1429c0b67b57afcf951fe0eca06d239aeee697 |
| SHA512 | 15a8ee0a30c346b5ff83bfe722c2cb85f07f01f50b477183c570dd7e1cd8724988a9ca60b61c6a17c9273e27582c18f9cedc3c3472ac565c96988d1aef815bdf |
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
| MD5 | 041e02dfdfd951e6c3a61416d38ae308 |
| SHA1 | 5cbcfa46f6aef17795040b3056b416bf26291711 |
| SHA256 | 0f3be1cfd8d1c9ac94a46b559ab3b912cecede96c753556b864ef0bd2d2de8eb |
| SHA512 | 7639269870e8c33f801f86e6846cf5e8f596ce36379203d0ea39842ad83e662a8fd0f976cf1c70434ee75c55c8a10b176fd920ef7bc0747794052b68dc90d6c2 |
C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe
| MD5 | a560181088b956d3fd66a17d6b273ff4 |
| SHA1 | f2d4a1d1c717d41150771ffe2346bd5aba2d659e |
| SHA256 | ec43a72e2569e5a90a70d32f27ff33c809b3736b97c49600b7f363cf27788d00 |
| SHA512 | 1ab60e9872ec622bdfafb534e324dab4011f7ec638f4e2c1db4cf03aecfe139dc25b100e86f78ec29d96b6df213fd97cf1cff1e3b431959178ef39ebaf83dcda |
C:\Users\Admin\AppData\Local\Temp\CYAk.exe
| MD5 | a12a7069aa8f74699f64b64f77040481 |
| SHA1 | 21bf199fa136653295fe3ca8b2d7a729ba88ef0f |
| SHA256 | ccda46df2f46447fee2da3d632df7595a434ac2f230c15f1962801e71adad8a7 |
| SHA512 | f949e801058af8165459554b6f0c01423b0ab5161d538534bf3c9de372d8ddf07e2d77d19ccfdf8ec406faf767cafa3c4d44376c5d2565d45d1c14fadd1187c0 |
C:\Users\Admin\AppData\Local\Temp\YAkS.exe
| MD5 | 49955739e35658fa68ef759e969bcbe5 |
| SHA1 | 47c5a67b985e5008cd7970575943652437b85512 |
| SHA256 | 30e6f571169e60dbe07b4e34acdbacf31219a747032a4ed29c7a0585802f8497 |
| SHA512 | bf900f84b4d525e180293d1ce7ffa7af0db1db1e46e9c5c05511081d56b116aa298167b8a156f76e389756b9415382353f54bc08fdca722b8b45ededc5f0bf81 |
C:\Users\Admin\AppData\Local\Temp\QEYk.exe
| MD5 | 314405b34bfae53a922ce104daf512e0 |
| SHA1 | 0bb7defdf1d5847bf307f0af9b87c4bdcc1058f6 |
| SHA256 | 6085047dbe7db17c87be951cba9d51687bdb6e43e2066ebfaa2d7ab82c259873 |
| SHA512 | 16b0fdf25274e19a9c779a2457e7f4e955a709ed53bdaa109c8fe36f2c0672210621fc5db861c589f023e7fffa16416da6920dc16f63dc496d112b2a3ab4e134 |
C:\Users\Admin\AppData\Local\Temp\nEwC.exe
| MD5 | ac7281a676f3681e760561cf38814e2b |
| SHA1 | 5d9ea40070676ccf062c37e3451f26cae6162ba1 |
| SHA256 | 687a728710ab22dc4d7334c767490d6f470f9c6151708699c5c0385d97c4c210 |
| SHA512 | 965d42915310b89eef026ce64ecf7bb54fafacacfade73ae57a62d89581613729d8479bfb7e6f1308fb5946faa6963aa96eef760c1eef7919601d42d6ca42710 |
C:\Users\Admin\AppData\Local\Temp\bIcM.ico
| MD5 | 964614b7c6bd8dec1ecb413acf6395f2 |
| SHA1 | 0f57a84370ac5c45dbe132bb2f167eee2eb3ce7f |
| SHA256 | af0b1d2ebc52e65ec3f3c2f4f0c5422e6bbac40c7f561b8afe480f3eeb191405 |
| SHA512 | b660fdf67adfd09ed72e132a0b7171e2af7da2d78e81f8516adc561d8637540b290ed887db6daf8e23c5809c4b952b435a46779b91a0565a28f2de941bcff5f1 |
C:\Users\Admin\Music\UnregisterJoin.zip.exe
| MD5 | 6d1428067adb4c72151e9e792fe45967 |
| SHA1 | b49a6367b91e4328979078854be035fa7c6b7c6a |
| SHA256 | 08290d679b808e10da7e6fe9faa16e084586eeeab41c68997ce2c21816d895fb |
| SHA512 | 3a417ff81f27a7b296dbbd14262f2fb7af30d88788b6a15ecbc582ae5f7d12fc2184157ac318dfa6b39a50a251fbd436ca4779fc85eef973b90c0270e4e8383d |
C:\Users\Admin\Pictures\My Wallpaper.jpg.exe
| MD5 | fb40b6b45cd47556cc54bb39c3dc9460 |
| SHA1 | 3b9a05575e30a1a79f805f45b4d9840ed0b6147e |
| SHA256 | 07049d266a61229e8f9e3b080524cb700d1192ef3acbf852fe3d90330f156da2 |
| SHA512 | 7b445fa6e8d384d3f349a341e7d7cf93a6bfbc302c0a3acdf61429199ae013fd8f6360dc81ab56807469b18960b89d417432f36a5b79b93cbe6b2c8a17003855 |
C:\Users\Admin\AppData\Local\Temp\wwIy.ico
| MD5 | f461866875e8a7fc5c0e5bcdb48c67f6 |
| SHA1 | c6831938e249f1edaa968321f00141e6d791ca56 |
| SHA256 | 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7 |
| SHA512 | d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f |
C:\Users\Admin\Pictures\SendFind.jpg.exe
| MD5 | 453f2cbcc99f4dbe555ff1fe6c649f18 |
| SHA1 | 0df1f71360983219a2623ad6de3a2cb4c0bd7bc6 |
| SHA256 | 9acc55a5005e1dd3d24117c498955d17242df1edf40a4f24bc30fd63f643bad2 |
| SHA512 | 0f9f5fee090b1ec6ac0924aec1e282ce858442bf246754fdf8d674e7a477479a08e93b0fe70bb85d7706bac6e6667cd45bac7db24b93d545981a32b825f0c013 |
C:\Users\Admin\AppData\Local\Temp\GgoA.exe
| MD5 | 0f603d0568d7827b83da3b2bde1ab661 |
| SHA1 | e2e736086147330bcfc2199cbea81416973ece68 |
| SHA256 | c335c45680e9fbfb0238d92811db128dd09ccdc5e1e4d5dce37795f2d80d7403 |
| SHA512 | 1d7150888dfa752eb29f2dbd7bc4b07affeeec13551d82fc00b8f6ec971ac157db6f7550e2c68a62b57684aecd6c1084528b8eb9508428d9c18227df21032b76 |
C:\Users\Admin\AppData\Local\Temp\owEM.exe
| MD5 | 0dd725927aa954d29f23a1cf7520e9c1 |
| SHA1 | 24602b8125c901aa7f1fb6a6f9b873b85a7f7fe3 |
| SHA256 | 8c5cac4a6c2a4cddd0738e1d7c8625a495b692c299c4a4c547a34ada94801682 |
| SHA512 | e1dde2197f8dcfe0c008699c189d2417aa778b627705e3ebe039bfb76f942ebe99ec01c04ffdc57cb2021a18229adc662fe39ac1b3e6801e0294ff4f702574fa |
C:\Users\Admin\AppData\Local\Temp\pgAU.exe
| MD5 | fc3b4393c0a41587a4c470d491e5094a |
| SHA1 | 2ed8c1324825ea675fbc3ccc073392a6efdd02b6 |
| SHA256 | 56aefc4d8dc1d149b6ca4403dce3194cb78609a90d182440132ba853b11fcb5d |
| SHA512 | ee5640e0a44bb07449a62e54862b29ae4dad0c5e9f2332d25d99492be75fe6f8ec7fbcd40a373c1df9c3ad10d538f99120d130c63f4f74d5ef3692f46cfeeb31 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.exe
| MD5 | 53f8fd117007a69880279ff21df847a3 |
| SHA1 | 86ce45128719ac492fc2d246daa7260e83100bc6 |
| SHA256 | 227190a465efb065c970e2d5d22c5989589800c46ef9b1bc514e6f3040c4ccc5 |
| SHA512 | bcad4b0d25f377ba6c7f019473066a91cf13180d31e8552f41dc1ec500435591433a172c9ba96760ca5c00c3aba534e6523961a7dd912c28ab730dcc8426c686 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.exe
| MD5 | 39de43372785ba103f6386ff450b59d1 |
| SHA1 | ea7c71bb43148be846eb3de2ac2615234bbf515c |
| SHA256 | f4a0c304493581dac5b7447e400228827378b9c44842a186dfe0ccb0720786b5 |
| SHA512 | 8952c3d7372f35dc719bf1f552e1da38873e641af62da8af8a04dedc0ab3bfc28bafbd53737fd1d9c43f6ad27c2d4b3506198405e2ee4ab4672557156c6099ca |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.exe
| MD5 | 5993fbd01a8bed31abec5b6807264c03 |
| SHA1 | 0759b32e6047330fcde62aa897f63ee87b189c48 |
| SHA256 | 64614adf62b03fbc8273343b96b7686e52f3506bb948513dd9863d0465fe2735 |
| SHA512 | d75a3690d7aced3f6b2d2e1ca295ea77bee45ed968f3556443a013de4be3d3148223e863ee1ddba098f65c3eff326ab46545e50cbe0b0eb28b6016686dba99a0 |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.exe
| MD5 | eb96c7b834ce864ada38768588eb9665 |
| SHA1 | bed5e9dd3c7ca3aedfb0a6ff17b0f41ba1328270 |
| SHA256 | 49f396fd6da3a7edb20e435345fdcdcb958d0144e3b92d1f08e9ae3c1d82a96f |
| SHA512 | 82d25a5476ac1474a3efa3975d882a7541491be7d19cb5da944fbdf42aabcfd2915ee8f55f319f6ae78824f81581189c2ce1dc0b95c151c97a79c921b6f10ec7 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp.exe
| MD5 | ed17b232c472f4c69290b0a013309a97 |
| SHA1 | e0ab217eb22e9e14bf0bfe79ee8a1949d4806ede |
| SHA256 | 5ec3db62e057cf2c8cbe67874bc7f7a7f895e2fa1b48e0a89172e1106d68c339 |
| SHA512 | b547d5ab39fc6f3fd0cdd831418cfe147839d1acceffe25003875f4edd58156a3c85fa33bb46882849434763959967c516788a4d665f99fb7d92fd0fa4d53215 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp.exe
| MD5 | f14ecd1dd708b3ea26918cf1c9b17de6 |
| SHA1 | b1915c5af4c400dbdfde828f15d65208f2e78533 |
| SHA256 | 0f86cf0131302d9ec96a0c6d169f82b5b49087e44aa3aaf89b128feb2f0120a3 |
| SHA512 | 63230755e89f39369ed13295753d0adec50c17539cf719b484cf36b3aac9df377015d55eabc043d3d36d253c0f0c100a9ac098f87cc73d6b65291fc27b86c906 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp.exe
| MD5 | 7f1f447dda90b676dbd868f9d1627217 |
| SHA1 | 0a0283dfcd53e67dfadb69ca1b44995c76dd1b31 |
| SHA256 | 380ffec5e9982a86c916375fc79caf0f375099290c340ea2de8addc83d9c714e |
| SHA512 | 02f38628fbf11a808a0d507cc84d32097cbde0a9dbafe2b3c38589001479330e0d087da82760cf80b61b7f92bbbed37e7d2945ff8e659b839b181987d4e64bff |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp.exe
| MD5 | 1b34cd3e614e25f522c270f82289deff |
| SHA1 | 4e585daefa14dceab4ee456d94aea5400d01a3ad |
| SHA256 | 6efb4f7b916ed66cbedb5d9b9dd93d01d0a032fc2f84514542de9195e5c388c9 |
| SHA512 | c535deaaaf51de0e88f518f95b39a633751ad930b5ffd321fe04cbdd28a5b4454e6d415118c1c1d539ac014b5d5a37ceab5839ccd0b8fc517f79daf0b85fde43 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp.exe
| MD5 | 9280bb0f434c1b5dcdfd99a21ff6363c |
| SHA1 | 13b901a8187953c9d3f9b2ab8ddbbfba977f5c43 |
| SHA256 | acabb546682f21b3d9f3d338b8bdc5cc072ed7e9f9fcb65cc9bcac442d1b996f |
| SHA512 | 94bc2b249255f1668bcfe264b016797c10b546561ce884b57fc26c5a74bdeb60780ed68848c15d23aa005fc18e2f3f65b637c8b35e2d99da1648f8b90c291a17 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp.exe
| MD5 | 5b8ef12550b0968f966c83bc78c03254 |
| SHA1 | 98c44535792d2145a21310b31225129b5133d578 |
| SHA256 | f72000bce2ab55399bd26a1602b59291429346d301953e75e7dc4b5fb581a7ee |
| SHA512 | 3d0324035a6d0a1c0564b75553188712af8199cee8b682cadbb08efec053faedb3e0d062d845b17919e3fb1f8283172f3d8b3bb7bbdad16ede9128fb44f795df |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp.exe
| MD5 | be069debbab25b2eb5f8fa21f15fce6f |
| SHA1 | fb43da26dce58e9781cc825080ddaf6e72e437dc |
| SHA256 | 692c14e3d100e74c938ae0af48692c1ac9e5783bbe518530638b10709eea3ac7 |
| SHA512 | 5517d7403b61403925cc37d11789a34ec4ff24c15847c9a1d482fdfbba0e4d3446dd5e603e4b61fb7f495651a7877c382c893a7779fde7836ce6d0afe35c2fc2 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp.exe
| MD5 | e1b86eb4ae29874a312444d884ce3448 |
| SHA1 | 5dbb03fe39c0af6477ecd7b5354dfcc4cc81387f |
| SHA256 | d85681de24e289cc5d838399c3f879c1d1a62e9c20ffcff6d0ff57ac5c731c99 |
| SHA512 | 9f9bc6d83914b97b19ad8000d9a549e0ab1dd16062494a0ef91fb5c0dfb1680c960e7f365fdf602da710cdb0804e28e01a3c60f9787559a22dd2cc535539db47 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp.exe
| MD5 | bbe29d467f992a48d1563a0d0f735e4d |
| SHA1 | 77a493b65f17f435020c968af20e68f3864cf315 |
| SHA256 | 8a42832786d2cb3acd52b393f9f32d50f6e678d2690aea3c05d3edc91fbaaf6f |
| SHA512 | 7846be01d457c10225a660871ab6006880fe862d1f4af12bfbb849a3c00b7212daf5a802ad438116d96f36c0bac013fee63fb2e0999c8f10350695769c1b2934 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp.exe
| MD5 | e220c0f030a88a44d5077e7f8da2acae |
| SHA1 | 77a8888fca9cbcb5aae8b9f4a3d04b96c12687f8 |
| SHA256 | f369a08cfdd384ed07fff15579db8c4334ea094a04667f7f90064e20bf3699f5 |
| SHA512 | 35d90d3cde675ce26c67750a068ac5877db90add09a7df8a9b3e660e335df68c1e23ff00156c5ac09bb7a3d13eefee9d7cbfbd5965a84119302993b0ec647cd3 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp.exe
| MD5 | 8f6cb406072e08cfb59214919261b9fa |
| SHA1 | 1d84b714ae0e7f22d2582926bc10e42435c8dc35 |
| SHA256 | 9b8be63a95d1960df7174b61c3557c1eed6ca10942c7df5614ea2db431e2e68d |
| SHA512 | 5616ff7bd9e6ad3d15240978cd7a1a59d1207a03f00dd8927856afab3ad29ac7f8fefb21552448b29d4f25ecc16f883a1bd04e514715dd5ec0b067bec0d65961 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp.exe
| MD5 | c99085e8de1e3af1511ed8120c9b6ad7 |
| SHA1 | 4681490ac59b44e92d8648541a07bcc9368b2f2f |
| SHA256 | ca1e0ef547a7c2da3a10122a5b92e186f40f65ddbb28e2bd164f39ab362f66d8 |
| SHA512 | 0c13810012a44e9226464e6755e290a51decfb650111edea3d21aa2ef5b9b1f681403f28531356d8bf2df3b969126067b1e24ff0bab970fbdb303bf566089462 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp.exe
| MD5 | d3e501d6aeacb8cdbe211229c5da6730 |
| SHA1 | c6c981eb36dedd02811b9d7004596d99e11311d8 |
| SHA256 | d0ab9c082fc100c818f6bc3e2765b7ce6f0eccf2d9c7e37b1f40476030bf107c |
| SHA512 | c17fdfd70780ffc97a2617804498bfd37c8456b8f490b3c66407a2ab8e120240199f725b23616df878f5d874bf5e4598be40f7750cf63c5e7e6822d26be906e8 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp.exe
| MD5 | e8333eab03c08f756466049a08fe0344 |
| SHA1 | fab851fda0742fa9389a631ae9d38be439ed5649 |
| SHA256 | ad359727671acb9d9007accef53dfe468e4d2c40904c5fff4e4fdf7f7be6da68 |
| SHA512 | 425a2fe2e3d554d0f9820078fa90d4e9b17a83cc98dbac944c7fcfbb787cce0e829c356851b4a1308d8c9f1fcc1fb29095ce1331938ff7a6bfc284bcc634c546 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp.exe
| MD5 | 12e9eb50f4ffc4ee0f9312f9e8f9254f |
| SHA1 | 90e85ca32194627c4ea1e6d9478ca1d5f8952d67 |
| SHA256 | ef9831ea9d9345f159893a781d4ff1509645c13932312f65b2570c55ba369048 |
| SHA512 | 9109a85309856f9fcf3eaf79d944cba00d7e9cb387c8d1c12811919e6f1ccc29ff8f0aaed1c60ebf68c8698c8eecdf49c1c207f840c9337322476e468b887d29 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp.exe
| MD5 | 6fde4b6d55849bd30f9a888033700eae |
| SHA1 | d4f520c2baded8978473dee46b0a5ac9df19458f |
| SHA256 | cc43b916311a9e60c3ab901370247c76c850e21330a3cde1356cd66a85c376c6 |
| SHA512 | 0f37bf4e43f714f651469542efdcbc643b056f48468b7b3d680d60b29df48df2f49d5db9e084f805628f95f987c696df5497886f1110749daaf7419a8f7ca120 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp.exe
| MD5 | 763de7b55e2bf5f9fa3471892baee341 |
| SHA1 | 2a2293175c46864da8c96b88a60b1ea1b1a4c542 |
| SHA256 | 8d62143faf6c9ade1dd3abd97dc9932a4a9da01fd1193a127b61cbb93f7aeb63 |
| SHA512 | 790624677785ab7a1e8c524cd637e42c0c4334b719f09abc5e7f5c01757e392277505760fabf7c5498fe325e86bd773b508fb671af6be69003fd6a081f7e52e8 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp.exe
| MD5 | ebb100019f8bbf58293d48d915c77836 |
| SHA1 | ee1435ffbc7b502a091c9ab60a1c49da255c9ec9 |
| SHA256 | 4ea25205cfbe120c6776d78323e36aa52291c4dc035ebe52da310c81d6ea46fd |
| SHA512 | b3bfc8a9ef8bb283222ebd30b811334e298da6fabac5decac8d1619754a71fed3494e53b09014f7bd535636fe27ec9f3865491838c83927746a39c55f42a8b27 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp.exe
| MD5 | bc83941bd52febcfd6166e0dc48be554 |
| SHA1 | 9ab51b9a40e8b701d3b146046389abba84c5577a |
| SHA256 | 3f35a716a5b8ec3ac61c41064cffa57cd96935266d89429a7fe3c813c3c1090c |
| SHA512 | 0614de9e7ac42d93d6b91eb09a56f78c7a0741c0f41d7a384b6fca531488ca1073c257e1bfeb976445dd6d7246f871af57c61e370e6b736e9e9a23eb230674ab |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp.exe
| MD5 | 65ba36eb60d6dc6e7683e2ccc5ebae90 |
| SHA1 | edc1ec4ae0d6c102335ff465cfca57b7560010aa |
| SHA256 | 54dd7805f61b367cd68f1cb4d637464cc3b4a71601cd323956518b1c8e541e4a |
| SHA512 | 4270c573922b9259b40e89a7de7808e5364b86923abae130f166e3fcc1d72dd02047920af3d53620b1d23b0b31f46156b6f0a051a55d44f516d09e6ff84cf1b3 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp.exe
| MD5 | fae35e719b73df4b8ebef22cb7174da0 |
| SHA1 | f2f78001e150c20123ce6e656b148b2c380a223a |
| SHA256 | ecce60cbb0a042f7967cff518cbc8cc0752ef3c2649a37189c430dc37d0a01bb |
| SHA512 | b78d1c56920835360ecb3dac8c70d05d027400f7c83071537f6fd13defeb551f63dac1ea1d885fba4aa9b32386a32fc387aaa0aa09abc39133c9ff98c1fccfe0 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile31.bmp.exe
| MD5 | 48d228fe1df207cbfbbc864508e60fcb |
| SHA1 | b9f05e2ab7adae5b9dd58204c64568d9e3bc92f0 |
| SHA256 | 541468adb060260e9878052c4fc636d8061eb9b2e46224d83219b8c4469073f1 |
| SHA512 | 3fe2c00708792f3e01cddbe75acdaf8506d5cfece549372ae4d04240fb4de178e8d6832724d5335f15670c9a1614438ff9d529af300273aa571b04250bf4f798 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile32.bmp.exe
| MD5 | 883e05ecfc5ae6a4b050d203cda2aa01 |
| SHA1 | 58b731aea4a188d6b7ff7e7382588d08d4647788 |
| SHA256 | 0dbce49f8ee15865fbf50b75a50302ef65748614a46012a0a9851585ec7737d0 |
| SHA512 | 7894f3ca5111b57c3cfd04c5275bedb6562f3a965d2657a21c5277b75097bd900e8504a32a6884b9bc36c4f0f8353c5234e7e1e1c8ac2836e837eb0a9cdd0f57 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp.exe
| MD5 | cab4e61a339b703ef92e6f4e84b5ff82 |
| SHA1 | b6de9da5380898b981252bcd7b16cffa76fb420b |
| SHA256 | 61e486081de112c2218e99250fa72b5279c9224251826c03e01666470d077257 |
| SHA512 | 75c73d4c7b55131e7c1feccf6d0d8b56b18cb24822b8bb4d20778d330197d655d0bec00db08e41fc8e12f5b727f5315c8e1a153759e27fd9e1784d9b05b65b6b |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp.exe
| MD5 | 8b780786e14a913612e393e0ffad5a7e |
| SHA1 | 135185e66b64079df12e64c0d3210d33fe12329a |
| SHA256 | 7d3e09f70faa7f2e426d6a801d62cb241ff74c1e3a535241975e09a360406952 |
| SHA512 | 91a24df22a145722b94877976b89ed718bdb98d8b0811b0d15058b8e3a199809e17a4413ab1400e8497865f3f0965d19270920eff987b27bc36ce9107ab73142 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile35.bmp.exe
| MD5 | 2a86fb17dea1c71d65bf1d04e48e954f |
| SHA1 | 8d5495a69b2d3099791e5c93af8e9d5d0b4868e0 |
| SHA256 | 3d8fcd57d46824f47c99707499c6eaeeb78b0a1734c4763eeb395043c3984370 |
| SHA512 | 571d0eff2d07d17b23d19ac03583e5137bcfcb6c4081a17a008e438e5e4c0c2e019c4b1f8685bf32744fe6e8b2973aa95bd9b8bfbdd2027644510cdeef5e0769 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile36.bmp.exe
| MD5 | b78c2561fa07e39cc8a3bcb6bc4719a8 |
| SHA1 | fa5476921bfa0a475b6bbb005d4641cfadf3bf1d |
| SHA256 | 141c947e32cedba94e55ef14114e38b18659a17f781a9494633ffb0e586947c4 |
| SHA512 | cbc1ccd773f431f054568e953ea5eb05f5438267dc9e5e734678494769f9bb9729913add51066b40623c48375a4b3c5087cdb44817702bedd8b87206e387314f |
C:\Users\Admin\AppData\Local\Temp\HcEs.exe
| MD5 | 37ed0dbe241cc7ab8a36030fb844dcf0 |
| SHA1 | fa119f5292ad37f1f90683663d0a8eceb97f3b65 |
| SHA256 | 4bf7b98ab4fa16497f19a7589a89a061f740b183cd04b827bc61d5f87e9781f9 |
| SHA512 | 652457cd69fad46a827d1c8d3b1854030687c885bbf73d0b73dd24d4a1293787add461a9ec4ea7b5c85e5d4d468b9aefe751678c052e6e2427015e6eb7055e1b |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile38.bmp.exe
| MD5 | f1cd5115d6f2aa2fc1ea29951cf0bbdc |
| SHA1 | b8fbfe7a407ac3c2c1c18413ffb3e714da0fd71c |
| SHA256 | ba0e002232406d524c6dc26aef6d0edfcf97d2fc8f5f8603af1f1fab46cdf11d |
| SHA512 | f2659a92521fa9e4a054fd8c595e26d8abb1b5595f4b5d5ac2419534cf6018a07c7aab00ab0cd689c794c40080cce0964aded6977b8195f8b1ef4b3da735742f |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile39.bmp.exe
| MD5 | 142057e4af9dfb9f463929753ada3a73 |
| SHA1 | 52a01ef5efaa424643e28af4d7b0e09f356e6cae |
| SHA256 | e428db952b8816e0e90939767660ffe769b55acff77d4fd8bd78c0a764e5b51f |
| SHA512 | ebf543a3033763f75d8966e8933597235b6f9fc2bfc26fcdec2fd1495c9873c9d01176b9da508a703ed971ea1d706a253db1c90153b1253889dc0e44fae5fef7 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile40.bmp.exe
| MD5 | 89be6e41d02b15764c4e56e0e4ea4e1a |
| SHA1 | 93d993928c37b9739df778ec21b4e054d9d420fa |
| SHA256 | c8c58a50a548f2fa0fec098f4f6a89b2ac676b73caa8e86e0777254f60f09f62 |
| SHA512 | d766b73de5631bbc0a07d8b9c38c113a64e5c3431380abf4502d9becd78eaf0ca64a621a2fb113735f1af6ac19e0e0e7c42695080c2fec1e2cb02c0aeac2dfa7 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp.exe
| MD5 | 4072b99e46fd2045c74c713d9c5bb5cd |
| SHA1 | bd76693a098d7f6714c613e2d886e4795ca49625 |
| SHA256 | 3b5ab3a9192c3314775bbfd5acfa64153e72590c1d5eb1bd62bb9bee622aad9d |
| SHA512 | 4474ea8b53dbd35fbb3dfd8d6e12f4c6f2325a5df48f847fa0115c82c6ded6fdecfe9655625a4d9d0df754895723e224f1c29696afca7fecbd1e63af71a0215e |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile42.bmp.exe
| MD5 | e414cff76ad8c59caa3b6db6e4f773a9 |
| SHA1 | b8c5377cbd6201d79d75f7ec0a1d1be6c07998c0 |
| SHA256 | 3b3e0cb84dd70490d2d8a1a865d108cee4638d79aa8ae1d46b8ffc2b02d6016b |
| SHA512 | 04a8ef2521d591a3d436b27818922323511f63408d015c34d8678ed8407f13544d42001d74d6fb2f0b685dfe5db11fe2bf8b6e4f614011f61a0af597c8a70232 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp.exe
| MD5 | d800dafdea27a6ceede4b499c02df68d |
| SHA1 | 9abdd14c2db8bb2b2a077b1c9d10b6500f089248 |
| SHA256 | 56740b108a1bc30405c0c7c2602d8d680a9511ac1ff0c239a8b6e17156bd3d59 |
| SHA512 | 561bfe8a1f548a37658d60f248be4953f16b539f2497cc5fe8c025197ecd8769d459cc15cebea925ca76a262f0f84a224941b5c4ae2728aad4a2a33e8f09e11c |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp.exe
| MD5 | d9cc66014fa6f73542909dfddc08a923 |
| SHA1 | 314c535471f36db54d158bd67c2fa5256ca1b32c |
| SHA256 | eade36ec183826af1f42b2345221bea0ffd5946dbbfafce2c82f7075f757efa0 |
| SHA512 | bc7d5c0326c833958d89d53a0fd5359b46f84396df3d2c56c11cacfbf176d984ced081cb3bf863199d9a7013698278243a6b8237fb80269be6ac5fa0832a0804 |
C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
| MD5 | a78843025ce016104bb2101da1f69ef2 |
| SHA1 | 3e641b21a1b5033c1641f658d0eeb81878510736 |
| SHA256 | 236b2988432b9a6fdad5db3402e08e7964040f225019f58cadc446fe69728e1a |
| SHA512 | eec8ee23f40d5f3819b82c2daa62774485db5b2d1c5c8c3df81384706d63c6b7c26a45c0a9b11cd42435a7536e813cfb1ef2a49c71bec96fa9ba8918f1a5bd74 |
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
| MD5 | 6b134748eefd2485fec36a11ddd8bee2 |
| SHA1 | 6c83d0df91d61ac405217230cae9fe69814c46e6 |
| SHA256 | 41c3939da200948dca5288568930977640278f41eef75617138093fcb4dad7c5 |
| SHA512 | ad83e6b1f157e48be6266e95cbd2b036c87b4cdde699c708dfc8c42a5e95898d9f83eb26b3f9276bf513868c78cc2b07dad3b1b99f8c867f31e46db877fc1932 |
C:\Users\Admin\AppData\Local\Temp\bQMe.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3.exe
| MD5 | d7dcd5c2b7c31a6325ead1c786e0f5ec |
| SHA1 | 4a81e3ffb1a97612555b092deb9fd9f459ceec2e |
| SHA256 | 70cc3abd79bb89de85fb677e58b41b5522ac0362b4b789998432731381437915 |
| SHA512 | 3bc7c4805f6d7cf7c047572cdac9c4a36e2c0954194b6786cf0f7232c2f1a50b84670c22860b0dad62020a4f6803c8c840ddfdb5d8b77f2118cd77d1bd46e5de |
C:\Users\Public\Music\Sample Music\Sleep Away.mp3.exe
| MD5 | 39dff88c79f6d9d437525ee3cfe7154b |
| SHA1 | 52fe2a0e065bbb1ed5fb8d4ff710cddefc794419 |
| SHA256 | 56dc2fb880ae7bb839d701e59d80c048238f3b1bec7f6c51d031fca5dd1bbd33 |
| SHA512 | a94abfe5f54d9883fe3630c16635dce24ad3dfa82f2152c1f0b96e051ded15018a51da01237d92d1cae7b1cb6cbc22b956daea878ad289e86e0c1fd353a1cfbf |
C:\Users\Admin\AppData\Local\Temp\hwsY.exe
| MD5 | 97116aa2f1263766bde85587821ec06b |
| SHA1 | 7d15e1452af04ccbf334d61874734b7b3fb69224 |
| SHA256 | f88c123b8b7ea3ac9f19a28602a4b0d7b039963e0df2f0bfd3b4db2a892a8ae2 |
| SHA512 | 3d3d3fd0423138c52426d356154df7b66273f316c1e678e06c051627d7d781a41b87fdcc5fb05125de263a3e3f4177914e10d09fa5ea8fe34b154515cb790e69 |
C:\Users\Admin\AppData\Local\Temp\TYQm.exe
| MD5 | 31f24169e49fd7539ec2c28d81535376 |
| SHA1 | 5cfac7fee7ec6948a2ade63423f451e20365376c |
| SHA256 | fbaba727c0a97fcf633b65e19d2e3a574ced547fa82478a38a23b47a6a6545d6 |
| SHA512 | 058770d169f802706f53317efdd9c7be8aee31b82f2cd2e53fb9e88adab0d8e15db1c9ec2f21be335d8f6f71e2eece8211d9ed6cb8b3b18733c4bc3c5761648e |
C:\Users\Admin\AppData\Local\Temp\WsMs.exe
| MD5 | dacd49afb4a371ceee19563c59db9378 |
| SHA1 | 112f2e24c3963eff8e48f7388754bb7e85dc76a6 |
| SHA256 | de977fe159794e528b69d605a5f19a6bc63b7f3db69044d21a87f60b639fc64f |
| SHA512 | dd93a4925ff1bc6868328a4ec1090b1473281c05d934801f754bdbb8a5933e6c90d6af3ca2b9fea39be128783a9890bcafddaf1f21c5c1ff7cf8af57cf0b899c |
C:\Users\Admin\AppData\Local\Temp\wUIe.exe
| MD5 | 489dd7d0b99c9a52c99f501546481412 |
| SHA1 | db8f97e63f40b591e43a619fd086e5dbea327a6c |
| SHA256 | 3ef50249ad40b85de51234fd324009d28b4f234ab86c01eeda72484b64f3a2cb |
| SHA512 | 2f96c6f853ee76c5fe73a1e75041fb86890bf3d254834460b5a166beedf152a73cb45e93101d952bca3cfab986f0f2526a8b50ca06492f2656ac235f2164a747 |
C:\Users\Admin\AppData\Local\Temp\QYIy.exe
| MD5 | 9d25c4771eab6fba5766992372bcfded |
| SHA1 | bdf99ba5fc4a4a608d20da6598e504ef8d23b1dd |
| SHA256 | 701b0abc4d525e981176d3c185bdcd18054ea6aa9fce8cf36320c9d2d7436f13 |
| SHA512 | b1a77cab6e73ba05e20326727abbd5f1d51cf4fdbff3aee2af4e678033f5f28adf1e6695b043a789a7268cc024e485ca8ef244e9604dd323d1be79a9d6df891c |
C:\Users\Admin\AppData\Local\Temp\YMsM.exe
| MD5 | 2a5b368ea66d5e65bab149f6ecf9d8c9 |
| SHA1 | f67d95b425b243fce75942f299cc711a7ce7c484 |
| SHA256 | 2df099660d06e521c9c8fd98cfed83ddf72e3047671a1c4a0527f4b637cb1c02 |
| SHA512 | 7fe04bc40d6f66d1212df61ae9848fa5e2d805ffb81afd0038e4363d90c7681c2438a1483c21747531063cc20f86eb5c7f85d3a1a19e35f2379b0452b173472e |
C:\Users\Admin\AppData\Local\Temp\CIIS.exe
| MD5 | ee92741f527a8cb772862aa1625d99df |
| SHA1 | 4e8ccb5be34846632383c10bfda611a3fea2f6bf |
| SHA256 | 6690d75e1e76e6fcfbe945da4ce38864989b974da506fc2e82666048207bd676 |
| SHA512 | d9962bffc8bb6f206bc2462d8e4c2335a0a6012b895ed598c85f00c7f1f33eeb12f9488016bce294e86d1d11533e7ad0840bbb51ee5f480ad758532eb7c6b199 |
C:\Users\Admin\AppData\Local\Temp\EIwm.exe
| MD5 | ee4449ea1d4b206335aed3d8336ea973 |
| SHA1 | be882ca897c5cb070e6a2175c7d830df4a827e52 |
| SHA256 | 4ae6a01c02cf0b3240dc3c29b8fcd4b2384fdae2957f235e5d488b20180f2c7f |
| SHA512 | 8578a958de0aa2254fa2917ee5fe48a935fec56274a926a129e7ff0224b5baf23bb40d244579521de77188c0a3e298c2f0367a9745ba3ce126ef5769a36167b7 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-01-25 17:36
Reported
2024-01-25 17:38
Platform
win10v2004-20231215-en
Max time kernel
150s
Max time network
121s
Command Line
Signatures
Kinsing
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\System32\Conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\System32\Conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\System32\Conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\System32\Conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\System32\Conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\System32\Conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (80) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\tksYgMUw\KkoMAAgM.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\tksYgMUw\KkoMAAgM.exe | N/A |
| N/A | N/A | C:\ProgramData\ZGIkUAUA\mWoEcEAo.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mWoEcEAo.exe = "C:\\ProgramData\\ZGIkUAUA\\mWoEcEAo.exe" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KkoMAAgM.exe = "C:\\Users\\Admin\\tksYgMUw\\KkoMAAgM.exe" | C:\Users\Admin\tksYgMUw\KkoMAAgM.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mWoEcEAo.exe = "C:\\ProgramData\\ZGIkUAUA\\mWoEcEAo.exe" | C:\ProgramData\ZGIkUAUA\mWoEcEAo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KkoMAAgM.exe = "C:\\Users\\Admin\\tksYgMUw\\KkoMAAgM.exe" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\tksYgMUw\KkoMAAgM.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\tksYgMUw\KkoMAAgM.exe | N/A |
Enumerates physical storage devices
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\tksYgMUw\KkoMAAgM.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe"
C:\Users\Admin\tksYgMUw\KkoMAAgM.exe
"C:\Users\Admin\tksYgMUw\KkoMAAgM.exe"
C:\ProgramData\ZGIkUAUA\mWoEcEAo.exe
"C:\ProgramData\ZGIkUAUA\mWoEcEAo.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wwMwoUIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qgwskcsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\issUoIoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zicMUksw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fakYIAMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BUIwoMAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qWMUUAwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SAIAQgAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EcYsIgow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AqcsgMYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EqQMogAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dWEYYsEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NEcMMocU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BYgUUAQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rQUQoUsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uKEggkYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cWMYkQYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KSIgYwMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GYkEswMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lWcogoMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fWscUMkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PEoQUMQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BSAssYIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KocgMUsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AkoYYsws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CMUEYYgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aWkQcMUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DwwsUcgs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PokUsEAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QqQcskwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GgcMEEEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kmkYEQgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lWAsEUUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hEQkoUko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\voMogUkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GmgksYYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yAogUgsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QYQwcAgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SkYAYAEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dioIwMsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ViUUIYkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PyMwskkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DoEEYEAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\umQMIEko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yyQYEgsU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AMUcMMEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VuMIAUsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jIscMUcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RcMUwogs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TgkYIUgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AAEYYAUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SOYEMwgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iWcEoUYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\neQMQUMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BAUEcocw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JYEAMwcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MsQQcUME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gYYEMcUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\coMAckUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YEwEUYgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XcAoAwok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\byIoYMMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JSYIcgYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xIYYEsIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\emIUAock.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EswgIwwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QWgoQAYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DiwcgQIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hegEAgAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LYQwMQgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iWEIAIII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UsMoIkUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oKYUEUgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uWMgwMUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jyIIMEMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PmYUEQwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vuAAQgYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pIgsMIQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EwwQsoog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wYkUkkYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OyAsIAMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QqsUMsUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rqkkYIEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XMwUkcgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xgAsYIgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zcUoAocE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WqIUMQcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KwAIggwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QWUcEUso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LoAEIskE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vakQQogk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DwEkwUQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HIkEIscg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wMoEkAkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AmEcMEIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OsUUEEsU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\seUYwcEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RuEgEcII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TyIQAkAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tuAUQMAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eaccEQYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KIoQsEEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EmUoowks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cokYQIoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PcAMcYUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BcUMsYAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\liwoMYYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DscMUkgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yCQQEkMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\McIQIUIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mcYEAQYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZgIEpEkp.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XOgEwEQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zgQwAYMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nygsQMQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gUkEwocU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YSMYgMck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CSUggkQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gcYwQoYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DocMocwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BuAEUQUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BmgsIoAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ayoQcYgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PugkUgMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GucUgQAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oKQQwIEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QuAkYIko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dUIYEIMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VicAAIsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uSEIcAIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LiMIAwcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pIAgAAkw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TIEUoccg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VSYoQogE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YUAcEoQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mMwAIEkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RCsgUMAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FOMYwsEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CIkIgwsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Network
| Country | Destination | Domain | Proto |
| NL | 52.142.223.178:80 | tcp | |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| BO | 200.87.164.69:9999 | tcp | |
| GB | 142.250.180.14:80 | google.com | tcp |
| GB | 142.250.180.14:80 | google.com | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.160.77.104.in-addr.arpa | udp |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
memory/2888-0-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\tksYgMUw\KkoMAAgM.exe
| MD5 | 4b19f64b179a827c700ff6159a87c626 |
| SHA1 | b18e3237ad77576e0282bfa2751164cb5f6cb5d4 |
| SHA256 | 16bb577c55a8f3f9c847c3821785b63acb562ae279eeb5ea18c2da992705f7eb |
| SHA512 | 0a0e74b2f94db7c6e35fe62c4e590d1351edf5581af5ab39bb5d812d0c2e9e53891339ca71d69b9ffe255952f77f1dd124ac38bcc15d96b021113b0fa603ba27 |
memory/3896-8-0x0000000000400000-0x0000000000434000-memory.dmp
C:\ProgramData\ZGIkUAUA\mWoEcEAo.exe
| MD5 | 6d5e244b7df065e55995b36c6d6fa878 |
| SHA1 | a9a9cd45a41c9d0d4118838083313ec1f546acae |
| SHA256 | 68a7ad71b87ba4be0d28687ce4b7c017eb1b30b3494721b73cbcfa17ad6ccf0e |
| SHA512 | 6cfb51267108f4483396bd3d32fea94e7bff27945ef43fe68680e2f518bf57d904b3994cb57ca23117145000c62dfe25eb8f832862083ea8441ca06119f3097f |
memory/2028-15-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2888-19-0x0000000000400000-0x0000000000436000-memory.dmp
memory/348-20-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\wwMwoUIU.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b7ebc7978b4245497b486e41bfa94b85_virlock
| MD5 | 2cfa6796fc3ef55c4c52c89ffee69a01 |
| SHA1 | 27f7ec659a880adc68377806cfed8a19a83d7a19 |
| SHA256 | 01d3f4fcf587946f892683a96fe4417b877cf8e6ff40ec63c769d5133364d5cd |
| SHA512 | 68b90ed4f4bcccb864a60e89489b6a11812c229e3b04b4ee526f4f0a0ed434883b1ed0d241e7098143b172795761fc6e0af1ae07155abb7c9ca24c3d979cd610 |
memory/4652-30-0x0000000000400000-0x0000000000436000-memory.dmp
memory/348-34-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4652-46-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4760-43-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1304-55-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4760-58-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1304-70-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3224-80-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3436-83-0x0000000000400000-0x0000000000436000-memory.dmp
memory/5032-91-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3224-95-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3972-103-0x0000000000400000-0x0000000000436000-memory.dmp
memory/5032-107-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1924-117-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3972-121-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4284-130-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1924-133-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4548-141-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4284-145-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4548-156-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1548-157-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4168-170-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1548-171-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2720-179-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4168-183-0x0000000000400000-0x0000000000436000-memory.dmp
memory/5112-191-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2720-195-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4800-203-0x0000000000400000-0x0000000000436000-memory.dmp
memory/5112-207-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1968-216-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4800-221-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1300-229-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1968-233-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3604-244-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1300-245-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3604-256-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4556-257-0x0000000000400000-0x0000000000436000-memory.dmp
C:\ProgramData\ZGIkUAUA\mWoEcEAo.inf
| MD5 | 1f0f8d8f66f7eb102f11d442aa8854c9 |
| SHA1 | ac58f3c0aeb3338c9ebb1cbeee6e8fd3b4287a3e |
| SHA256 | 3a2a08d12d20b1d1eafa5afe2a2d82d2ccb1d05090d08ec4fab57068134bd1f6 |
| SHA512 | 0f05b9d5d8177fc2c8ac64ad8e493867b6428d89baa4a5adb48a1631888fedbae0630fcccb3a0f1360a8012d5de90e090b0b9a24634e2a8b698d09665bb27f82 |
C:\Users\Admin\tksYgMUw\KkoMAAgM.inf
| MD5 | 768540a9bf356d6881a6c509e0cfcb13 |
| SHA1 | e03b4a30083ddb615e0183bcf1abb63510306f23 |
| SHA256 | 9abbbcfb7c6a571386d634f69454f7317fa213b4cde164863e7670dc1e9e80d4 |
| SHA512 | 307905e18c973cba7278a693b4256a65213f9630e4f79abe329c541bb55695bf4e72d626d3bfc57a0e4185aa288d11fdb4cd5bea73b0a8424dbd1a14cf3a7192 |
memory/3588-267-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4556-271-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1348-279-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3588-280-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4408-289-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1348-288-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4408-297-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4144-304-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2748-308-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4144-316-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2164-317-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2164-325-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1928-327-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1928-336-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4940-338-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4940-345-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4744-346-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4744-354-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3436-356-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3436-365-0x0000000000400000-0x0000000000436000-memory.dmp
memory/5044-366-0x0000000000400000-0x0000000000436000-memory.dmp
memory/5044-374-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WcAK.exe
| MD5 | aa493d581579d56a5f9c52f22a9b4d73 |
| SHA1 | bcb93f82aef04920e6eb707b7b83039b85a5405f |
| SHA256 | 2b8cfe68a89e65f7e5e72acaf2da7e46811a2167dc6874b1c4ee521881bf79f9 |
| SHA512 | 5738af1d66e23b99b5e238d608e7a7b8568b297a23abf8618612d8f3603daca6c3080fa72022bfc76bd8c6fa9a887d9e54d53fdafcc3b3b8bbde645451c7cf6d |
C:\Users\Admin\AppData\Local\Temp\EYYW.exe
| MD5 | 82a0e5e6ed59db8390abb926b169b56a |
| SHA1 | 5a8158b28335849d18e53eef00b08d0dafff61a8 |
| SHA256 | 93eb03c360e0b5eb018808c12759ef2ae70f07fe99372ee23dc9265bd04254b6 |
| SHA512 | c41eb406221b8fe1b171f75ccaafac20d3d4a93d2b5fdb0292e9b698f6ac75273a18179ccf6ab7ec00e81aaa511ba9cdd4af138d6aa45cb38fcb978b1cc09f78 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.exe
| MD5 | e25114446240065d50bde0245cc3898b |
| SHA1 | 34c43eb4869d7d83ef51104ae9f68f82ea9e7a3a |
| SHA256 | 5e0f50876dcde7978f5a6f2fcbc5bb115d467fba86a69df7c82300e8f431761e |
| SHA512 | b7a7aeabafd478d0dc398e9cf4862c06f4cc2b333480a49cd5d801234975e15bbf485c6edd24e45533c2c8907369a3f8aaebad8fc2a8f78f0b891bc4f284f4f9 |
C:\Users\Admin\AppData\Local\Temp\kYgw.exe
| MD5 | d995b9602736ea136cde1787c354f2c7 |
| SHA1 | 7ed6de032ddb4ef2f160e9e1f7cca54f2cb8a08f |
| SHA256 | 8ca0c6d5ebf29436aee94d6b3773f92239bfeb3937b8ffdc1b0cf0edc81cdfe9 |
| SHA512 | fb3e742bca134c10fba605b38dcc41777ab8ef3f9d25b8450c518dadef5e799e0f0e962b9f16606b9b358e730aedaf49a1689658dc096d8cab48f5397de40c6c |
C:\Users\Admin\AppData\Local\Temp\AAUO.ico
| MD5 | ee421bd295eb1a0d8c54f8586ccb18fa |
| SHA1 | bc06850f3112289fce374241f7e9aff0a70ecb2f |
| SHA256 | 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563 |
| SHA512 | dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897 |
C:\Users\Admin\AppData\Local\Temp\eUQW.exe
| MD5 | 7f8ac8ccbc710c4f538ffeffed678ec7 |
| SHA1 | 94a87cecdb3ac543eb034d98282bfdf782a8f55c |
| SHA256 | 23c8e31378db4b7c0bad40c75a6f90c7ad97e9b94a7874d0ca69d62463f15e58 |
| SHA512 | 137cfb9715f9235924a388c7f7e0392319fd06f41f3c5a9a6b0baa80455255cf77ba0c149f0b152077f71e557a7ab531dd0a555b7d767d1d0a4f0d1f552c830f |
C:\Users\Admin\AppData\Local\Temp\AQIg.exe
| MD5 | 7b29f81758795b1e17d97f430b40c12c |
| SHA1 | 987bce12d0aa0297ad72373fae6788aa3a602c4a |
| SHA256 | d6b37456dc89724c588eba517ce92b62fd412a90b7a8d2f8b084cdf4d783e864 |
| SHA512 | d5e1cafc9b9679786a2b4d714e803261ffed6ca392c77507de1a675257ec1f221ec1379c46634daa1ffed47f85f8b5587922a0e73598634a5b01e0b28453de6a |
C:\Users\Admin\AppData\Local\Temp\ywQm.exe
| MD5 | 55e0083229a9beebdbe8809f1f914ba5 |
| SHA1 | 1f59c606fa8efb861b8d748f702086fa7212c9a5 |
| SHA256 | 4575d1a1781c241ee32854197e74cc6ba577a7c1b85530a44e9944ac6c6ec0ae |
| SHA512 | c814b200958857e23b4b9771d4f98a48940930a104951a5d32c35c59f34809e483b4a215d8639f41000779fa9cce27c48d6f85a8b337e163c1a8970d7fea8b29 |
C:\Users\Admin\AppData\Local\Temp\cQsG.exe
| MD5 | 5dad204af4412ec1ef0d85c51c3180a5 |
| SHA1 | 57d4437c960999a79e239ebfbdb6ea078794310a |
| SHA256 | 6d9f44a30a81c0511ab19001333c9c7846c180a988a37c8b606f79e25c05a6bf |
| SHA512 | e25abe4f9aefa166a3115f70fde0688f3299582cc362e7ca66a9230e1c19e7899d2796c56307671253b863277c8549fc81d4a2ebd8a6f3d2881b42848f4327ea |
C:\Users\Admin\AppData\Local\Temp\ikgA.exe
| MD5 | 67febb52a1716cb065d3a7d29ed2cec0 |
| SHA1 | 3469a89faf2110013817535bf1d7e62dc02c6842 |
| SHA256 | a81b5300c2ebf54b5893187d432ec5735f5edcada8656c07be0b6d20f5f36403 |
| SHA512 | ead66788bd5204174a51cc893cf26a3ec4b5df99597b502be3c77174a8bce3ba6d698b3110ae92d5e075049de1f2399813c812fd171a63cc5b62fa9b766095cb |
C:\Users\Admin\AppData\Local\Temp\YgES.exe
| MD5 | 30c5a2fbaed315dbd51db075013f31a4 |
| SHA1 | 1f285d0a2eb6142134ded7b45bc19e234245d523 |
| SHA256 | 642897425a97ff3cd57b6ab01270885b387e88288c2f8e37adf5573def30a645 |
| SHA512 | 8c1a4bcf8e0578577d7ec4893e2e1d9aef3016ff14c36d6a33078b59279a0750d8ee58d13f68c84a6c2706aae8ce557eb1dd35f6e1f272a5e5b89ff0d69a105d |
C:\Users\Admin\AppData\Local\Temp\MIIS.exe
| MD5 | 479337aa0b8c2cdb1e8a08df3fd1ff04 |
| SHA1 | 447fe9cc7f4f6b51d1df1cd713664f8583af766a |
| SHA256 | 3b6f6ac23776ed11680eb7d95e77a401ad0b43c9c45c497c1807d99f91e56704 |
| SHA512 | e6d95cadbcc5271a1b0378da506efe4be3ba7573940535adf49d90c151647f6b430c3e277945040f4ffb6b252be415da6634cebed9a6a2f4d32bdd6f82c952c5 |
C:\Users\Admin\AppData\Local\Temp\ywwY.exe
| MD5 | 2026fabd541e0c75c46d0fa2e05303fb |
| SHA1 | 681907b65f439d7c5e7e7d68c179a3386fa4113e |
| SHA256 | 12623101bb7b30c22186f8f4c9bd2a1b2eb876ac486ad1b2f9354c3ccd0744d3 |
| SHA512 | 031f353d51cb1467cedeab8d43d027e6712730ac59073f8d780d7a12a01c46c07238c4b13f3bd86ee1984828e9872f7b954810eca833f8dbf86ce3358d813b60 |
C:\Users\Admin\AppData\Local\Temp\Oksg.exe
| MD5 | c1b63bb59a4c203234f11b74825b03eb |
| SHA1 | f6357ca3f9d7b69ce6610f825696eaa9b1d560e0 |
| SHA256 | 2df6baf2b031cc445e643ac44bb607db5e2df63fba1ed927bc1ebea27b4052fd |
| SHA512 | 9232144e690e0197615fdd51cbc5fa266d689c6eeb3c31655263dc6f87079d392ad50f400e27551c1ebedc410df15835a65dc59ba9251c36a1e4e4fe74df1991 |
C:\Users\Admin\AppData\Local\Temp\MYsK.exe
| MD5 | 2b58e51e6b2126328b471f2eb0508ca7 |
| SHA1 | c861ea9326fe3598b9225b6c912c2dee519b4397 |
| SHA256 | caabeda4bd7d65e9d8d5da8c8d3a757a44eb5960d3646ba4ede167e4da660b50 |
| SHA512 | a1a7d7bcad185bc487a55ec3110a14808533a887f8fa14b3ea69c4cfbae803949a02fc852192a9c6b436672712b3d4e3f3194f470512580a62949f8b550ccb81 |
C:\Users\Admin\AppData\Local\Temp\EQQY.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\sUIe.exe
| MD5 | a94cbcc237ed3652fe6116c7b076898a |
| SHA1 | a01c41d188a4fd73037792ead0595549174c2292 |
| SHA256 | 2661910dcc18bb8c91135af9855172603d1bb3403fa31a95e2e55cb06867f151 |
| SHA512 | 575ed9de2f5b066407dc812f55bca21cbccbadbd096eb2c484ecb27131178627cc68a6ac815cec7db206f252bdd4a78c73debc406fc89c100c9bf0a4797742c8 |
C:\Users\Admin\AppData\Local\Temp\IwUO.exe
| MD5 | 56c33af05bb6d6da07f9e656eee2a7ba |
| SHA1 | 957e4744950f7516bac48ab22d40c74a20002a65 |
| SHA256 | 0978bf55755a136171ff5b27175e77a698ca28e706f1b20415b8764fd4b32ebb |
| SHA512 | f0fef850ab8ca09831245884875a89bf54b8b1bc0e7aae2a921db337fc92c3162df55dec55a96e0a96af32b85dbea3407a115de12564a9472f0c4b975455890b |
C:\Users\Admin\AppData\Local\Temp\IQAg.exe
| MD5 | 88923fbd8368b61e5fea098165aaba63 |
| SHA1 | b225cc016dc6434209e69776b397710bfdf4399e |
| SHA256 | 90c1fe17b05bfb4043276ca352e6f7625385c61823012f089dad5816a6d40679 |
| SHA512 | 0aa58ceec856cdece7cf0a79286202d08e0186d64aca8dfc7c2247a31c336fff1ce0ed0048b2139960ba304aef8f1cbf07bfb2752d9c1084e1abcab718820045 |
C:\Users\Admin\AppData\Local\Temp\Wwkm.exe
| MD5 | 398c280120ad79b50c1ff7d390a2d862 |
| SHA1 | 6529104de7514e107987cebfadb0fdeb548e2700 |
| SHA256 | fae15f19509e7a54f4a700d9f6ba9b7f287fb2204860b821132c463baaf00176 |
| SHA512 | 6c4d309e397b046975fbab7e1e88445719520190f6700256b2682def64a79bd464e70af5cd1e1d85ea26691ae54ee2870e5ed70337bd9d6624f921dcee087714 |
C:\Users\Admin\AppData\Local\Temp\ecsU.exe
| MD5 | 154c5e8d155d57ee42503b4f96cd4c6c |
| SHA1 | 3586e1efdf23ce8fcce62e02926cbe5989180972 |
| SHA256 | 7bcc9c47a1f1e6627d34b223c8fe960bc1c59e65afb70d4557a4dc91f8573da1 |
| SHA512 | dcc8568bfca18b9e75581aa56e505d63cd43d0ebbfad3b59f16a3c33be64d2fca44256b7d222b8b8eeacf036afc7fc79815c18ff029c65307cc0740f8a59ef68 |
C:\Users\Admin\AppData\Local\Temp\Ekwy.exe
| MD5 | 0d17fba14442c0354f181399e9973771 |
| SHA1 | 2d8ab77d8ce2a1ddd891598689a378088b09f732 |
| SHA256 | 35ee74aaaad1e2c85619d44a797969099bb3d5c537397b7f99ac79296f4b9134 |
| SHA512 | d5b11be92d362160b2ccdb4c495f0e115ea1760157a2bf1960af4b1100d63257ca2fdd147d958c6b3e5d2de41ac43ceccd298ac405a159aa324641f9d97d9ea7 |
C:\Users\Admin\AppData\Local\Temp\MoMc.exe
| MD5 | 9a136e7f475e78132dba638febe412fb |
| SHA1 | 006030ba047bbc22ce3edbfd3e1755ec7e7f87e0 |
| SHA256 | 3c0720d8988d3ba01e10888390a3bb152de854b3e216416fa1999283e57d62f7 |
| SHA512 | 4d019093d5b7799001bea1fe0f644096434cf633bf4244400d570ff041fd87404924159daa44af7731931250e491a5fe2d6561d8edf7b978603371f16a2a32e5 |
C:\Users\Admin\AppData\Local\Temp\IEAw.exe
| MD5 | 373a46655dd62cc4d599a70aae8a8b3a |
| SHA1 | b23b7a87805d44dc7d8bd1b2c76d1f8434660cbf |
| SHA256 | a55bd15cbe5fef73261b078fae6247055c6d58059add52365aa296c656e22936 |
| SHA512 | 2cdf5fb0973687c2b654d43c78fa127ce94257a4002a0428f9f9c694301c9b08efbf5ab6d680134aa7309fd09a10b7f1615a95a9b7038bd80270ef1a7a915def |
C:\Users\Admin\AppData\Local\Temp\SswW.exe
| MD5 | 39e5600db3ed39b7467a7c61e788d3ed |
| SHA1 | 016f6b35ed2fd4d7e2520952e8f121bec0a5d8ca |
| SHA256 | 1cfd5afc5a914423e1e8e41113038f284b062f13847c99087aac5ebb83314f59 |
| SHA512 | fd3bb8dd5263babf3eea78594750a76175d320540ea759a5fa188ded5877b92568447c05f5954ad9c00c7cad4e6e184283af1dc97d0f3566051eb90b8fdc102f |
C:\Users\Admin\AppData\Local\Temp\OIoo.exe
| MD5 | a1d6225ac3bf3b9f60a4dc2a975efc0c |
| SHA1 | 354ef6acfbfd77cdf49e309402324933101de5b4 |
| SHA256 | 88d18049db3d917c9db82efcb0b2aafb3ec516c2a1df0086b975b63e34ec6842 |
| SHA512 | fd698860716fbc04a30c08013ab5304c757dcb17f5db4341bb73bc6ad19d968f75b2bb113cadbf196dda919a3c6999fcad244c07d45b81ca712591882ece27c7 |
C:\Users\Admin\AppData\Local\Temp\CYIc.exe
| MD5 | c1605cea24b6c189a2d4aed135df1284 |
| SHA1 | d3b835b6155fbc85bd939dadae5e7a2c364d9dcb |
| SHA256 | 15a1ecdd899f6c87bafe768e71118afb1747155e970c4b6b0a97917c495380b7 |
| SHA512 | 0d4a43c7c54e164721ba371a9d72b045ce08224f4c96e4ad5da0f1b961937c052fbec312ad6edde0130baf8d86cc02a74c220674eae998dd7be0ccf89f0ab2c2 |
C:\Users\Admin\AppData\Local\Temp\csAe.exe
| MD5 | 8de6fda890c312d6cdb4bda3dd765027 |
| SHA1 | b09a801efd9237994f6576589fe07624337f90a2 |
| SHA256 | b9c98375f120c12102eb5cc683763a60b60f1902bc9bf5c82cecff3788cd5a44 |
| SHA512 | 0d66273ae1a2e48bfa16e19039ce26950824d008d5486f6d2052ff3d7f1060f55ffefe527674a9b381f840cf9cd8eddc98cef8310c2460dc2bd11dc8cd5c5a2c |
C:\Users\Admin\AppData\Local\Temp\uIwM.exe
| MD5 | a02c52c511b3ea781e272594a5097a18 |
| SHA1 | 373b4d81ebd6b3b398f7e30f7827557b845f99d2 |
| SHA256 | d710ce4cd9620264a24e74284092dc38796f8682f083d7e6020cad44c4764869 |
| SHA512 | 9a7a7893290f6980974d633f19aef13838c205237ca3fb26843653de04e392f5cc3370d1d75e408c90e41cea9336bbc2b380ba9c0330833f989fd5f5580de93e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\32.png.exe
| MD5 | 0022dcb7a2738fe3d73d0de30f2322a5 |
| SHA1 | 448b5cebb7c001c1560fbce92ae64bf0f6e97b35 |
| SHA256 | 845821d029bbdcf2a9008c3c1f9ce6ecf0ff0df088a296e9ebe5a77ca5178fd2 |
| SHA512 | 67254527eae725673d724e5f38c96875dea6772efe0207c03eb3a49c7155d21dbe9cb60cfae54d206efd044dd2cf1a467a01ed40116e66307b32efab71c1f292 |
C:\Users\Admin\AppData\Local\Temp\iIAs.exe
| MD5 | d1d571baf75bb0a09b89984ac480eab3 |
| SHA1 | 50fcb7c3321d8cd92805b4412323445f2967cbe6 |
| SHA256 | 0598490a00aebb9ccfad2eb634991be2b55561455a72faeb785c52752d4df964 |
| SHA512 | 873148b9216fb0d9d616b7f3d6861059dcc6e898f3eb0898fa99bc3ed4304b8fc1e7ed53710290516b7189a68fd47ac5ffaf68630b25901c1834eab612d7593e |
C:\Users\Admin\AppData\Local\Temp\MAUu.exe
| MD5 | 4ca064da83df954ef546b1278ea50574 |
| SHA1 | 64e8e695e0b052143740658a18ea1cb99518736c |
| SHA256 | 95c4f4d44553c668e41d46e6189590bbe1624819e984a318bfe6806c316b620b |
| SHA512 | 3d1c60ce716f001729328ec381989d15dbdb2de4da44083beb3b044c27bfcfff863c384e60390168c116095297deb4fb3aef73a16b170beb9c03902f5aebf626 |
C:\Users\Admin\AppData\Local\Temp\CcoE.exe
| MD5 | 7e966e27c4270ece982a1e6bfb5128a1 |
| SHA1 | add6fa68dc2516cb14ac3edc6001808351b4930b |
| SHA256 | 6c1470c301e03d679db479bc4632b8c8d8c1215a4580e2fc4a97f68f997a8d59 |
| SHA512 | 6d85386bd0bb361ea616755b95ceedf94276f31aab781ae77399ed00ba7edf093fe6008c9efce4c2eb259a08b81fc41abe8ae6f01bf5a67cf3a40c9b3315f564 |
C:\Users\Admin\AppData\Local\Temp\GQIK.exe
| MD5 | 914619b1a5545651d5fd8f7bdfbef71f |
| SHA1 | 9af0d1e0a8013d8cca03c19db4e84f3e898e5eaf |
| SHA256 | f1da4842b58f94919f31d3dc0424ee344602a9f5c13feff55127be86e3f81ebb |
| SHA512 | 6501841a27d4ad5005e522754d314779e8b4dc2de8f975cc071451d0ec334fcc86c82c4108e81bf799e65b6eb8794dd291d3b56c2aad0a9c0dd7aa11f406e7b4 |
C:\Users\Admin\AppData\Local\Temp\sQAE.exe
| MD5 | cb4968ba8dcdb742c98fa6ac67595452 |
| SHA1 | c51f408ae1f0876c82619cfe051b158a7794b8c2 |
| SHA256 | 67c15bbe24772c34aa96aa7cf9198a0f1e087e553b2d36582d95dc6c40a849c1 |
| SHA512 | 42337a8b213f43d7a73c4cdf4012a7ab1eccd7eeb3760e090a818ab2f819f13bce09e8819db0dd6a5bbd0c35f5b6ed22b35bdea13279f733e4d0448fe8740952 |
C:\Users\Admin\AppData\Local\Temp\OgYg.exe
| MD5 | 6d0b58bcf2849354064ba7c369c4f651 |
| SHA1 | afc9beee454c31458f92c56620910b056dd5c52c |
| SHA256 | ad520aa6353b87f0f21eb2690af21d176d6a042d0044bccf9336d208db0d8712 |
| SHA512 | 71a48cb41e93435f2f43ec05dd6bede7f33107c3cd3ee5328f8504c28dfb158021c03192b7df0984572a3ede1cf2d3500cfe91805b1c0bc5c5121dac83151b60 |
C:\Users\Admin\AppData\Local\Temp\CcUY.exe
| MD5 | 6d4f0418395f930d9e58376946a1cdcb |
| SHA1 | 6c8d195e7007fcd26dd4b8a9d412b99d94b9e72f |
| SHA256 | 2050203ddafb4a5ea578db88da6b34011ac256c686be516cf31b38c93fd8ae95 |
| SHA512 | f9f5c22a060069345650bed3f861130eacdea3e033c0b2f5f3f6d2893d9bc3884255e950ead8198f4cd7e2435b8d02d2b2930536970092d0eb52f517aaccd202 |
C:\Users\Admin\AppData\Local\Temp\uMwU.exe
| MD5 | 471dae549aefc455af65ced8857585a0 |
| SHA1 | 0ab1d032f4f0adf1fc0b7bc5673e71454b0c8014 |
| SHA256 | 7768b0af5bdebbe6730a6a3ad60bef2fa97d8f57b8d04bcf914daefab4ae9739 |
| SHA512 | f12421cb2d97a43a1ddfb81b52b89b6a23c0df8fc5150af60c335ac47ec4c6eacce92d8fb179955d645fed552f561908b9ed3e087aa740a422cc29b76b0cc99e |
C:\Users\Admin\AppData\Local\Temp\IMso.exe
| MD5 | 9cfcef38d1a226eae9eb3c9c0ee685df |
| SHA1 | c77816e8d9dcb75e5c0d0f172af47facb5e7a815 |
| SHA256 | 1a76ee4a336e15478704af6bbef3c4dd0cb85c193b842e35ae6fec0f5605580b |
| SHA512 | 7894dec2d3c32a9a54368e84a0417eecef134fd142ede8220a9cd1a27cb5adbbc9e2bef85b8ab4eafd4e5dd68679e1217ccb838afd3068a4c6d1a2f0d9dd4ef6 |
C:\Users\Admin\AppData\Local\Temp\Wcck.exe
| MD5 | aff10f01a11c5a4c11a64f87d36b588b |
| SHA1 | 658526ed1f138d1d1174c613dc5d898e4cd16022 |
| SHA256 | 7aaac9e424a3d166841aae3e2a9eb8dfc090945b8e4d3f3f0ab5cbdc2519ae61 |
| SHA512 | 16195c8e36c9969573fc63215b25c257e0fa38be0fed9c325e07e0d8b287e825ebeb64ddb5173ab3631614b72b7ad2253763439240618b3f3ed89e1c6c4876ff |
C:\Users\Admin\AppData\Local\Temp\wEkm.exe
| MD5 | 121ca65387b93d245fb58205d715ea40 |
| SHA1 | 2a70a84f021d2ab362c439a07bada32a954ffee9 |
| SHA256 | 5c8b785cca8ed51cdefb42794c58f90e4469e1101edb969a28ece5f4ac2b94e0 |
| SHA512 | 970b1311665106e89e8953e47eaa4e315bca2f53881e61eb1f1ab9a946ffa530441a3b9717e83ecb0a481144a4662fbf77a2afc2e7e80329343833b52834189a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\96.png.exe
| MD5 | 9453bff786adc6a99662dea4b08b0979 |
| SHA1 | 33899447f12edf700f8b2126b7703fa584849128 |
| SHA256 | b6c1286750a9749af69747b012dbba74ac71b1127390d63dd3bb4c40482feafe |
| SHA512 | cfd36111a7a94cc08af28df89b59753b3b00a4631d8c73c9830ec2880f4b48e232dd6fdf2f0c7d4f7474de062c5bd69895bb08cd8cdf8f856dbe383faa9d933d |
C:\Users\Admin\AppData\Local\Temp\QcgU.exe
| MD5 | 3a919a70bed7b72cde68ac101f2d6475 |
| SHA1 | 66cfb50b34ebc4e5c4ec0bdb7b4597ccc82c6ae4 |
| SHA256 | ebc880792480452128178c9b782366efcd03cb3740b5b79353aa94fc53cd0069 |
| SHA512 | efba99bddde510aa440415f42fe34459b5d2ad2489e2db1359359cfccdd923f144b677e0aec63b23cf62b1dc31e734906037182677981c9b8360a435ecabf15f |
C:\Users\Admin\AppData\Local\Temp\SUAe.exe
| MD5 | 271c2f40fd9ade1ea2598d274b56aca3 |
| SHA1 | bffb458f77c8d77112537e8db161acea886f622e |
| SHA256 | ea7124274aa26f94b83d661febef4baf04a86411d7de72ececa3f1f411d48bb7 |
| SHA512 | d65b9bcb7d07d7a6e120f53e27ef71fbf897e3175d6fccdbae24bc17dc97c33d2acc3030ff98b10caaed40ea1421e59dcc0d32aff10bb9af4046ec10103ae8ae |
C:\Users\Admin\AppData\Local\Temp\UEkq.exe
| MD5 | ba8f8ec298b622e1f4dea7f67b2bb4ca |
| SHA1 | dcd6b1e451696ed711233ab7734801c4dd8e48e1 |
| SHA256 | 2eb84689d092a43af81acd08ffa21d11aae7ec7754e905409f5a47669b7ee772 |
| SHA512 | f013c823306f6968a62768dac972e7a03bbb5225f7e17690ca42a0b7cdc1a117d8c6148c94a431ba57c0e217099fb9825db10826f9aaa9270b20634eaaf97162 |
C:\Users\Admin\AppData\Local\Temp\qsUs.exe
| MD5 | bb4fa60262967902817c7922061f1998 |
| SHA1 | 41e9704502c8be3d10cc13e72da1a70bb3a8137e |
| SHA256 | f4483e3738cafe7e7da01e65cedc0810ea4f1048716f18bc26a117758757167e |
| SHA512 | 1605489c74b913adb2a07ef674e458ca6e6a8e0e0a2d9c451310f14657d151893a98cee5f0160ca3436d23470cebc1f75065f2a5c6fa6a2d9eda02def62c135b |
C:\Users\Admin\AppData\Local\Temp\IcMo.exe
| MD5 | 67c9db284076f21fc06353d5d5f96b8a |
| SHA1 | 3cdeb45333b3570bf55167aeb0eaeba5fb352be1 |
| SHA256 | 9b4f9371011a2c9d9d492486014637a786235af8d6d2e7771b5c9cdfe23164a3 |
| SHA512 | 76df597e0cb0290e8747d75581dc9ecf97af3b1b56398b8d8884987cbac3b72395fac761e8ff6e5ec830d56105987a2852627fac233bae5552090dfc40b54440 |
C:\Users\Admin\AppData\Local\Temp\uMEO.exe
| MD5 | 5b8245488f33480e73aa7bd121b188a9 |
| SHA1 | 1f01eef077106cc9279b54d50116f2273589946e |
| SHA256 | 59b2c50579a60fe5082d7bad977a98063239a153ea79a1d79d00418826ef624d |
| SHA512 | 2d24cd8cdafcb42ca25854911fdfd224dbfd615fabb85b18e1a25cda76cbb52909a6025bd6513e5c2375facb2efcee30b07d387b96008fffe20d5cb1d28787a5 |
C:\Users\Admin\AppData\Local\Temp\WMkY.exe
| MD5 | b884b0a9a88ef4f2d02766113d6134b9 |
| SHA1 | 301c1bb43df87bac3c4c775b00b51145f4ea997c |
| SHA256 | d6aa7dbb15567ed2b14f388e67bc5c34a0216ffaf68a43194a73e23c0a402a30 |
| SHA512 | 418f7c28c8b0662bb53da97571bb15ca576f27fd9dd36f45174a99ff61cba05572fea6f57068b4cf1b887709caa863929651baad81eb6da18c83d4948153b618 |
C:\Users\Admin\AppData\Local\Temp\Gwoa.exe
| MD5 | d09f01d44cd0f7f4773fa14d4854e8e3 |
| SHA1 | ccb381123d3bebb82daba44601163d84b0bb613a |
| SHA256 | 0763af7321d07e081cf31e89f5e9771cb1886999a8d144811a9fcd12fd267ee8 |
| SHA512 | b174d012010dd43242b543222a60b0105d0e0ea669a2c826ea8d7df9d59f79e3232ff50859210035128e30a81d5e323c5cd78b7b764e4159d947189c55d8e0f0 |
C:\Users\Admin\AppData\Local\Temp\EAgu.exe
| MD5 | 5ec6146c2eb15d7fadb2e991e062f794 |
| SHA1 | b311dfef9ccd649861ff46f1e3c41b96eb7c01e1 |
| SHA256 | ff0e2f388a8b49b88deb503be4d5eb88b06746b8d2b5fa7e0b279404e5c808ae |
| SHA512 | 2b5e4809b82c1a6fd88ee8b555fc888108ba1a3ed191b676fa567ae3d7b6e4313ddc81b444e99a56f2134ac0d49ea746e7e89f9f28aa4a24f8d3f7fc68e0d9f8 |
C:\Users\Admin\AppData\Local\Temp\sQUE.exe
| MD5 | ff8fa7f79665f72e309b0a468bbffb4c |
| SHA1 | e408d8b588528a9ce0e3a7824fa6645692214445 |
| SHA256 | 689c00338dfc4b39b7962270fee2c2292f8b2bd96a63d0760668e0a9a18e9c5d |
| SHA512 | c68f600f9673921a3e90765436db49cb8a328b8e6073889c0137372827e2c2d4492748e0b14f8a9efc188296ea36d20ff51b68043294e5ceae94841d16fe1909 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons\256.png.exe
| MD5 | 7214c51909f34505b6c0942bd20e6716 |
| SHA1 | 5b0493f7b22e53fdaa0a2af520606aaf7a899fe4 |
| SHA256 | 5595e74716470b571401688d95636c5d210e385c83e9304240b0da3fdf556530 |
| SHA512 | c0ee48de8c2c412fa7eed5e39ff6b6f34cd31fee393f2a44ebb23920e7c4450b777bb051972c06d76a6d3987aa6fb23337c2460b009cf64558ef46c002b2922c |
C:\Users\Admin\AppData\Local\Temp\uEoM.exe
| MD5 | 0ae8b484713f3c26b48d26a09ff3c01c |
| SHA1 | ef43ff58fbfa6a1fc78efdf68b43c7490ed1e2e0 |
| SHA256 | 3df105f8e270ca0de9267303b4d4158d81aec67741305e24f7e4529116716ae7 |
| SHA512 | 9bb36cb81ba55cac4e8ecd211201eb65825fe39a6f757b57e30893a38f45c4c0f1fa86a48b2042d73d28b35263d2111d593130e09dea85a904618662a6654975 |
C:\Users\Admin\AppData\Local\Temp\Iwsq.exe
| MD5 | 4488784a11cb88568f017b5e40c5ae6d |
| SHA1 | 17fa6d5dd14b8109682e1fb1a6c79d8a8251ff63 |
| SHA256 | 8a34b21973ec23433661af2c63151e7fb102370fc594d06a133590b4c7759b5d |
| SHA512 | d69499fd301ae20c03f24965ca6c3efaa698c0adb5a6fe483ce20261c874be824794f250d3c0057285e29be75902505e4706cff46ccbe9ecd91fa3e0a414a178 |
C:\Users\Admin\AppData\Local\Temp\uUgC.exe
| MD5 | 21752f13c06561864a899cc1a37caac4 |
| SHA1 | 9014363591810c42807e2bae57d6ec4590ea6f40 |
| SHA256 | 5fe73cc75dd88304c3367c92b6a9683c86f119c5a7bea1412c21d107e351f611 |
| SHA512 | 45c983e9a4b9aff22a419ea88fd449120d90f9073de9e963b1568be311c7ce7c6764b69fd12c43a34ad9e5e7906380a40657ba2bd5e5a7a09c843435dc2199e8 |
C:\Users\Admin\AppData\Local\Temp\cMYO.exe
| MD5 | 5b59f1e8e7c084f8aefd33c5740530ed |
| SHA1 | 94b8785c3886d0f537ba0e43b88f908b16f18007 |
| SHA256 | 0ab924640b3dd8b892f5f340e780b23952704ff27f8a7f40bfb1d16cdef7fa83 |
| SHA512 | 9ee21f155b4050821a651c1dd05840b8d8bec95e012f24ebdf025e863e91d0d88f7cfa79e3556c7b952ace91a3093e547af8f18202c99da7bc14f1f59b087951 |
C:\Users\Admin\AppData\Local\Temp\aYAC.exe
| MD5 | 8783af936af2af971b8f220a5fd6e966 |
| SHA1 | 470c048acf5dff21f9cf016368cb7b4a5885b1b6 |
| SHA256 | 5e7a5ec4f17ab642cdb3d6e147b81132974231485c70a8564d181c9dcb749512 |
| SHA512 | e920d1d32596e25a953e67206ab0cfcf24dd8d49c59bdb69ce848fa461f3666a904cc3b29028c0658d53502677eac34f8b9cb5d33527807a7577a7da4df3a7e7 |
C:\Users\Admin\AppData\Local\Temp\EoAc.exe
| MD5 | 8e4e564fa4e5738bdb685c7aa4d211f5 |
| SHA1 | d3c688d2feb888fd94ef40f6a624a61ae5d0eed1 |
| SHA256 | 319496d5c5964220cca7903423fcf7dab2e7e6b77d4fb7320656e226db04f4e0 |
| SHA512 | fa60742c99a5bebdac78f1751e1dbfd90d77ed44e869f57b468652a7a6becd583b6d38b405bb8a3eac78c6884cfae4fea2a02f34acc9dc37b4e3ae9df7cc9004 |
C:\Users\Admin\AppData\Local\Temp\mYYM.exe
| MD5 | 0a8d83736149b4b85a883d8134cc1a1a |
| SHA1 | 810e02e954b4f84bb8f6ac21fd55d68592a5c910 |
| SHA256 | a2a306d24375bc9d627acd13f753e4bc68334b6eb12d51c70fc00b7aaf29672b |
| SHA512 | b302708ac303e02df2dd4a916fdf1073a79c20a07e1af26ee9a3a6e7e84d6774b6fca5cb46a29a2909a6acd927e4d4e10fc035746e5d961b9639d881042d4233 |
C:\Users\Admin\AppData\Local\Temp\icAy.exe
| MD5 | 557888d5f75f01d5470e40d814894073 |
| SHA1 | ee77b0d718e252d1b680905665862999f3f41680 |
| SHA256 | e2c6013c51028a90540149925c7f98eb0c1c13e96fa1162fe132fd31d795a761 |
| SHA512 | 8b9e9f6617d28b596d5cac538a6a375fa48af7284cd3de05aacbddf94401b727aab6dbfca9576bb70dd6ae6aba59df5d410c5ab9e5e06d0b1818b12fffa9e5ab |
C:\Users\Admin\AppData\Local\Temp\uIge.exe
| MD5 | 7b00a7bc66f7d4e7a55c7608a94f8795 |
| SHA1 | 6fa7b7a8ee46edc5393af61e008ab9dda2d9fff7 |
| SHA256 | de71d6ad118008908d5021dc1b3c7ef05455c7315c84456c74a81cefab3bffd9 |
| SHA512 | 14857739ec659b1bfd14ad57c6f777f38c638e596aee01e76ca422d7ff6e0e2f06d837c0830909c42dd2ae31482beaa53899d8d04760ea603f1848194697e21d |
C:\Users\Admin\AppData\Local\Temp\AgMA.exe
| MD5 | 78d5d0686be62518f25748c9522f11d6 |
| SHA1 | 8b26a7a11bf41458a2851e18e2ede8a332b3c429 |
| SHA256 | 36b5411de8c43a6b4a9b9054f373a5a6033df2d537784992679bed7bc8fd67ac |
| SHA512 | 66da2e606be652df802e431930af932952623313fced92266c9c39cd4cd419ebf58b83806172938f86bbdf245f2f4eef5040d004b6155ef20589579bc6bb73c8 |
C:\Users\Admin\AppData\Local\Temp\QsEM.exe
| MD5 | be231bb6fe6ec834eb02d92b274589f7 |
| SHA1 | 49980ee245ddfe061eb50fa0a6bef0e859e07356 |
| SHA256 | 8b313011b4891fc78450e91d247e92408556922d5fbda7f16a29289e6448be92 |
| SHA512 | a986b1aaf2595c5e043af0a1652399a5b00c13f0ab6a52cd642841770d308987c0e355bbbe1f95590e8fdc353c5466531e370ae011a277b7224bef9e420b2970 |
C:\Users\Admin\AppData\Local\Temp\yEMW.exe
| MD5 | 44818c701ec0654e2a9e7ad77ea550a2 |
| SHA1 | 985b2ed553629be90602c27fafd41ca9859c1831 |
| SHA256 | 1039af094ee3b4c26cc72845f2f260ff2ccd0f916bf9636d45549a6e1ba89915 |
| SHA512 | 55d5083d4bfbd34de525b53d3ce0759f24907e84aa221b319ffca9cedccf7616c5d25a3c5b8edad191fc2db1ffea63cb9a98c87bfa45a752d14613aff367657a |
C:\Users\Admin\AppData\Local\Temp\GcAG.exe
| MD5 | db88c9b98e41770a61e3b65453fa3f85 |
| SHA1 | 39025e6c315c51bb01a1082290143a4cfc1ac2b1 |
| SHA256 | f2289db230fb0ad55c66c645b1aab3fbfbef7b6cc4d6b8387f93c5076b7bbccd |
| SHA512 | 4a64317a46d9f9655843bef87b03ade686ab063e0415971cbaf4b9404ca957f7247dfda6c32f1c5f37ab6f9d5881a74a4af79a4d90da6637a2b8f027629cd35e |
C:\Users\Admin\AppData\Local\Temp\AoMC.exe
| MD5 | 86abab8d2a0c6fca7520d9092714e5c1 |
| SHA1 | 2b98384acb5b4dcbe6174b148747dd40d7502ce2 |
| SHA256 | adbe923792619b4e8a48fd1692c25ad193c4d4f2c64ee3a7a7b54d9c21828a11 |
| SHA512 | 0c5668a8796dc8d6f54538e17fa64d650799bbdf34d3dc824888f17e7a8152c4d11c25c166584b6813dca7f5a0b93410ad46a7ae639b29bbacf0cb91be7f78eb |
C:\Users\Admin\AppData\Local\Temp\QsYI.exe
| MD5 | 69b845472c751aefd43c613ab3c196a7 |
| SHA1 | 5bf3cf8d01006bb1cb3c869f61a7698629616472 |
| SHA256 | 88d8ed6338a227f1e32001e933784eb9148ff075a28c74fde8c773a32aaed313 |
| SHA512 | 9daff4f1f9f7759d7fce66e73e0e37d66c28f2abca2eea5dec790875dbe7890811e24195608780a7353340ea19836e8fec63bf714d1dafcfec3262d3971cd400 |
C:\Users\Admin\AppData\Local\Temp\AMoC.exe
| MD5 | 07dd67d9668d90db516fac6d5df83798 |
| SHA1 | b4bfdc0a020eeafe584764f0936b72942a4090c4 |
| SHA256 | 11a3059c3bbcb2e3908dbe7e467c5b118420423c6b811b7c351ac44f5ac421aa |
| SHA512 | 9d19f063035e1101429407cf3bf1be3936a8c64135e60272df0f38333740ee86d2f278e0d2d2db15d46c65bd312e11d7172a32c6617ac1ec3b053cde6bb2dd7e |
C:\Users\Admin\AppData\Local\Temp\uYYQ.ico
| MD5 | f31b7f660ecbc5e170657187cedd7942 |
| SHA1 | 42f5efe966968c2b1f92fadd7c85863956014fb4 |
| SHA256 | 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6 |
| SHA512 | 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462 |
C:\Users\Admin\AppData\Local\Temp\SMoY.exe
| MD5 | b04dc062bb872abec6e1aca8a0e2860c |
| SHA1 | cfacfa3be959c0fb5f9b220a6d8a0c18871799a7 |
| SHA256 | f38261a8b90d261fb9ab010da7af55bb274bc740a6eae3fa2afde00e581bbc28 |
| SHA512 | 2cecded18b6f0292502f1d3e2bf3a1df14edfdafe8421fe65f3b12c0c9d1e1c2e2e0a62db316ba8091b8663b4f0eff3bcd7d3bf6d385572eb33abfffbc8d8aed |
C:\Users\Admin\AppData\Local\Temp\MMoC.exe
| MD5 | 3de218d53b1cede741871510928cba33 |
| SHA1 | 07db132c3a90f3414f5afc17863619890142cae8 |
| SHA256 | d0da5579eaf99b26b96c1f5478cc5557fc01fce5536a725cf3de59ac1dad6b87 |
| SHA512 | a8842be3453e8364e013f708e3c28ab496ec4185c976c05e1083bab24073d2f88ac28b422a40af3f12794a88a0e628cd0bf854f9daa73bd7cea56903dbc10ec4 |
C:\Users\Admin\AppData\Local\Temp\oEUy.exe
| MD5 | 07fcc586f4db3c70cd2b6c1ef4751541 |
| SHA1 | f2836e4b8cd69cd1bfd3ac9be0b0aa62082ade55 |
| SHA256 | 7ea57d7b3ad1efce8a7b454775453ec94d7bde55cb7a266c0eb6413fd64d554a |
| SHA512 | 668998089fe57b379a11e1c0120cc25233c0fb824026516dd7bddbe43f0977153d2220090d7a88cc4da1f20c92164f79e19f599d039c4c9f53ac30995f2f2fe0 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-400.png.exe
| MD5 | d6a9d34ac5926992d0835828d0c9552f |
| SHA1 | 3538e09f7d5102bed9b0138a003fdd257e115e89 |
| SHA256 | 9ebce4c774302b7467d42bd3f43b3c766b796474fa6e176b631457604120fe44 |
| SHA512 | 577851cedee9564b22ea23b15be053eb27abacaa84fbe5479064c0a206a2f7de12432ba4ae0cf778f8e2167c7889ccee2f9669895024e106104a99f86d9e24b6 |
C:\Users\Admin\AppData\Local\Temp\KkMs.exe
| MD5 | c24f1512b09783c8347fc06c3cda78d4 |
| SHA1 | 3ea8823248a8d2a43af9acc3ecea6c5357af93f1 |
| SHA256 | f58de92816b5fee954355d23b6ec471f1ed6a6eaa79eb7c7fee9d72a6197f821 |
| SHA512 | d685220c034edb9f440105bb2feba9696fdd65100859db482e2ef5794f48f557b71266626bb9db85735f751e65a9597ac5c6fca16ec98d13471308ac5b9cd414 |
C:\Users\Admin\AppData\Local\Temp\ScUs.exe
| MD5 | 57253f52c258148fdb8e6e878f91f53d |
| SHA1 | 30fde2e46dfc8b4536d37ba6a8230a9d2177bd3b |
| SHA256 | 3673eb51d881138ab37a8bee85ee2d3cfe1caa9cfff97832d842fda558a2f4c3 |
| SHA512 | 1ec7ac37f12d8655204005d224d4a90b0fedf684886ec67608c730275f60a2646b043a42f86412e949613ed9de5fa9df54f49397bd90b95920ef4823e124ebc2 |
C:\Users\Admin\AppData\Local\Temp\egsM.exe
| MD5 | 2f2eee8fa1efbc6518d18470927cba25 |
| SHA1 | 674294c9fd09f880fdcddab3df78e1d73b021c4e |
| SHA256 | 756be0cd30d1055e84a5fc2c5cf63098ed4a11b9622f26f0c91c891abf8751d3 |
| SHA512 | 6850d753639bd21421baea58efb1dee4da55ca88adb50f7e224b77a0dce004727616c0df70a4241294564587366a389c3bd8e51630ed3b1e3512fd5eaf70b8f2 |
C:\Users\Admin\AppData\Local\Temp\IgAQ.exe
| MD5 | 8a6f48dd973cad8a9c6874e94b071cc2 |
| SHA1 | 9c62888c03fc083905d3b4438bb49fe3d4c62bf8 |
| SHA256 | fb189bece1d7badfce49f71e7fbeebae5da7fe1fbb463d33a5d804a77c23fa9a |
| SHA512 | f5cc1bfeb631ff9b8edd841aeedeaedc69e8482fa6d47ce5b5fa82cfd5b315816804454f86ab5889ecb9b38c3c5a65732e8267bf422fc1d99b60637ecc37dab3 |
C:\Users\Admin\AppData\Local\Temp\wwgU.exe
| MD5 | 7a6edef5b451f4f6a81a01565dc73c9e |
| SHA1 | 15da73dc6e0b7cda7fe8d9efc7be22d5f0af7f96 |
| SHA256 | e9735ace5b542b0aacbb9b781fb76204f45ce6e4309a7f65c0e6be856507f41c |
| SHA512 | 53c967c93d59642bb5d72f7f3563d0726e8a3c477e8a006cd221a7ec8b01c3277d8c495a0eda9250249a0e0f87b8d585115b4cfdc394bc0b36401c3036b21e6a |
C:\Users\Admin\AppData\Local\Temp\QQcM.exe
| MD5 | 9e08a0d9531c5e056228b7128d8eb5ce |
| SHA1 | 8d35de0893a9dccb3b0e574b25539496445dc7c5 |
| SHA256 | ec06f8a2104c652ff4a6422ec48f60151c5f6a858bc94bd06f4ebd72740f3866 |
| SHA512 | bb74b12959fa0ce4a162d077e51f28c3a8eda8ebf9092852b485ea1272f77ded865cfb50b82398f6aed29e41b94e7bba7b8ce549d69fc1029aa42b5faa6963e3 |
C:\Users\Admin\AppData\Local\Temp\Ygkk.exe
| MD5 | a90584179dd1bce0139253d8a0ae93a4 |
| SHA1 | b899ac14b562a0263eea0ebcff82d4df2b5f4838 |
| SHA256 | 524fad70dfa154baa493f4e1345edaeb15d4971ac4dbcfe33027a2290159a5b5 |
| SHA512 | 950174df4dde5833644c3876172d16d4cc089847def6ec65342f0cc0c8a85f218f31bd4985e46cd50aa8181608c494a49de04431043c6b81be392167554d9c39 |
C:\Users\Admin\AppData\Local\Temp\UEYU.exe
| MD5 | 66a54cfeab28115c1fd349ebfa7980e4 |
| SHA1 | df53c10a0e863f8eeac64be60f1ac560f537a8d9 |
| SHA256 | 205a6a2414307e7c356beb797828d7c0f913a23291ac9e06e8473b1bacf58ec4 |
| SHA512 | 2747ce9eec39ab9cb9aa14464111f32b0d881741d33ee4a57e6d1ec6ba235dac5c792ba86f515826d6a1bfd3fbd6c32184b50fd39872cda535e9ac265d86afea |
C:\Users\Admin\AppData\Local\Temp\kUQs.exe
| MD5 | 9221981ed4a67ec38d004a21c97a6cfa |
| SHA1 | 64274f7bc3f6108f973e48d5e6e4f9123697b626 |
| SHA256 | 2a4501d39dd3c80ab94e0e9dd7d262388da0998197633b03ceb5409491079f09 |
| SHA512 | 68129483f7aba7fb9cdf72663ea258a3fdcc3e1650f9a1f9f7db84fac25970a2111b1ac1d62376734cd6fb8f10da0d41159f1412c04b8a6e1f747c75e5b01a2e |
C:\Users\Admin\AppData\Local\Temp\Iksq.exe
| MD5 | 337d823d70d59c57ca37233e621e4dbd |
| SHA1 | 6c8849d95535dd935c434fe28d7d7380402ef850 |
| SHA256 | 222055a0a48a1bc98f5fb4452b97a9af64cab26a297b5948a656736b0f1cdfe9 |
| SHA512 | a57e798b92bb3f7f9a418d86f2e0450ab49ea3a49c4e84dae47b4cacd1b8fe704045e954f706602d8c3ed576243e7ebe58f2f3ef07dea705b5fa904bad974744 |
C:\Users\Admin\AppData\Local\Temp\mEkm.exe
| MD5 | ca017fb2bf144d1ce4ee4d0c5634d062 |
| SHA1 | 35578aeb54e700fba822822e22b291a41ceff03a |
| SHA256 | 0f4c1fddfcb512ca5217e100a56e1278173b2d20ce00ea7d7ae589ffad741746 |
| SHA512 | 20c895b6c39e52e395f21b450e7bf36e679c22b9a7f7c480c6eddb6030e84f5f35f6f0c705c7f802b01c317bf7d0783a204c48d56275ecd99361ee566a3b6fae |
C:\Users\Admin\AppData\Local\Temp\kooA.exe
| MD5 | a9afaeeba47a964662127549c9f5caa5 |
| SHA1 | 1d18446ce4ad2d33727e487f7ee9d5bc1888f019 |
| SHA256 | 233a98ce278f947f5a058052a32d8e579d84073d91671296eb3d5d6887aecbca |
| SHA512 | 9f21dd0a41b9e5e117ee1dcee7efcc6d753a4733d0ce6d4dce5f86fe4835343b4a43c1e4ec657ba7b82de59d4cd9e7c5ad82be991dfb387f6782e680fda751eb |
C:\Users\Admin\AppData\Local\Temp\iAkq.exe
| MD5 | 809d6811f94e3414511c2f61deb729db |
| SHA1 | 83171dcb6051befea73df6e08e199e7b5798db0e |
| SHA256 | 514b2f791922d15c56cd7b1de806204dd0856081bffe776b1a1a778e4122c6f2 |
| SHA512 | f4e849ee4665ce747c8f7d457a5a7fe765c5b6e26ca9844dd82daecc543cc707a227e6b6581c0660a16f5cf5bc4ea2ac1361cb2eb0738ab0a4d07b482ae4ca04 |
C:\Users\Admin\AppData\Local\Temp\UssM.exe
| MD5 | fd4cafc49539e4f77f930d53ab61b40e |
| SHA1 | 7d096a09afc77ea227df8f99d62bfbdbdf814ac6 |
| SHA256 | 96ba3f3b5404f7540048c77ed68e4e81abcb719f149443f7e93944f75eb589f8 |
| SHA512 | f91118294ac9118a29370ecbc7945984e5b1bfe86f87e8ed141135d5328ccac8443286d1a35fb161296062bef6f4861a4818c1959bb795a7bbcca37859139e15 |
C:\Users\Admin\AppData\Local\Temp\yocG.exe
| MD5 | 332e93088f8f1c885ba94815ac7bab6e |
| SHA1 | e4ac393b3f0e2c74980f2747bbe85430bdd9c9c6 |
| SHA256 | f893cdb81560e0f4d740f172d6ed4c24aca2d13aa7d9e11ac7ce59f39bb98452 |
| SHA512 | b054c48cd66576798826624b3dccbe5d9b3debc2413e6288de93bcd85e326622068aee1ed8f56bfd78fa93fc0abfb77e70c49c723fdf0e21da60abb0d98e3e9d |
C:\Users\Admin\AppData\Local\Temp\wcgI.exe
| MD5 | 817ce4741ef1eb7ab02ea64546fa36a3 |
| SHA1 | 1f2c84d3e039f5d5d1984bd54e28ca25498d655d |
| SHA256 | 505d5ee993628b18dfb33423d86f0791781ee507f67cd919e44f00e7c4ba873a |
| SHA512 | d42cdc2aec76825bed32f31bdd51d310e8e992892b5262458e23ff14f01f3c35841fa483ad54770d3c589e4d6745738279059d6d8d07e10f6a5b197b7439e1f6 |
C:\Users\Admin\AppData\Local\Temp\IQMk.ico
| MD5 | c7fffc3e71c7197b5f9daaea510aac10 |
| SHA1 | 23262fb8038c093ac32d6a34effbede5de5e880d |
| SHA256 | 71254090503179540435a1283d04301f3d5ba48855ae8c361d4ac86e3abd2865 |
| SHA512 | c3cefdb76a9fc74299a7042096a549e019db3f2cf79e81deeabab2f3ebf2bbc9f2924a84cbbbc4848a4bf84cc3a0886c6c738c6bb37c9140dfc57f1f797e9c1c |
C:\Users\Admin\AppData\Local\Temp\qIIA.exe
| MD5 | 5e201bcce7112afd4154f5ac6ba6ef7e |
| SHA1 | d11a481bb52f42c00067c224f62228c7b5bf41b9 |
| SHA256 | eab12050371e9526cfa0ffb965a4118a76926c442899eca1320c6fc07bc032c5 |
| SHA512 | 780b678fe4808a2503ce387f342ba19543d905c4ac274d83d7810990cfd6d52616d2d1badfe7791314e717bb3b070b3e530c83bbb16b335cec80488c8abddb0d |
C:\Users\Admin\AppData\Local\Temp\mMEg.exe
| MD5 | 08a40691683b4075bc532de0591cf3fc |
| SHA1 | 82340ded8d7f7ca1aac763201812c4352043d52c |
| SHA256 | 7e126c493efc1ddd702087169d654403ac3a072e73c89acf26b2c62db6f1c5c5 |
| SHA512 | cd9a0c0fd26001e63be618b6d04163b5012bf74490572a5741b05e07745d8812ee3b0707f71443fdacf620cf858584d187975c1eae8edd5e41f366fcb0d2f3f2 |
C:\Users\Admin\AppData\Local\Temp\kQcI.exe
| MD5 | 0cfa5cfee5c5a3ef3022d7b26fba3642 |
| SHA1 | a8c841ed3c27aff81f1bf43e7c6dd1a9bc9c57f2 |
| SHA256 | 1f9918b5008102e75bf1662536436c10b8804803183660b0c3889a12cdc69892 |
| SHA512 | 0fc6b9691941874e6b50f797906fe34cfc9abc75d32c25a41d4e672e0589cfb1f8af768e66422705cdf21023a26b25685bf801582c6db754bc518d3288a8db90 |
C:\Users\Admin\AppData\Local\Temp\yUwi.exe
| MD5 | 431c73b3167fa5f68113c7d493417f3e |
| SHA1 | ffe194cb4e44b119f75fa36329ec916785925947 |
| SHA256 | 576880ef458b72ead9d4cd9bd95c04afed12e748656b25d9f34f4a722085e577 |
| SHA512 | e19ea0aa388d87cf6cba482ccba2ca787089febee3ecc16e14103265004bb3f04d9aac9cc35b56fe4be0094b11014d27b0eb43d70c7cb853dcc384ba9adb4e86 |
C:\Users\Admin\AppData\Local\Temp\eUgO.exe
| MD5 | 03ecde6687470b9332a33fc7a2f27c21 |
| SHA1 | 7b8b4427337260741188cbc920ab0c61db15d441 |
| SHA256 | 7ff1003c581ef6b0315664a7944a774b602d7f99a91f512da185bad9ad289259 |
| SHA512 | 627c74dfd6daefdf8db23af4e926ec374e1c760cba56f71e09e8d3a7fc4df31b665195e8c7ab70f70aa18a91b8824cddd80c9055f78294159194f12ab622de97 |
C:\Users\Admin\AppData\Local\Temp\YcYs.ico
| MD5 | ace522945d3d0ff3b6d96abef56e1427 |
| SHA1 | d71140c9657fd1b0d6e4ab8484b6cfe544616201 |
| SHA256 | daa05353be57bb7c4de23a63af8aac3f0c45fba8c1b40acac53e33240fbc25cd |
| SHA512 | 8e9c55fa909ff0222024218ff334fd6f3115eccc05c7224f8c63aa9e6f765ff4e90c43f26a7d8855a8a3c9b4183bd9919cb854b448c4055e9b98acef1186d83e |
C:\Users\Admin\AppData\Local\Temp\aQMa.exe
| MD5 | 65037b26239b394648fe8c219e037066 |
| SHA1 | 30cf8cb7075f0e6fc8bee053760978c87f3fc1ab |
| SHA256 | 662ed067b8d9c1a3395ff6eb7e4dab1d55dba4c49190d3145b5bb8798728de3c |
| SHA512 | 1a39ea05aac510c8343693c7640dd3d3a597721bbdae2c6f2678a2ba3b6375d575aeff68bde1cbfcd9a6475147b848091e0d1906230f025e84a0f8b5fa3e364e |
C:\Users\Admin\AppData\Local\Temp\yIwu.exe
| MD5 | e1b2cb10c3c8b1fd34dbd79eca71cb74 |
| SHA1 | c86b43128b436b30e19c0842c89b2ceec46adc5a |
| SHA256 | f04c6c653b3ad278cd2e93e52774121df6a1a8ceb1f973d16e1d75695fb40960 |
| SHA512 | 64109d51542cfe6c6c71b67acf85aad0324f4dbed15b942fee1863f515bc615f5913816401796a505c406d6837009237b64f97572dc792d83993d78ad225be32 |
C:\Users\Admin\AppData\Local\Temp\iAcY.exe
| MD5 | bdac4cf7ed5a6fe183bec5d36f86305a |
| SHA1 | 12fd24ea7fcb1bb25690132ddebbad945e4fd180 |
| SHA256 | f891c15ba3f2faeca50023269204c00c91ac12f96dd446c1c91ab3215cad80ae |
| SHA512 | 569e1fe170b4431dcffba9da770870f445ba2aee8d18c0eae7a235a6028174a61103a515afabc4aacb34ff63730b62ba992aa09bf579993abf46310d513711a1 |
C:\Users\Admin\AppData\Local\Temp\sAMq.exe
| MD5 | ca7bcfb4dd619e4aee3a4262f4b0c121 |
| SHA1 | 25e616c9a3c065bf96131c9c2cd4ce67065a0c0e |
| SHA256 | 6ae3ce31542e555d097a81569ebc1f9cb3c5f1317ef211ae41ff13cb51dcee1e |
| SHA512 | c426e757e8ed5711296b0d1e55ee53536131387dfa37853c6e26df0deb93e7783ca07990df6af7d3f3ee423089d8634ca6509ba3a8ba820fd523245d6b3f3278 |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.exe
| MD5 | 2eedd865a1fcc05d749a3c54964c409e |
| SHA1 | acb8019af96885c202c5e0b4d8de531d0b68109a |
| SHA256 | 28f8fc08941c4ebb7286175c02929d9347baac884e3d91a312f49d228ea49536 |
| SHA512 | c7ba318fa279cf8b5cbb33af4a6c0f7ed8ec736f23cc791b2c092c9802204852d5f136c872de0d2e6baa0460db2f316673a012d16074c9489d58995d06f0c832 |
C:\Users\Admin\AppData\Local\Temp\mYUA.exe
| MD5 | 74e730e100cc7cf2ba72a93af7332d70 |
| SHA1 | 32b48cc13cc9ccf8dc78bab3f9b898500cc10aa7 |
| SHA256 | 1e402c52db699fae47c7cbe472b5d02a6eb23ecc27d0c0091a65ebcbb5e44b05 |
| SHA512 | 39728c8c4e4c3ac445d0968edae7f843f9d262f0033b7b5fea5c4fc243c9be32b0e284b977eb666d6aeb5f5d902abdac24708f4a49abd6e0fd73366081c9181b |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.exe
| MD5 | ab7d6111b5e0f10fa9cefcd47d6b429d |
| SHA1 | 1c3c9e8d814c5df96ebe960e6c7b8e36b6da9e80 |
| SHA256 | 914a4925f3b792c7f6147bdefa87175b4fa6f782431a5f4fdc061af935ff1863 |
| SHA512 | a1b62a9542762c37e89b0aaf6f9642dd1050c171188e5f02467e116b10cde1aba2dcc7901cfecb7d2265442165150a1aa64784b69e7a701a6ebbe64e153c1d99 |
C:\Users\Admin\AppData\Local\Temp\Mcku.exe
| MD5 | 41586d12b5def4c74bb318cabc5bbafa |
| SHA1 | 8233ad39100e40f5d3f63c1e168d68a7047ac6ac |
| SHA256 | 78530cf26234be3b66d9eec39e9941d11fb78a0c1365edf7979934b82aed5eec |
| SHA512 | 3ac1fe15f80b7e0d3f2a2bfd54963e20c502a7ea5463b70ffc53a1fded43b9ab3bc8f153cdcbfdfa7051f9a677b8d067f104b99b1dc036b8c90851d8a1773cdc |
C:\Users\Admin\Pictures\OpenWatch.jpg.exe
| MD5 | 9e79ed1b76eb2fb6e80d6f9269c5a65c |
| SHA1 | 66d141d88ffcd6af822d17613a09829d3daa7c2f |
| SHA256 | 19c5d47a63e8f405aee86e640aa118a51b15c0523b0e0420c950976cecdb1964 |
| SHA512 | 6898738ab32e3d33d74b2a1bd089a28a338c6870405a842adb2e4624fa3345043c43ea743a9521e025852c0417becc373f75cf7c4565b733f0c79d1b5e617bcb |
C:\Users\Admin\AppData\Local\Temp\KIQQ.exe
| MD5 | 752ed4204ca02158dda2751b87bfe451 |
| SHA1 | a250da1b120378abc4646547a0412dd37cff2333 |
| SHA256 | bd999ef0677bf4815fdc5b94e83fa848e1121b7029df3dc12502606acefa41d9 |
| SHA512 | 09f58bc88a808f7a56cc82644277aaebad80d56a3f3f581db21be21f8fcded1e34e29658cee3b7b1ec44149123876d4b0625c45d48b677c954e40c4e9139c55b |
C:\Users\Admin\AppData\Local\Temp\KQEe.exe
| MD5 | 12a0c33bf96506852067dab9074cdcd2 |
| SHA1 | 5f6d62d1309134f9834fc9769ba5754d408579a8 |
| SHA256 | 2a3ec0595605eb7307ec9feb0d34e9e80139920be334cdda7e16b00ece04cc45 |
| SHA512 | 14db864058d8ebecf98d4769ab2032f7b6d95cd7b1eec58d04cad7f565addd7d3a4e30659007bc6335b386a94ac03a93149bef3c425b01a605c79dd8958dd7c2 |
C:\Users\Admin\AppData\Local\Temp\gUQg.exe
| MD5 | 8cf28023b7c4f2e0298dcd5bceb6c3f3 |
| SHA1 | c8e06cff4b7f00e54ba004518bbdbb06807a8efb |
| SHA256 | 49dbfd75b07d057800b5085445a6ac4be4c436a88a46eec58b421b7ca4814139 |
| SHA512 | 9451c7b533fa05eb58873ec9306623c74ff19ca99f099cbc9f70aaa3e77715c4ad248888fbe43dd9dc37c9ce4de338b4e1968288929b99d59c194df012423c02 |
C:\Users\Admin\AppData\Local\Temp\MwAm.exe
| MD5 | f4b7e2b046da0b45b19ab5994c0b25b2 |
| SHA1 | d568ceb007b30ceecb7faa4bf3aefaaee43c4334 |
| SHA256 | 1f540a873e91f6c166a5e00f4bd4c4fa7ea69df20d700c78e27358aaa01ef582 |
| SHA512 | 35d943b14c5088f0e38e7943f5361410ea2e075f3248b1ba43988e593469c7e6a031b8b38f872b372d8cb2a202cce1a174f8316a26df32c5ce033e51f1959629 |