Analysis Overview
SHA256
91c0b5030b319793a7ec551dcdd9859ddb32e399b042db90ff11fc71d108a48e
Threat Level: Known bad
The file 2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock was found to be: Known bad.
Malicious Activity Summary
Kinsing
UAC bypass
Modifies visibility of file extensions in Explorer
Renames multiple (80) files with added filename extension
Reads user/profile data of web browsers
Executes dropped EXE
Loads dropped DLL
Checks computer location settings
Deletes itself
Adds Run key to start application
Checks whether UAC is enabled
Drops file in System32 directory
Enumerates physical storage devices
Unsigned PE
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Modifies registry key
Suspicious behavior: GetForegroundWindowSpam
System policy modification
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-01-25 17:37
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-25 17:37
Reported
2024-01-25 17:40
Platform
win7-20231215-en
Max time kernel
150s
Max time network
124s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\system32\conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Control Panel\International\Geo\Nation | C:\ProgramData\GUcYAwQs\DKoIAYIw.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\bYEYkAUA\NgMccEAo.exe | N/A |
| N/A | N/A | C:\ProgramData\GUcYAwQs\DKoIAYIw.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Run\NgMccEAo.exe = "C:\\Users\\Admin\\bYEYkAUA\\NgMccEAo.exe" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\DKoIAYIw.exe = "C:\\ProgramData\\GUcYAwQs\\DKoIAYIw.exe" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Run\NgMccEAo.exe = "C:\\Users\\Admin\\bYEYkAUA\\NgMccEAo.exe" | C:\Users\Admin\bYEYkAUA\NgMccEAo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\DKoIAYIw.exe = "C:\\ProgramData\\GUcYAwQs\\DKoIAYIw.exe" | C:\ProgramData\GUcYAwQs\DKoIAYIw.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cscript.exe | N/A |
Enumerates physical storage devices
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\GUcYAwQs\DKoIAYIw.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe"
C:\Users\Admin\bYEYkAUA\NgMccEAo.exe
"C:\Users\Admin\bYEYkAUA\NgMccEAo.exe"
C:\ProgramData\GUcYAwQs\DKoIAYIw.exe
"C:\ProgramData\GUcYAwQs\DKoIAYIw.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zAoQUQEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cCUUkEEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CKswMMIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\deksYcgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CuYgAQww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\noMIYAIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JOwIEckM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\haEAkYQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1952500770-1321879593-461084620-725921287-13888639214089867371818726384-1960750020"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FIMwgcQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-64220645021214872271347414253725423500-559227278320523117-8030999621040184860"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pCoUMIkU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1479271381586108198-62671666520480109021012858620-415145732-7766866171153408726"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EMcEAQkw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-47871712-778632472169035436282585269418878024002105967983-1762236526640350754"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fIIgQQkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1902896264396233328463291321-1962459218935255241561853396-157524142842245812"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "6448299931463210161-1009692710-1689260393-1417520638-17659667401584996645-1293108188"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "387275362618583152-8481661861418199474-266150737-1392033915993106759333838642"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\REwEYEEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "908828006-708037052-1249240235824136110-1325707984-2137745751-23152455366260545"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1456728357169056691595276407-1988474086-559263290-4928500141416249552-344251247"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eOYgMkUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sKsAwEco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oMkEAkQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "716726011-27433214619236715921224428411437977141735441228-18411253451306078974"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fKkAsIgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OkUgAkQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iqwkUkMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-950228755-13592073011490241697-28730201417767491808394112071986457918-801148760"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "162605204-984277181-12162675711788754954400414382-686282397-19915751721335727294"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JuUgEIMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oiEgcoYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tCMgcEEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "19318172002986086531616716312561182451775210077-5748815952143094453957766659"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1375139616271837417109684120911411562741396406148-477325923794869406-1388872648"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PSkowUQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LkAIsAcU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1269192041-943291399872256849638108230-2019626051-1169839896-13386282311289214218"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BcooEIsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1590199076-11184235462079356286-31677373-21174682451748183287655974825-359047587"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AuIAMgkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "11595258858127812326132355-2034403451-7455428792033014385744282480-31684475"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zoEAkEMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1108523960798033734-661446110147745870-1861991096-17454343021501766283-311309957"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CWUwMEUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1463619514-108341206-698705710-1487855861170554287542553435-301322308-1440686090"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OkIIocAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1365962795-395710330594526829-1281681042721207809-78048728-845893132-2009712911"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1162459095-1995005628278130969-1883771196-590676543186620237-1960660725-993890229"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kqQkUQgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1572854793-6975011755275308091281586340-866907987-1168502454-8587537491493041487"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1139199376-751480312194825673311363083011614779863-1235038737-1984672206-1425488451"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VYgIkgwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-997878498718384191644750398-1643704584-779129417-13019819041581131675-1860263257"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DIkQEsAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-28855755688673714512243387061350832845368072093-17414367651307351197-1727656562"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dgAkwIkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UoMcckIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-7093429422059572032-9978026881707808336111616068-2088983204-679749944-1440462700"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "14431276501751026225-1968041801-119859298-235477718984852456-82261329679099527"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-601149151-20587151161568116918635386931377782534-1973429058-1769834496-587692273"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CGEwEsUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2029590555-14580498721931643965-220543125-1889984442-525887593-1187264823998851826"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-164983365418951161291710074906801927794379188425-1291220133-1791046858-1670414375"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\REIgocgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jcAgcwsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-14975094409616844020938070551168725606-524258174335898151435506061695570048"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kQUcQAQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "353885522445345741-13185772672130629539102889232210834834317442641572110151771"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KyAEcowY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dKskgcgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1174506080-136628287910087607763824677191327948047450651812-479086740790173796"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1805026214-172531079139414398-273006745-1202569236-759486783-115108016-105316746"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yWgsUUgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UigsMkUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fOUsEsow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1250050466871604773-1150427417-2116752472-687136724-186378482911198946501105473663"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UsokoQsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1799036456-165498226716382192171357565317-1999767982-17241072059218630-1292368343"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "432252302-915582659-2015716240-1326315275-726308364-382813603151966361180810590"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\igsMkIAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1400425082457588548-531617183479672780-17402153241812746103470088296-1010889583"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vEMsYkUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-21414527201909795752-116222784115586300561717181941836197257-1773831300-141165833"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GQswQYEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mOYQUAQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-10649618441863969573-591353327-3177758436658032-1157116302-14324269941428506784"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\duQEMwko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KcMAIIAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1920920847-12516130801877645091915023546254195289-106325760-525485450-1936911481"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1479890373-523349439-1694475777-1755109760-134836732506356659-2131494142-1058905089"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "50913372414003782477849769684801135361411269435-8430671877311679421014316822"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sMMEIMcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WewoEgoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qCsYIQQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "6351386411337741464-1666600566-2087492495-1550778906-199463618110470791401963366478"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "415374202393421819-511675763-14816345452013678952210302576553153802-1527986590"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZksMAQEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "965989040-530798791-807239022714256294-994343023-1026524562-18048289541629654064"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1294531100-16894162171521594858-844954743134091796311197860471133207352-2061767618"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-481989697-107376638610459302301490360222-523582951936114920-352126195-531032377"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lAoQQUoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xqQsIAsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZKccsUcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-88774345314039785321619038102-18286176221841918097-1939309303-1444128070653037006"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1784585411-145767415014186643051016711371611852004148149052-1953007552-1234991716"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PgkcUMog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "119696803-1584728467507982819599242181244912264-486836043-852760481-44047034"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BeMgUkUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JgQkEAgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CyEsUwYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LaIcccAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "226119869-328361567-1241988081-487660532-18252175951499379534-1643253163-126607927"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bqAgQUAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kawosoUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XQgUwskg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EsEwswww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1036471153696991314-12807260711050622783850424939-9746464081780317865-1828011214"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oyAwMAAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "309995788-7254774232046923504-45668924521341170141400213946-291321417-1659906623"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\goUkcQUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uqAgIYMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1932376475440481077-1763973361979023965-774480942-620739019942201856125549780"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "13867327012144005421444665971-659782664-701819763237102129-162200344-286103028"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EWUUwIQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1253155719-888031582406564444-58538248-665076238941997864-83057692433842380"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1956159302-585540550-1846276771-979778995172123691-376189058-389312445-1066092705"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GYUkQsYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "12065473344791574331677003792438668284681177065-1067151684-1522202501-602810261"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-147762248249543047068595989014040271611609940343-2013900551-1294646801-3480688"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UqkYsoIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MgsoYQMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "332118164-4721966861283959442921577633-1372353726-1259248264-1806880214-1573810342"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "13592861152038675785380594049-1627103380-1552957208-1558415786-9392262071524987131"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ReoQsIIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1305125338-1185470076205999462413119141614717525911120838783-30961554-1289451134"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-686257963-1435287505-17218569582132440207-16340402431281011648-260716632-1837573541"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1510800534-12706308527510698915518332271660008583-1872880825-929986450-1226449986"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pEUgIcwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "79233235657652193418301679021273189251-2062944279455398655986897279486525801"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fegIwQMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1996815485-1735296888871295141-5635557931775692905-474871969-2001409511-1380266739"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-886785284-17627935042324729467355413642092455281518141055-376829506-110757239"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KYkgAIAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "546490661814631098-1825544982159468818461031856828687237-3055072531371902594"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LgwgMogc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1015993723548020822-159494603913836319176100303561466453435-589209857-2085097185"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RYUAAIII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "558700845-1023591604-1524444040-10728837112055362669-666618691-1265281362-1164558635"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "10044762912095805388-809737382-612778849-146050286218092712469080644681816670871"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-90579027-515689281-203320290362365319-792971771-43264133873398658604777521"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "963080724-157243441467503809-12624864347470792547962942-18675563631334926582"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NEQIIgYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-451984990306441783-1647111631-21197376-1730821323152178175215886719831679149578"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1866112725-15260492801226773674-6123626493598482384978951081614592954335621899"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "10960098961786493706-784807084-490336669210077337453169638108121905779716181"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gUEMwgog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "12783447131579683879-389894845-1878818635737384101599233802-999360765662346782"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-79314146-1412261301608101908-1433879319692670746-211904343917118031341128970400"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lGMgkYoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "5743492201444823946-115995898-1589612931-112622834418261694512146148885-599935284"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1614909881-506383830838716600-2041477529637122627-2551224491124271487-1901660270"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vswgUAkU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VCcQoksM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "877142120268156917-2445863002002493108-20179068537393879211160777673-1371223680"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1536874781-1230980082-237074292-1089125528105905234454144239113557146602017719845"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-849440601461846048316049792-475197658-4271284572129592693-1349687650-2097925052"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aGsAEcMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1529470145134476043-342795929-1291688758-775575477-1216389270-1764162130-194915833"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1395646630-1951787833-480806943321724536-1170516879-509950005-250739567-1201454777"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "219222438805216957414109488-1067154353-147079511-2061331486-16153297381979020159"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "3040628398829990874793482201793510489-211019793-26151566910949839481034035532"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "838697505134788252-18670790761090855226-323044828746745636-1729762241-2105433318"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mYcgggEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "19946764111256632926-16376378677640095761083502130563211741-1325993073-1158882908"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GcYMUUEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1252143903-1940258450-1253416390-4963174571237976011-1386956252-119844147-1509460942"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\loYkoEoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1695387779-18674514381492038998399064201-1327493130-1827145937121067593-1521771988"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-72116879015778763482127811743-1523617062-806183134-2039922519890190671446311045"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZgUwoAoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "713209546-5244462871261675141-786378482-9129322795499192411004158039-627544842"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "757248298-170807956816524800-1107647426502134166-141396023737859626126262456"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kCEMQoAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1084032731-1072684921689356299842900854-614935518-13270069101794150858-1981328306"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-900170893-17949946905422879884435771731748586274210503276782708718-1076073454"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "700944418-1763492773-299289469-1006948904006865228691466063543584191094942591"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "637645454-93533561956872985-1756189398770213851399077963-185607552809631782"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yaYEoAso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1028984357442664344556712614-503577548-903878734944250451611408844975594991"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "14297584424231358301574284868402921447589343581874486226-1541974347-866302608"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-10459179771090881441-1885396742-508557286211465504912902285973525660841792547873"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NoIcEccU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1015728975-13066777451343420339-20133014683120519021948904338-1379779705562721736"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "394761393142228183579373326-1712763363-1149513071671411793-966498431906236306"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-17980339749521157274480315781570402967-6759383301502592355-1403663896-1015474118"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cOYcUEQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-6020243311531288420-19102278601251229085759817152-80876948112186822332061025615"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1794053187810781623-263051849-187350476822751951072980702-1684001483-1380784749"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2050540155-98299963512940735141805916361-1490084733285260912-1942619091-33971022"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "535820771860480578-691409413773270-134156958-1765560947-1203495101-57995431"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "6980723901849891601794404291-14757845341344121470-20954221501898246537-1864504517"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RgEAkwsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "912905395-338818144-571233723-717156222-1273478531-502136620-663167714490341038"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-5264985206971431191263633249647889239-1497159530-1295719716199270693089136427"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "5274442541008989147-5427136351606433703-10981270381015167619790561258-1282673175"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-662491301537589520182460136620136631781106956463-8159227661036161572-1561008924"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BgUAgUso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-508612351434942817-1450502618-4009532021488023867-1015546536-169325267-1824824288"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HMAgsoAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1682859139-289371168-2031444241-1540533344-355263792-1394288603-2044600895-328799256"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-20287202305009604221914594462-1645831523112764910613206684422513396-1411243528"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lUAgoEEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "127124797320875011871638461535-17165997292076891021-108920840-417815498-590073700"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1472032837-22023869214503801691838514764-1899509432989602937-722941163692773941"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rEIEMUIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.180.14:80 | google.com | tcp |
| GB | 142.250.180.14:80 | google.com | tcp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
memory/2436-0-0x0000000000400000-0x0000000000438000-memory.dmp
\Users\Admin\bYEYkAUA\NgMccEAo.exe
| MD5 | c14aedeaf9b51e5e22e08447a5d7a7a6 |
| SHA1 | 022cc5a431901257492926a53e8ef8685a60f739 |
| SHA256 | 7a577124cc231a5a78ffd93a8215239d801e172a15db32373d1cd6a1335bd05e |
| SHA512 | ca9f72f865f9f68035edced8b6b23a0e4ee39e4102c7f89169220e92e315437b7d6f1fb8a9527ef2d2e441a3dad8fe942689904670a970f6a05365f0bef7ca03 |
memory/2436-12-0x00000000004A0000-0x00000000004D0000-memory.dmp
memory/2436-13-0x00000000004A0000-0x00000000004D0000-memory.dmp
\ProgramData\GUcYAwQs\DKoIAYIw.exe
| MD5 | 7fe4e3e87770078fd092160b8e92e836 |
| SHA1 | 18437742994392f946144ad98b947b6f01fb1251 |
| SHA256 | bfd33dcaffd8d75a8937039542175437531aa493c50a3f3db3db50f94877c10c |
| SHA512 | 1e066c4cb9e7997a0c477e75e62466c0c891267f3e404b24acfb9ac7a3f41efce6947b24b2d2490fa21fc3ef50206e30233e33b8901e692f347498a3c162bc41 |
memory/3036-14-0x0000000000400000-0x0000000000430000-memory.dmp
memory/2436-29-0x00000000004A0000-0x00000000004D3000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\vOoogggo.bat
| MD5 | eec02e7bbe44e369ecf1818fd24268cf |
| SHA1 | 22422007d67f32264ce3050714d8d6a1b7f3340b |
| SHA256 | 345287c5a0bd86abf2a61dc7070da65f4d1f134da68b359de6d2cd1509e46743 |
| SHA512 | 1099d7c80c5c628241692a06386b70c5e71c817561eb06b2aafced4dd8cde524e8a8386de941fa31d9a681b5d143c0bd6e9061d6bd742781092f2e6c29b3c4df |
memory/2436-32-0x00000000004A0000-0x00000000004D3000-memory.dmp
memory/2724-33-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2684-36-0x0000000000400000-0x0000000000438000-memory.dmp
memory/2624-37-0x0000000000400000-0x0000000000438000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zAoQUQEQ.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
memory/2436-46-0x0000000000400000-0x0000000000438000-memory.dmp
memory/2684-45-0x0000000000400000-0x0000000000438000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\kssooIEY.bat
| MD5 | a89dccfce8f678e3f7c587aca9c0ec22 |
| SHA1 | cffd5ac7e54223cf1026ba3f6bcc89258f25d53b |
| SHA256 | 9bff5f3871e02c01553b18cb54c4b392d0b3a4a41d9180393ce32acfda013417 |
| SHA512 | 3b2f10f7e7a19a5034b3762d6ff89493c85dd06ff6f419487fd9378a414443f8620328ebeb7cd3d278f88d41f03598161fae12a2e9ae375743370c3e51bce698 |
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
| MD5 | e0a80154e2c7c04bdff156ce10733245 |
| SHA1 | 1c79f105e609481391cd58ee99339abd10dc8926 |
| SHA256 | 19a3fe8192c7b0b9062dbd36d0223aa2d4ed15e571e2a16ff5090297b268cc21 |
| SHA512 | 1fe4c9c18322fe7fa2bae34cee82dde8aa1d99bd798fca8486a2a5c857e6c93f645dc0780478a827574cd46492dc61a1b9044cbf8f101305552107f5f4c07e10 |
memory/2624-66-0x0000000000400000-0x0000000000438000-memory.dmp
memory/2908-67-0x0000000000160000-0x0000000000198000-memory.dmp
memory/2884-70-0x0000000000400000-0x0000000000438000-memory.dmp
memory/2908-69-0x0000000000160000-0x0000000000198000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\JeMcscMw.bat
| MD5 | bbdba7f344f723d22b5c90c500ca643f |
| SHA1 | 3fca97eecb1d6a2af66c882963c113543f85a71f |
| SHA256 | d3201ae7cb77459882a16290c9a43403bc4cbe2f1668c048db44709e5ceb3025 |
| SHA512 | 6df3ebf90e8bd0993962290c6a934fd9f9aac34bc342529b2fb32d067263936ff01670e7bfe74b2d635e095f129e1677987ea52d543c5916d311a6d9b54aed2c |
memory/2884-93-0x0000000000400000-0x0000000000438000-memory.dmp
memory/1484-85-0x0000000000400000-0x0000000000438000-memory.dmp
memory/2396-83-0x00000000000F0000-0x0000000000128000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\xawQooMA.bat
| MD5 | 2a9ad15d83a727a9e5516f493c5c8113 |
| SHA1 | 68b3a99ed2dfe5f3ca57daaa1b009c6dcb0cebd0 |
| SHA256 | 452ae5208c5ad76e1c6e41847b2816c1760502b63899a250bd81068af311c2aa |
| SHA512 | 27908d1caaaf7e816236dd18832a72b69319d573fc33550f14d745843baa1fa95ef1859b10205b2270cc7461f45f48a1297f7f2cd63b6b72155cb2029280c3f5 |
memory/2344-106-0x0000000000400000-0x0000000000438000-memory.dmp
memory/2244-118-0x0000000000400000-0x0000000000438000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\xwAMAYMQ.bat
| MD5 | d0380b8b83805b1b095b0334ab06707c |
| SHA1 | d099da21c32a885004e49c93e2c0bf12e0357194 |
| SHA256 | 18fce03440e3e4ca539a4c7f90fc06fff80b9e348fcbf9371800e8a871a6f1de |
| SHA512 | 5ac60737bb5518c2b47a6878b6ccd30440b0375050dc30f2c0ec192826b5e88b0baffbb9c30ae9dfddb9951ded751483bdd2b242a3c33a8f9efc8dcbfc799489 |
memory/1484-117-0x0000000000400000-0x0000000000438000-memory.dmp
memory/2344-108-0x0000000000400000-0x0000000000438000-memory.dmp
memory/1304-133-0x0000000000320000-0x0000000000358000-memory.dmp
memory/2244-141-0x0000000000400000-0x0000000000438000-memory.dmp
memory/1304-142-0x0000000000320000-0x0000000000358000-memory.dmp
memory/2764-143-0x0000000000400000-0x0000000000438000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\hacQwEAQ.bat
| MD5 | ddfb339ff0df0bd82117406a13b6b96f |
| SHA1 | df55ef3b618224bc02ee0caed36b336c3691b479 |
| SHA256 | 38a4819435e43b17e1ed6dd88c72776da34527a811e25384a0321e59cce0492e |
| SHA512 | c2cdcbd11618b1eae68b676c38e4afa77e9948033cae3d3eaa6846f617cbc8664c6a89957421a6373f9acfa0002d669941ade65ee3678a5252b9cdbefbf6cfed |
memory/2764-165-0x0000000000400000-0x0000000000438000-memory.dmp
memory/968-156-0x0000000000400000-0x0000000000438000-memory.dmp
memory/2024-155-0x0000000000400000-0x0000000000438000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\toIMEsEs.bat
| MD5 | c7dced58a67dfa94b3f6c52e9529e52d |
| SHA1 | ec07ee322ffdfdb9f0db200f9843266570f7bfa3 |
| SHA256 | f9c04dbb033ee60523f4e142f84f076869039b5cb2da96e0d044bd9e4fdd5a34 |
| SHA512 | b10e36c43b08c6b45489302dcc6456141c0dd63bd2f2e09eb7b1c1e9da5e63e3d5915f0e76aef54b8d0fe02c3e7df0ee5236cb71c2aa226f8eaa6fd7a63dacbf |
memory/2748-189-0x0000000000400000-0x0000000000438000-memory.dmp
memory/968-188-0x0000000000400000-0x0000000000438000-memory.dmp
memory/2320-179-0x00000000001F0000-0x0000000000228000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\kMMwMcsY.bat
| MD5 | e7c411c63bc77b25656331acdcf18f0a |
| SHA1 | fe534c363acc80bc0e5409588e9d69b55f479459 |
| SHA256 | f9cfd6326b489f6624e3f06296777cb96a97ddd18e6c72dfd0f3952877240afb |
| SHA512 | 641289165481c5c81f669cafc0118183eff51e113096de16547339a825312b76fc4f8e67c29ceaab1bceef5d9059db027cb39c8f5d75d2fec6bbdadd2dddd17a |
memory/2304-212-0x0000000000160000-0x0000000000198000-memory.dmp
memory/2748-211-0x0000000000400000-0x0000000000438000-memory.dmp
memory/2304-213-0x0000000000160000-0x0000000000198000-memory.dmp
memory/1684-215-0x0000000000400000-0x0000000000438000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\PyEEgwok.bat
| MD5 | 0052cdbb22a1766090d39570cda69dc7 |
| SHA1 | 963b03fa31771625311372189896e6353d9378f1 |
| SHA256 | e5cdb9756a6cc25fa46203b3217f4f3ac36b0b56a5427fbee024c3457d2175d1 |
| SHA512 | 62cff580aba29745d214e7f7238e6c0bb4644600461edb5546a0b9f4f1f5251df4a0e98cc2684fca688180055880b9066c0baf57f1f1f0b68d4a21fede5c2d21 |
memory/1692-237-0x0000000000400000-0x0000000000438000-memory.dmp
memory/1684-236-0x0000000000400000-0x0000000000438000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\kaYQkIgs.bat
| MD5 | 58879f74b342aa6fe100d178bf68f86c |
| SHA1 | b9765c7ff85d98cfc8a53891041525cc9869e8fd |
| SHA256 | af6f2103b17a1148e6f8b45aac2a7b7aa70fb0fbfaca362217e7d412a721851a |
| SHA512 | 742acb5ccc91bb5da197653cf91a61bce101902cdb69a475552c831fe3ffbfc8a1aee4edd2f6d2fe7a1874916e5875abc45799d537381ff937ed86ff4a48f81d |
memory/2012-249-0x0000000000400000-0x0000000000438000-memory.dmp
memory/1464-250-0x0000000000400000-0x0000000000438000-memory.dmp
memory/1692-259-0x0000000000400000-0x0000000000438000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\HWccQcYs.bat
| MD5 | 855f4959f89a18a446950f3171ca820e |
| SHA1 | 13cdc7e7b59d1bab6ee28dfe98f66619713e63c7 |
| SHA256 | 76c9798e6bab133c10635690940ed57b3484a4072edd43e1b7844f4593a954cc |
| SHA512 | 7a954589b6814d3b6ebdbb531ea42c946334783373028089c68e90fbf7509eba15941bc3a0f259193b90bdd89f11239247b2eff1599069aa8e873bb37d5a3556 |
memory/1464-281-0x0000000000400000-0x0000000000438000-memory.dmp
memory/2348-284-0x0000000000400000-0x0000000000438000-memory.dmp
memory/2412-283-0x0000000000400000-0x0000000000438000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\KYIcssYg.bat
| MD5 | 9efb18e802a2ad0e2175840a7f8c0d43 |
| SHA1 | d7c1d1a5b98221d902dd0f2605043551533bd53f |
| SHA256 | 2d26c87d278906694b4387eb9d07bdae5112f5a2c665096ea9cf1808f3e0940e |
| SHA512 | dc76fc055b8bf0d1affd5d36887fd22ce00337cc25cb241dcda446e4912558ad1c6e1300f161b7e1d7efcd9e34c1a769cae3195135c5c7b6c25c2a15d1ffd910 |
memory/1600-307-0x0000000000400000-0x0000000000438000-memory.dmp
memory/2348-306-0x0000000000400000-0x0000000000438000-memory.dmp
memory/2180-308-0x0000000000160000-0x0000000000198000-memory.dmp
memory/2180-309-0x0000000000160000-0x0000000000198000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\pAYMkUoo.bat
| MD5 | 1fa06db72cc45813916f27d11a23e25e |
| SHA1 | 44a00cd5750e99f6ebaa035f2f53f3fdf4febfa0 |
| SHA256 | c63734f7cfeaecc728630ca7647d3fb923a6c48df2b74a438f5386c6dafa3a0f |
| SHA512 | 531e65cb3d3c4b6d87b7d78b9ced337d884703077bbedbd1cbe7bfb315fec5c0c9a28c8ca228d9c83d79996ac8c0609416c3de8792194441a311adcbc57e79bb |
memory/2880-331-0x0000000000180000-0x00000000001B8000-memory.dmp
memory/2828-332-0x0000000000400000-0x0000000000438000-memory.dmp
memory/1600-330-0x0000000000400000-0x0000000000438000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ZOEcQwQw.bat
| MD5 | 6e07a85562a7dd94447125049ed29f62 |
| SHA1 | 74195f105bc9d3fc173d294fca6f9827f7ec9b20 |
| SHA256 | 8779b2f9d686aa684787ddf7cf338216cc9c420ec01778992c803fce61e01890 |
| SHA512 | 4fe6fc5a0b02ca01902d5a8a209ae891f4fb123971dbc53f53eca99029c69adfd82f501adf8ea38c06b3749536ebe26bd1ea60f34f81b16c4cf79245c3302c22 |
memory/1912-355-0x0000000000400000-0x0000000000438000-memory.dmp
memory/2828-354-0x0000000000400000-0x0000000000438000-memory.dmp
memory/1912-346-0x0000000000400000-0x0000000000438000-memory.dmp
memory/2232-356-0x0000000000400000-0x0000000000438000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\KsMAYYMs.bat
| MD5 | 90b45782ce7a6e3823bab49b18228768 |
| SHA1 | 9bfeaa8f6dd8046b798434dbc75b2bf6373540ef |
| SHA256 | 35124d86b5bc3882787b79e57ba2712327440e3a7a1c91b994eb788fa5519e3b |
| SHA512 | cfd20397668b68fc3b6aaf96f0f3aa2967d2ad41e2b4d8ab22bb03c02d3df1a904798074eb7003566225f653f8fc7b328375cc9b437ea36054f875471405ed65 |
memory/2232-379-0x0000000000400000-0x0000000000438000-memory.dmp
memory/796-381-0x0000000000400000-0x0000000000438000-memory.dmp
memory/796-380-0x0000000000400000-0x0000000000438000-memory.dmp
memory/2328-382-0x0000000000400000-0x0000000000438000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\keggccYM.bat
| MD5 | a18bcf4e91375e291061e48c79cbbd75 |
| SHA1 | fbc54ec27382da216d9881819b7653f73e0c628b |
| SHA256 | 451412ada97b808b733edda0b2e08b6298a5639ba4bed6e29a4f146db95a2d47 |
| SHA512 | ec74f8e0a91cf68c906b751075a22c05aa971cc23efbf5a436f50105f548251707accd7ce9d515c160a2d956a5e53d44ce4890008a077c7a3a1cc1299dcb881a |
memory/2328-403-0x0000000000400000-0x0000000000438000-memory.dmp
memory/2472-405-0x0000000000400000-0x0000000000438000-memory.dmp
memory/300-404-0x0000000000400000-0x0000000000438000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GawcsIsg.bat
| MD5 | 2a17fed74e9f2b069399cc68414299e8 |
| SHA1 | 46bc8acbd26b5a5b2e01aa0af86e50fadff2c34a |
| SHA256 | ab83aa31c4c797eafed072f009678e9121cd229e9809f2c953f82d34e4534398 |
| SHA512 | db46ed3bd7a3ba775641fcd1957d68a681c8dd62f6099176930ed46a7606c2c597c56d5474af30472969097901b3c1f999a5ef2d935803bb5aab8d0272d71e11 |
C:\ProgramData\GUcYAwQs\DKoIAYIw.inf
| MD5 | f7177b96b8615aacb6fa83e66c692818 |
| SHA1 | a7a03efc4f48ab9d2f85d7bc32d24c5435004be9 |
| SHA256 | 4961f7d104a8851f6750ed1a2adfbd66d3a6dd18191bd4b0b54119217419aa72 |
| SHA512 | 2f42320c5b88fc07e2771d61a6f74710d71c21335fc5045951ab18cd631f7c886329daba68741a247ee71531de9ac0b9cfaec7ca2fba653cfe89c563cf8245aa |
memory/1036-427-0x00000000001A0000-0x00000000001D8000-memory.dmp
C:\Users\Admin\bYEYkAUA\NgMccEAo.inf
| MD5 | 4fecf058a94f1fd3adc93a4ac536da18 |
| SHA1 | bf1d4caa59980d37c46a7425147af2f0f6d8e686 |
| SHA256 | 2b7376905ae6f4dbbd850845635607becbd38b11d860c1e736a111f2abc18a8a |
| SHA512 | 1fb25fd09628cbc5aa106ba6993c825f2f3a6e1729ebb2c3ece475b8647e1d325e1e7f162b1021048464e269ce5e4a164e061fee77819cc553cad456c4e95e38 |
memory/1036-428-0x00000000001A0000-0x00000000001D8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\fWkgwoIE.bat
| MD5 | 63155c0cdcc65ed6af15dd2a8b48064b |
| SHA1 | cced75032a6d312049f9f092e9df6da440d383e4 |
| SHA256 | 750aa8f2650597a3364b3f2dc596d721ee41506cd3d90bc2dbf426e5c2ef5235 |
| SHA512 | 3079c451dff4057429bb155aef008f002adced1998f3c95929149b4238c6199eee513eeb1ebdee80aaccee6717064df48dc7a8213503fcb05c44c50a7ec2b195 |
C:\Users\Admin\AppData\Local\Temp\EoscwgYg.bat
| MD5 | 41073f56b77b883c17bd5d1f2465f59c |
| SHA1 | 923cf7e60345dba3ae0b9aed1b2df27c00b31d3b |
| SHA256 | 6a134489a099492c42b54cbdfa87ce2cb1ec46a777d67985a8fe06dd9dfa2ff3 |
| SHA512 | ff99d85e99afb79876425a27dca01fed20a5a2868f84aea49fc5e37ec27facb20dd31b4d0b1616d1a3d4d8c15b0d5be24a5e57cbdedac2da71a1ed15c1eb65ba |
C:\Users\Admin\AppData\Local\Temp\YUUEskYg.bat
| MD5 | 93c404820210b74fc141a219cac3347c |
| SHA1 | 8c555642185924469092f0aee4ea1ccaf543e9ac |
| SHA256 | a6072b80c68a339e42de08bd97aa25c56be8a7d47b36134a9330de7de4d2afd4 |
| SHA512 | 77814f1245c79ead58f75b02743408bbccefb7abd3bc57c9cde3a8a0f9fdccfa47bdc3723998e9fd720fba297945384f025768cc4dcb1439b407674ee6d78ddc |
C:\Users\Admin\AppData\Local\Temp\GyEgMscQ.bat
| MD5 | 6fc0461124161512888762c9259a4258 |
| SHA1 | 1105fbd8166818ea5cd430c16eea2ec19eebf518 |
| SHA256 | 3cced5d6161de367df3bb164b5f62ace3e60363d0abb3687635b547069130b2e |
| SHA512 | 32e65e3c9c51d3ffcf6601fc214bc25c0b3b298ca9a8f6995bf27240a0fc0d3f65a1b27a6634adb7801e55a93b4b9d0003ca98495f62c9e19e52e6be31dca83f |
C:\Users\Admin\AppData\Local\Temp\LesswoYQ.bat
| MD5 | 1cfdf0e8d0c87a228c1f40d9bee7888b |
| SHA1 | 526cb7425ab8d8d55c981974917cba26fab9834e |
| SHA256 | ae5239ec63f28cd401ccd63e9f56e4ede8254a738a135ebcd33e844c18dd247f |
| SHA512 | 98562001733fc78ac1c3632e1f3b722c2e079000088dd153f3f0f2def59a8597ff8a948cfaba9bad8fa7f847fcd9c2bf8497c8d8a0556183fc7604f696c13c91 |
C:\Users\Admin\AppData\Local\Temp\pwAIowoI.bat
| MD5 | 4e6448d6f10ddfa7dd2818d4ac4fbbbc |
| SHA1 | 83ffade4557b9ecc09f752b2f6ebd49f2e3be7ec |
| SHA256 | 51ee317ad10b13f252033a9eeeb16015cc91e08b2959a48b97d770bd0a0ceb01 |
| SHA512 | 2f6836ef38e7b51b38c387ce21203317f208f106ff08ff5e2bda4181c32be7a128b0154aa38d25514dc4d99f595d48c54118ef0ada814cbd37575b2554d7b898 |
C:\Users\Admin\AppData\Local\Temp\rQYQUkEY.bat
| MD5 | 8c4cc12a5ebba644c2aa30e1e14b0bcb |
| SHA1 | 790b7a66a4817a50a9a32da18e76317d00f423f6 |
| SHA256 | 62f28dbe4598c834a83daf0d738ed6df669bfc0f5869321063cb117840f59917 |
| SHA512 | 63a6c58a80d9e16f0305b763e38419c38a98d05cf184980643abf755dccefa144cddccaa9961782820b26c51969ef7491462a0e357795fd80e711950bf43753a |
C:\Users\Admin\AppData\Local\Temp\DsYu.exe
| MD5 | ff77daf578a5abf1d37f707eaff8125b |
| SHA1 | 9f374418740fde367825f45f0ba6f6fe0b2dfcbd |
| SHA256 | d2577fcd3c5ebd05d0c6b401a959b59d2e96311f5221f060f5d2c648ef806f64 |
| SHA512 | deb641b76cbb6f7c6f8a23fe551c2e993dc29a6370b5aab4f2c69ab68f6905dc46d24cacf94e355aa715a063fb307a090b6f63b5f696a87436601c2f2d3013c4 |
C:\Users\Admin\AppData\Local\Temp\MiYEMcgM.bat
| MD5 | 5ec7270890d27b334c45eca986d88b7e |
| SHA1 | 85c95143179cc6faabf42bed8129fc3c2c185b82 |
| SHA256 | e50b16f9ec90aaeccf4a2673bc5fb4a85146262e9ba3092eecaf4f292a8e0442 |
| SHA512 | 86912a39c23440065e3c3fb9aef0a7019750d74e99ec4d498d48ad587d23993f3b091e3836ec457ea5e8dbc62cbd1c69bcb0f3ba13f7884d8255783069618f4a |
C:\Users\Admin\AppData\Local\Temp\LOAEIUYU.bat
| MD5 | 7efc9963ddebc9af9c5b77ba86984df6 |
| SHA1 | 7949376be9c5df9ea5c48e47d788b53850d47145 |
| SHA256 | 3ba6a10b1551ae99717cdadac0d178aad24e7a12f767b3d3a9929872d2cfb681 |
| SHA512 | 5384782c16a42f4a6c6af86e8358d9b6370fe2d128e19841d52c5d0e7599d86fc0f69727bdd5355394b55390355c2b80748fdf7207aa4eccdbd1411642928dd0 |
C:\Users\Admin\AppData\Local\Temp\KmoooMkk.bat
| MD5 | ccd3e2580ef8ff1335d1ddd58da515e9 |
| SHA1 | aa78ad3034a2767b2fa54045b5452654df8556fc |
| SHA256 | a87ba7f5821003d5b9cad5517ee1ef5b99bda5e95b49b17a9d5ecddb10092f13 |
| SHA512 | c45f6349673358c35944bc3622bdde177aa680cb782c09ae9f195d86547e18f8fc720b2201f860d07964e682c6f6e70b158b7d4eb07cb3e12806635f0c77a9ad |
C:\Users\Admin\AppData\Local\Temp\agAgUkgI.bat
| MD5 | 8c340b4e4f7a80b8be61e82319440e2c |
| SHA1 | de59ab2b930adc4ddb6f9e83814fcdf9e47ccf44 |
| SHA256 | 62ba24f8ee56fa7f0493b94bb0869a209baca95a1074076ab17441bd261fbb7c |
| SHA512 | 12cd466e56ce7dfc68915626fe87342426b63ce95c9d5719773280e5dfabc481817b5ce038d5f064101c538326b3b2f6b510e822d197a5236d18da200f419f56 |
C:\Users\Admin\AppData\Local\Temp\OYgMEwsk.bat
| MD5 | 3a3e267fd1bde55bd253078573a72235 |
| SHA1 | 6d9aa3a2d2b222133f6dc1d08439a3b93efc0b4c |
| SHA256 | e1db7dc9ef4040ab09eb14ce53e3db0cb85fda3c68a7542a8981ec589047660c |
| SHA512 | 22d13a29af816a7b5e5e010bf75b8b6caa2153ead7f06e142348da0af90ea97f86a355770d27a88716eb18e48c2dc76c41d1c642029a7f91e6872a79f900a02d |
C:\Users\Admin\AppData\Local\Temp\tackIYgY.bat
| MD5 | f22494ab05be5b9088d11399193ffaef |
| SHA1 | 5de37ce0dbdb405457d0afcf03a68fe1f62cf8c8 |
| SHA256 | a98a567fef8938db2755eaf8ebf93ea5318b58c6ccce684f03bd11a7cecc4020 |
| SHA512 | f02d162fd40c5a9cbbfba03f02cc357859e2d4a49f020a1332302ba9381ceb1eb7834ba5320f5892caab558b7c39c9d8523daa67d3e7f59c93c052edaedf637d |
C:\Users\Admin\AppData\Local\Temp\CgkokUAA.bat
| MD5 | 6d4906f247f21a7b07f4ffdffe47d860 |
| SHA1 | 474a4fa0cc083fad6edd013ee23128ea11bc435f |
| SHA256 | 38c42a9e58f6b5d9148ac9cf680349be168201d4caf52e2db67f3a3a6537d17d |
| SHA512 | 1b1acab81d2b470b5a5a721c3e52cb8e271f97aa5685290a2476778ada203dfbb31e0f70a75cb1be48e13b6784c79509ea904a72e26988f019f20fdc524a1523 |
C:\Users\Admin\AppData\Local\Temp\YGEYsswU.bat
| MD5 | a0c514044147d4ad5aa27e895a2f434a |
| SHA1 | c1393f6746fb158a2a62db9274220b10a7197a1d |
| SHA256 | a14f7d1acbd231028c291598f20af14cdbe7ba2e80f3c8b6393174bd1d4de66b |
| SHA512 | 11bf00956a79cfdb5b6e4e60eba8a3d1560421abe43729a92ca3ffe6c23db178de85d7832c4629c23608fb60df7b63414cc978067f01362323f71982d9f28877 |
C:\Users\Admin\AppData\Local\Temp\VCYIYkgU.bat
| MD5 | 95b0e9eb64953508bca7fe072e9daaf0 |
| SHA1 | f12c22b6597178ea5a4beb38d815333d1a3e1b4f |
| SHA256 | 32fa94141537982663e9369bcddb74fbf1787607a88a3601ecc7501df4e993b6 |
| SHA512 | 27c197de4b304dc48bd38808e5c8b6203f3776ce6770e23c1092bf999bfe50bccc207316c19003844a4127e88dbdcf387d0c17f71da5ba36c4c094cd58d32540 |
C:\Users\Admin\AppData\Local\Temp\GwoUEEEA.bat
| MD5 | 378d67a7f24d48f8727e6b8dc008c8ff |
| SHA1 | 96bf758ff68f415cfd7147a90323d625d403c1e9 |
| SHA256 | 007223149cf507de69a189db6bc0ca35158e151c1b316fe2db3bf5c671373bf3 |
| SHA512 | edcda27de4346dc0698338c01ba56290aa13b431b9dadb823065fa0e2e5d2b9b50844fc056a7d9ba0897ff1e18d8613e9c4ee2abeaa6f23e1e36bf73c9dadf4c |
C:\Users\Admin\AppData\Local\Temp\XgUAQsYE.bat
| MD5 | 914948e9a1b6153f9240256aa8b8e360 |
| SHA1 | a842b92b2a43819dec6a422749b090294f1699e4 |
| SHA256 | ad7b6ba3b7cce9a607dd8af36a9044547b911655f62e3618cac733c12098af01 |
| SHA512 | 04eb7241f6f119687a354d790cfe459030b3396fce2208b77b0ad183cb155061d5ba95e700d1c640bbe000d95b9af0b4a1ad9ed65ef0b8cecad7a220e16c7e3d |
C:\Users\Admin\AppData\Local\Temp\PSkAUwUc.bat
| MD5 | 9b50e9d49fd7d945d5086e34b7862106 |
| SHA1 | c01f9cbc1fd7c6538b4a53d00f51dce7dfc2f046 |
| SHA256 | 44148c592b8bfb0d488a659878d503b864ce4249492dad04969915fe98a7b98b |
| SHA512 | 1fc4580abe7ee9c538176b018fc2a50931d7b1f44c06347ef34668f275fd8b4b052b2ec737c091b88c16b950b911ccfb49c2440a6cd3b97856a88d678b8dfce6 |
C:\Users\Admin\AppData\Local\Temp\HscgQAQE.bat
| MD5 | 02bd792ba8561b6abd391d7308982450 |
| SHA1 | 9a83ec8eec9807a77165aa620045cfe6162136c9 |
| SHA256 | 2ca7967337f1892e02dd75d3c485052b6385a0e017b10aad50006bd16ca7dac8 |
| SHA512 | 8861e1a0386b4f02091267fd41450a9da5fac5e7dba70f8198b336f1595ea5ea8447b08262ad8b14db32f7cd552c0b1af7660e90fd14d7cda0260ab9101de81e |
C:\Users\Admin\AppData\Local\Temp\zoAcgUoc.bat
| MD5 | ab4c67eced99e089ad385a34df3df407 |
| SHA1 | 8c6c613adf12747c5265fff19802fbaf3d80b865 |
| SHA256 | b2b6b9c5553144b48d6c1660241162a860ae307880bf97016a1a5aa0295b57a0 |
| SHA512 | a7d2f4e640b714e89dfef12450727a7fea65e4792fe69b5bb78830d7c5b7544813f330c7dc335cf095e610e39729fbd518a3e68e14c3cb325d9d29f9365a52e7 |
C:\Users\Admin\AppData\Local\Temp\mMocUAAc.bat
| MD5 | 3d79884f39b4c98be4e71e2c94b0977e |
| SHA1 | ac5bbf0e544f97e90a6cf338eafb73269dee3990 |
| SHA256 | 3ad97fd1018ed14fa901953f0190d9b6aa1938f7a0aba8abe7667added741f56 |
| SHA512 | 2fad8c183f8b230d0a1a634c50255be3a7f623f06879d18661e690177d1f9ad7ae93a564ec6f44b1c8d990a72eaa87d532a4e8c0db58887f09f0dd8ac4968309 |
C:\Users\Admin\AppData\Local\Temp\keAcUccM.bat
| MD5 | f03590735a9a2e7c1124a19cbeeed6e8 |
| SHA1 | 95549a4ee57ac5b422d78c562f71c2adadaa211d |
| SHA256 | 7d97095ab7a8fc03f7525aef54174349618f77140d22597c8535cc2f0855104f |
| SHA512 | 7b80eeecd22b6b3744d1ef880188d8cf583ffc7ed94bee3f0890ca40b31e5f291452808d065cf65287e823971a0cf15388cbdfea3c86e5fde721277eb1bdb84d |
C:\Users\Admin\AppData\Local\Temp\OyUgcIgM.bat
| MD5 | a2a4b4bae81fd328ff8da224a6fb1f25 |
| SHA1 | 730167ec0c55edc1ea17ccfde837a9ec85b61cb7 |
| SHA256 | 3af785cf491a3558dd3b912b439745e8769167f1102cb5e3de1e0b4d66607173 |
| SHA512 | 794c677cf1a02406b6563e0df4a2229205e5008a9d616f59eec07675d9e23f08b68d48fdc594ad86f7ca63970fbaf0c236cf2b27b453baebf11d0284e07d93ad |
C:\Users\Admin\AppData\Local\Temp\DIYQQsYc.bat
| MD5 | 6cea5eaa818a17f0927a1b626e060456 |
| SHA1 | 6a86cd0b411c62bff48aec2b1b2613137285e24e |
| SHA256 | 65390abc2ec06bacd70f105e6e47e9df75a63bb151b84f1dd01344ee230fd32a |
| SHA512 | a8e36725693326503617ebdd67bfb6c03cfeaa34bf7d08080bf756035ee57d7682d699d624a1acdf08f5cc323569346772ace8f6282a42f4951028337afa706e |
C:\Users\Admin\AppData\Local\Temp\hOMMsUgY.bat
| MD5 | dabb9206d69fce00a0327f92fd21b31c |
| SHA1 | a511a99f3ae05c13e39f4bb1b38c084fed81cba9 |
| SHA256 | b9df765908a91464561832c051a85bd75b62a9d468ce48d912bd156c76c63efd |
| SHA512 | 71a50137236c5761222c99ea43fef8d801ce62386cada0274b7535f0de4cd051e816dd832f830613131a56fe05c90bbbe2b8347fde31f818f8492cea06478bf0 |
C:\Users\Admin\AppData\Local\Temp\fQoS.exe
| MD5 | c6bea4a45849b32edc87b03460113d8b |
| SHA1 | bf2d7d340b2d3cccc5e51c201f330883a81d37d9 |
| SHA256 | a3f66099be940b83c78a0a1636f212d2a77a61b07806f59b179a4b61b88f4062 |
| SHA512 | dd957fd14d3b7e2348045e8da5b0d3755f18e2b4f5a8b235a0eb1b2de9d1e15ebb2c85fd42c917810dd7a79ab04b472753da96a8261fa3436761e2e903e5a65c |
C:\Users\Admin\AppData\Local\Temp\TwQU.exe
| MD5 | 722e55c95f0dfe6c648ad35e286f8167 |
| SHA1 | 48df31918df835c65b3998e318875adca30f1bb9 |
| SHA256 | 7637c6ca8aae16802344f207ac396302b8376535ae062702fda4b5bcf8938565 |
| SHA512 | 63124897558542663c86a2f88b8465b9090a6014b3743edc56f57c790f3957dc1bff09e527a53f53eddbade04b21948f7f4a6c83b68476fcf80c0753865349c5 |
C:\Users\Admin\AppData\Local\Temp\ugge.exe
| MD5 | 445f49149b359cd7c5cf7a2d1147bede |
| SHA1 | 06cb58f1ecda895b99a3079672dca735b44e6044 |
| SHA256 | 7540bd3a6d61057d970dd7298cb9123cc598d808cc5903fe192c3975da860130 |
| SHA512 | 7da00fb97b5e80004afd1578107b3b979ac30a4bfba86bfa5e760dc92826b9d21a337b70b29d0fe51f8d9ae0d3e6750f5156ab0a0ff975473f7bc34b48c1ae40 |
C:\Users\Admin\AppData\Local\Temp\Iwcw.ico
| MD5 | 47a169535b738bd50344df196735e258 |
| SHA1 | 23b4c8041b83f0374554191d543fdce6890f4723 |
| SHA256 | ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf |
| SHA512 | ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7 |
C:\Users\Admin\AppData\Local\Temp\pgYA.exe
| MD5 | 87a6d7cac9f8505b140085db8711d24b |
| SHA1 | 80a7ee7c7058e2f16eb2e82684a7e0a7b27bfe7e |
| SHA256 | 2034d400864b50ad4e4bc6def06391d22a5896ac54bfbd62297f03ca8a8b9e56 |
| SHA512 | 2cbe8ef9c122f755a37407ed8794b0519d25cfa841d400d01aa376e482e7a1eb141f44443aa639140ca0993b4dc4a5bc6535395bf2e323be1d519c3c0eeac887 |
C:\Users\Admin\AppData\Local\Temp\CUke.exe
| MD5 | bf143f100d49b4c9172fc1f6484534b1 |
| SHA1 | 3d7841d3c0ea85926b23f96700726f831836229c |
| SHA256 | a1ac283b54c8f26bcbfc7f163474a85666806a67411cc0c594c87dddda73b9ba |
| SHA512 | c87cf0db1f1fe7b5adaea7b44d263fed1baeea15b08929592e28333d2b8e00789ef0eaebd7e070a90e9c2f76b3f96f53ef0c1dae826858235e33314fa042c493 |
C:\Users\Admin\AppData\Local\Temp\aQwYosss.bat
| MD5 | f32920369d113843e7d99c5479c92828 |
| SHA1 | 99f56d27a3ad46863119d7a548f0f590a148f2df |
| SHA256 | f8abb5598b3c961a5c961568c26daa8b61c4c0a045bb5df7e9e5dcab1add9c9c |
| SHA512 | 1600bcac1496332808b237ddfe7848d73d25d54479cf025e843d1c6f66298d898b86e24e1c5b93e66abcbb9f8b2f327e1ba9cf7806caf08875a5a7baa7558692 |
C:\Users\Admin\AppData\Local\Temp\DkUC.exe
| MD5 | 88371aef1f130ca7f8b3bd8f5779c1f1 |
| SHA1 | 718eb93b7e6caef6a7fff9776296e3d1e7fca476 |
| SHA256 | 07b4d87918704bb29c574ac7a8740fadd96ebf6f5652fec897431d255adf33d2 |
| SHA512 | 95ed651044e370047efea8e494ff325f2deed504f3b401bcb8371ac78f7d7ab555b6015729d07d27b1350965df42dbbad2e4144c3eb0eee274c18ab87c82ae04 |
C:\Users\Admin\AppData\Local\Temp\JGcIAosQ.bat
| MD5 | cd444d07e7c3fcad7058748f0fcd6e7c |
| SHA1 | 85575c3033de4c363748598b99194f9da17545c9 |
| SHA256 | 9df76073c89a82c365fa6679f6c06102e71f57647f368032fa104ae33b2b048e |
| SHA512 | c96324c1835dd107889dad84303da8ba8c4cdd10fece4db6b6c712615ae716dd2a157d41127d23373ea1e529dd99bc5c34c4eead68306161043543c0bd6c39a6 |
C:\Users\Admin\AppData\Local\Temp\towo.exe
| MD5 | a74cf536018ad2adb18d4a25efeb4f6d |
| SHA1 | 73ca3460e2c85d083f71a4653145a90bf29fcefa |
| SHA256 | 99262e11b1d62d9b15cfa500d0501b2ec28bf26ed05e51a78db706722bb4b45c |
| SHA512 | 5a94e507ba6526fad033c365f9b50a953634e6fd1f06ce1ac15eeba250eab05cec7f155e3c792706086fcda9d6277cc176995cb1a0e5cf36dd9b6f717ebbd458 |
C:\Users\Admin\AppData\Local\Temp\YEMa.exe
| MD5 | bb78913cf47efac060389e8dda6c3533 |
| SHA1 | 47ce7a4f65080b12dff3030a784b52823fb3db59 |
| SHA256 | 8bd97a5c25aeec362e8800a1039fc555c36ba2fa2f4af3099082b7b1eeba4d33 |
| SHA512 | 927511767c0da23bd5d41077b8777e1e187bca3874649be025316a7c8af83dff2e5ec6c52480ffa9d29a34eeecd69486a22b72e180dbd4cff26ebb5c4c720523 |
C:\Users\Admin\AppData\Local\Temp\WIgE.exe
| MD5 | 031d4b0f468c415dfba85058c2a01c53 |
| SHA1 | 705d8ad552a24ceb25dd54d149b928d134d95318 |
| SHA256 | a62a80c84d4dd540f98a657a216999e58e50acb8b58cd01ed1a74451040b098e |
| SHA512 | 1ef746773c5d8337d3be571ff9a792d0f81bc04aa1451e341d245daae7a2364324161e4978a497b1fa3b956af0dace2f352d6b57ec369a0c63ba2f99d389a4a4 |
C:\Users\Admin\AppData\Local\Temp\GAoQIEok.bat
| MD5 | c4e7cb530b89944fe5fbb1010e0609cf |
| SHA1 | 45bbaaa03750d4f55a62bee3ee4551c497480cc4 |
| SHA256 | ce423318f49647c224b139cfa1b10923295f027f09344bd1512f1e190a3bc704 |
| SHA512 | e4bb0de7843f959384e67896d73d4df2923020534c7a366d9842359eac5e3938d524b8d323fbfd8973c25ad2647f47c3eb9e25358b7948bb73dfbef2040019ef |
C:\Users\Admin\AppData\Local\Temp\aMMM.exe
| MD5 | ee0e2b6510bd1a0f941cffd25bbd3585 |
| SHA1 | 39b84f33b9a428584267524fb7f3f635c400b0c3 |
| SHA256 | 34e3454a21b1331250c7dd4bd3493d3d090dfdf08442bfb7a6b689421d1a95dc |
| SHA512 | b80e226f5218596200abe9e75bfca56bb839a8b538538c44c84e11580096e900e767ecad881141e72229dac476093b80817359ff425c8ffac1e067501df11fb1 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp.exe
| MD5 | 83400072d9d029cff6c98b7d7e9a8f47 |
| SHA1 | d7240f89d5a4e1bc3d1acac9331da527520c2884 |
| SHA256 | d5ee66aba7a2ff9c612ee883ec790233e66b1a75af792001c34ed73f901b48a8 |
| SHA512 | cf3af7f8df0243184e55349d7ada31ce619c9c36264121341534a3082e9313cd97b9fe6765f0e7885120d5e8c09f80664ee81f140ff5f5f7e5fe64decb8c5d62 |
C:\Users\Admin\AppData\Local\Temp\qYAg.exe
| MD5 | 6267f68be075b645fe3e1cbd13f39655 |
| SHA1 | bff93f96afb02ab91dc5a29d363a98cffa96da6a |
| SHA256 | 5f335b4fab5324c652738ddd49501b44ab32af317bf128932fec0cfac6517409 |
| SHA512 | 8c4ba51abda323919a6cbc0cafef4f0433fe3dada9c5bb3ce291f11801b85fe52932d14491c2d050d542e773eaa7adf908ad7a55cfee2ed546680d065e3e04a3 |
C:\Users\Admin\AppData\Local\Temp\FEwE.exe
| MD5 | ee1ceea643fadb1e5549cdbed13b647a |
| SHA1 | 56d3d22f91ed4bfe686fe1d6e7cdb27445b533ee |
| SHA256 | e73d0911cf7f88d93db4bbd8c54b808f1dec1698e8420c2d9ca34be665621212 |
| SHA512 | b09f7a1b56b37fec1873678e35b14beb88b794e91f6768152c529dea6da63f1bc4c2902e5a55eea388be6c66ab54116dfa6483317e6c478c368bda807db90060 |
C:\Users\Admin\AppData\Local\Temp\hOIMMwAU.bat
| MD5 | 3d6e03d6410ee37992ca741228cefa4b |
| SHA1 | 7a40fed92523650943be1a83c8aad66677dffe5a |
| SHA256 | 2feb76b9c63735c152b9b2d71fdabbe0bf1732020d3a84ca2278ada133d640cb |
| SHA512 | 60369c26844b20ee988dffdd79728f04b18ed581466d4a3e9edaa23d36d494dd01566e263e867d0f24c118add5d8b9cad38e2b4d6b46d79cad61d584589eaf76 |
C:\Users\Admin\AppData\Local\Temp\ZkIy.exe
| MD5 | a0f3b48aabb050d250ac54e4e530cc1b |
| SHA1 | e5247291175cf6342ccf8604968709905677caad |
| SHA256 | 8578693f1114be5a216164e7df18ad287ceeb18259888f0f13314c6d39540289 |
| SHA512 | 0f0cb4d7b79aefe55689a89d3fd33afe709a3ebdbb73b6d759023b8697ba2a6f8ed6e96a09a59816bd9f78eadffe5bfe9e08a16bb690ccbbad9609bb8d6bd99e |
C:\Users\Admin\AppData\Local\Temp\OEwM.exe
| MD5 | 89a3f123494fa4a7a1c59d7e8c96a239 |
| SHA1 | 23e44b8f8fb6bfb1b90396c61b69beaafa3ef9c3 |
| SHA256 | f0c514c6377c34529594cb7557143d03a873b42826e8c95ee5bcf7377b75236b |
| SHA512 | 73e71e0614b483b725916e6c9f4d9b7feea72fe256742d6b813b28d9b06826860b615e739598e4ffc84be9c9e5dd59014ad530dab488e442e72edc14e1feb82c |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile32.bmp.exe
| MD5 | 060d5b084bf09bead6300bc8c6e2db84 |
| SHA1 | 4e365e10f2a14c3f3d54225f90d25cc55ca419d1 |
| SHA256 | 18d57291199fc00569b2f6b7586f7ffa1cc54fac445610c4158310d6e53a8714 |
| SHA512 | 6ff8412c7e1cf9019b0c9ccb0c0cf6878dd52b40b1b15e063dd210d409ab963b17b2f5bf62bf503cca569932865846050d1d34fd484c18a86f3291cb0790273c |
C:\Users\Admin\AppData\Local\Temp\HEMe.exe
| MD5 | 01a999d49d7210dd10db0b6a439d4f58 |
| SHA1 | e88e6bb2405f8ff305d92b81397c268cc8224a3f |
| SHA256 | 59dd068a8fff2fcca1368c768758ee9fd831cc5c093a504874db2e824fa4817a |
| SHA512 | af93176a99132eccd93ea11c3136a119fffed04e4583bb53a55552406ba5d48c682512f360bc6474147d105b04e7c934aa3551fc4391172de0f474d1ddbc7f88 |
C:\Users\Admin\AppData\Local\Temp\GkoU.exe
| MD5 | d3b158b33527bfa5415da96d6a4268e1 |
| SHA1 | 33311342828771fc19e86b964a0f820d6f29d0d3 |
| SHA256 | cc8849cf408bc5c52d10f67f74072118b7a046a5573153dab753f7bbe240ff50 |
| SHA512 | 11c5477f8c49907920e6816b79a2704f02403eee7c4ff22fb520e6535840a511046edf90753f9019ccb83164813befbd7d98ffebdf189a279017805ebfc3d47f |
C:\Users\Admin\AppData\Local\Temp\baIsgkck.bat
| MD5 | 0d8847eb441c2d3da22a856e35324f43 |
| SHA1 | c14b08e9adb932ec2734a2eafc67c48573bdbe33 |
| SHA256 | b3bb3a3ee019e1e6e4dc1463fa004512fc15977b12a00eabb94009646c8916d7 |
| SHA512 | 06ed1a48e00cbc3ea6456e12c0649c1915fd5914ef634a8f95c6ec7f3fb6e1338812ceff8542706de7c69e1206fa5d4fcfbeecb23944eab6386a702bd8c92c11 |
C:\Users\Admin\AppData\Local\Temp\GEsG.exe
| MD5 | f7f80cb2bca8eef3761d2db7138750dc |
| SHA1 | 0ef2f4fa12402e1fa20556e16f8588d59ea91e75 |
| SHA256 | 9b3b38bdc32cbc24fea6861f768bc2cdf62850bfb613bd570647bda5a5005d5c |
| SHA512 | 93f9381d73c53de1f726caeb1cbf829a911dbd4c9fc089d8c9ff806d827068c48f8f6d7b94d511774c891d76786512f16211cd7c418a7631eea33b0398d73c62 |
C:\Users\Admin\AppData\Local\Temp\kAYA.exe
| MD5 | e32dd32c76e4f7af0a60894e1b0751a8 |
| SHA1 | 3702f3c872661f1515666c5ee411a857f58ade11 |
| SHA256 | fd716ec31a86d5377a057df041770b20ed401edd3305ad02588d156e68e54140 |
| SHA512 | 2c1a0c834fa1400088ccaf9e04a0fd3b46bc43691b37fbbd071a7995bf777713194de55ba8a3af2f67a93b91a6e7d7085aee84302becda6767625238c9dd5add |
C:\Users\Admin\AppData\Local\Temp\UwoI.exe
| MD5 | 3c8af2d74ca9695d13c59bb524d36d7d |
| SHA1 | ece525850f3fbc0da402eb45f3e6d0ccdbffb40a |
| SHA256 | f0ea24e67b8712c895412fa1a1f887f5d1100447991bea77d604818d0acf6f0c |
| SHA512 | d418ad745a36386430473d82a0df510401b7c03d750270013f6316ddaf7d8b9ce5005133cab67b50209e5c3e9c73983099a851e9014f5433e7d155980aac9bab |
C:\Users\Admin\AppData\Local\Temp\OIMy.exe
| MD5 | ec079863dd42d7b1e4af8c5b27802c51 |
| SHA1 | e6d503659aab5a73456eca2c6c57d90130a1b013 |
| SHA256 | 79f664bf4ab4cce9377fa4aec3965a4b94bbc1f4f3d2b6904dad6d53611b846a |
| SHA512 | 4f27de412d1d23d9ccbd90bfd4dedf83fb60cce36ae0724fc50ca7fa6b2bdeb04bae88197f68f9d3fb2fe01b09e684dbcafdf4d706a03df4f83f414159f6c31e |
C:\Users\Admin\AppData\Local\Temp\UAAg.exe
| MD5 | 39e1967ccfe91db635bc84275e24aec5 |
| SHA1 | 83141e509d5755cdc78b4cb9aeb6b225d27e9f46 |
| SHA256 | ff517333ec6693242a479695c8017cdfcc6478930d315183f27c4183bfae3c1d |
| SHA512 | b572a1822f9e86ec615a8cdd135a04d92c1ed4e01f5a6f776436d6d66d749875ce8dba09fad1d072fe565eea3e8561e14472d945d5f42593b22b9a8a19c2ca78 |
C:\Users\Admin\AppData\Local\Temp\bcAowUYM.bat
| MD5 | 1afd334a8ec33a5539459667393d02ef |
| SHA1 | f086c2b689c845bfe3794756bf44776f8990f67f |
| SHA256 | dd6bfa164c107e104b29ef334ca3f786763b39cb7e2e0d8aabc364c35539995a |
| SHA512 | 2e110de48de79136738ca3459c8ace2bfea207b5963fa9874aca98abf01e4c5c25d3764af6d35e9f8c76dcc6bd1de548ba1eac8217e8facd6cbf975d4d0cb605 |
C:\Users\Admin\AppData\Local\Temp\OkYw.exe
| MD5 | 006867b3c6fec22be671a74c8dcb9f43 |
| SHA1 | e9d8e1c9d386f832f500f1ac50f6849f342e1f58 |
| SHA256 | bed72abaf4966cd13feae3fe0df1778f41d267bea78fb6643e8a9509fc3ce0c3 |
| SHA512 | 11f9a0d9e2cae3276e42974b4a01c1e244200e434c34c82af3a70b1996970cf9c92ef4006edd3c8ae392909d6b2b2bb01a65fbcffe920edaed4b8e665d716007 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp.exe
| MD5 | 5f6ef639e95ff6fc58579e049a37bf03 |
| SHA1 | 2b3c595f24c53091c28146b61329850acf3d103c |
| SHA256 | 9dae408039b66a9e000f4bf59ce41dff1d27edc42622c0db8979aabf32c06492 |
| SHA512 | b73060171b3c753c2db184be79a2d3c2f8e17da831c6685036fbf2c17d7acbc585135eb03be964fedc0addca743e5c9e9225337149fec08c1a78f10f42cec745 |
C:\Users\Admin\AppData\Local\Temp\hkkc.exe
| MD5 | 2459c1a85653b4ebdf5a662989e09a23 |
| SHA1 | f1b064678d17fa6a0e4b5521b4395eb73397bcda |
| SHA256 | 588af530195ec1d50368f5e5dd2bfca21e614a05f76b8b41933fea7e1e9672bd |
| SHA512 | ee97d35e1a2aa00d2012a5f5b102cd706273ae47d4c3e964ce7f213c792a309d6779217f5f393c3a1e5da4b9dfef364046410b1d9eafd54cb9a78901df8e6aec |
C:\Users\Admin\AppData\Local\Temp\CCwMsQcE.bat
| MD5 | 88e49b8e84db69c5a03d91156042d453 |
| SHA1 | 32ae465472c6a23ff511690518d902c19e97dff1 |
| SHA256 | 449777a5d1294ba443972a38ff8b07e56ebe6ff668652be155d98cab16849d27 |
| SHA512 | 3b2ab58b2fd2ea67b6066f2e39bca08c878ae9171d3d1d3a6f3605b7b951bf30d1cbee7b72e0305f7443768ff7f1f5774401432663c23805ebd7cf267361e4ca |
C:\Users\Admin\AppData\Local\Temp\JIgA.exe
| MD5 | 6fdedc07d15114b06368a5bb47f0d694 |
| SHA1 | 199d4806ec37584135bec60e73ea761fe9772df4 |
| SHA256 | ea180691c35e28c8c9d78d3055858bd3ee12f597e073ecf929bcd0ec0cf92469 |
| SHA512 | 2c53cffa4bce4bf945420b1e15d044a3ba280921bcb9d61e8571d799e25157012760ac82c1d2a8c599ca0fda4f087552bb8aa9c47c00f486284fa8080951746e |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp.exe
| MD5 | dc26cdb7ec48ca2028eb95b4bef95ba6 |
| SHA1 | 23db01171c16554af8d43c3ccc5e83bc58a5aefe |
| SHA256 | 2bb26d88263725a63b0e01008f209c973e79a7f2e44ffba5d5c63cb26f8328f7 |
| SHA512 | 263afb4f71222dcc09089e348435d82f5f6327980079239094a4efabf9f6e067f179689067bf126ddde371d6794e0f2c74e0f08b96bc0de1017186f344259815 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp.exe
| MD5 | d339305d7db251a889efab2f485d2963 |
| SHA1 | 3c7d4f5275f54a401425103e03807002ccc19755 |
| SHA256 | d9e2613debb09913c28631c86dabe1309d46deb29ed764b199803b3304d998a1 |
| SHA512 | 9d476b715c051c12820dd28bbc6e3ccef90a3e0e451f6180f2a5f306877d522094be15c7d9a2d2c136ff32a51e694a42a54343434991bb72361f03b6121dc93d |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp.exe
| MD5 | 615664d0e7ca6f290c8dcfc7045afc13 |
| SHA1 | 0ee9ee8554ea49f3ba9723b512fef35b2af55fd4 |
| SHA256 | a5d1b705bb904f1a4c1462473f08f7f651c937e04e59965e67e348a01c3c4860 |
| SHA512 | 02be078eeb03ea3ed53d4a21bcd53f5f20c888b9a140c55855c066cf4b976a676b2df8eb183cf84fcdf1504987b75a234ae68cf49fdd7192e7448a57a2cb3d2d |
C:\Users\Admin\AppData\Local\Temp\igQs.exe
| MD5 | 5b30a6aa8092a6287d0fbf31fd5944d1 |
| SHA1 | 930f243c956817fc1c1d7334b4bde3876159ecf8 |
| SHA256 | 059dd439a679d2e107f2d28221cd37c07843092d7937eaa233fd6039fe2618ec |
| SHA512 | c65adbfb84df0a682dc88c13e0880f9f0f24da7457a0cb0c8ed1945cfad2c4137aa55d8041babd4fd391f6e9b2134819c68a49d1cbfd45c64b51af650fda24fe |
C:\Users\Admin\AppData\Local\Temp\OsMW.exe
| MD5 | 6ff44c9f651d287dc69af25d1ee57284 |
| SHA1 | ed8c57ff50ac0ac5449d36145b991e1571305cc4 |
| SHA256 | 6566cc00665fe54bcaa28e3ade48ca19c4d1af93b7ee3974e5b1359b11725d89 |
| SHA512 | ea0f184a6c49db987d858445bbae498783b041fdd34ad5c6e23f5a26ed38024b8d0b713084690ee5eed957637770027e9553978823b70415b900d82b710a4762 |
C:\Users\Admin\AppData\Local\Temp\sGoMgoos.bat
| MD5 | e00ab987ec34652d69742385e1e9c8eb |
| SHA1 | 88aa688c9c45c9223d885649706f04809bedfa62 |
| SHA256 | 60af17e8a703117e19b576f40b8601ad0fdd6d81799654ab9159050b26c78996 |
| SHA512 | a134d53ca1b0c0756d100a835c057f0e80de5d25e663e34bfd425f24fa0d2c99d7277053d675f721b33278ca0d6652acf2c01fd6d3aa4704c60a18ca8e6adde7 |
C:\Users\Admin\AppData\Local\Temp\bwMC.exe
| MD5 | 17f4173fa21569feede05998f7c7a502 |
| SHA1 | f836c1edcfd0ab74515d6f81a665f2b390597975 |
| SHA256 | a0b1cbb6391d6868dbbcc3fec986304a7e186c4be67a32c4fb27ebd01adbdd52 |
| SHA512 | 57c7afe0a4ede5f9f7e56982c28676255dcf5354db7be766b63cafc1acf635d7cf2dac91effa72212c08a6524b8532ffdb1bd22831fc194e7458342d608d8134 |
C:\Users\Admin\AppData\Local\Temp\zkIe.exe
| MD5 | 82cec82008fa34e7f24d49446f3b2805 |
| SHA1 | 9be47261164839f8e414f303b6a3b576c18e8aea |
| SHA256 | 3e13a8fc7dc1a5e368728dcf8bde312b266f9b67f50e6d84e9694649d551ce1f |
| SHA512 | 5cf06c60ca5acc50ed32be63f3936e498d9774c84f1d7d74ddad2a108ce6440dce9dffa655829c7a649d6318bf9bd14410d965cb03cd07ee76753660bbc649e7 |
C:\Users\Admin\AppData\Local\Temp\DYUm.exe
| MD5 | 986da7f7e96333550f419dfe57a50ff5 |
| SHA1 | 97fa08d0bceda616cfce9e36206f6ba444549fb4 |
| SHA256 | 5de569a81ddb2d479383543f9b40a89793e597da29b707d1ac9ce977d4c4db11 |
| SHA512 | 09c37892afb1b4103b29d5101105ff5d0a3d3c81bcfef7a47f553e8455236ba2e0ed6df35060aebcc29ac08f00bfb3e946d7ff26ea41d30ee31c0bf50f266efc |
C:\Users\Admin\AppData\Local\Temp\rQoC.exe
| MD5 | 5efef8f242a6564f007407e241f51f6a |
| SHA1 | ce5a14670c319704165fa3ebfd3937e6a5ff9dd1 |
| SHA256 | 462a55417998b7015663c879792483d37d525c718c28888c36f5f8661758b971 |
| SHA512 | cf53b24f16fbcd79c771eaa053a5b8ee1a01672d7f65f8fd3794613c585e8630efe479f1d494f7bf9a3429584a28afac807597c00d5d120169d17feb3af1313b |
C:\Users\Admin\AppData\Local\Temp\newkkMoo.bat
| MD5 | 2f6fbe95d2d256af467a79474f51c9a0 |
| SHA1 | a41e02c4c155a5d42059a91ed7c6b5a7a939d9cf |
| SHA256 | 3c518981407e37758bfa1fbcca72c5c41410492978d88c9233b8241a0de58ba1 |
| SHA512 | 057a7aa40c0bda3165144945bdb48b11b0baed2cb8dd54e4b33f4d49a211e3c579ecbf042e5f3328c84490392888222977ff4e167adc1921f2781f42288fcf9e |
C:\Users\Admin\AppData\Local\Temp\DUoo.exe
| MD5 | 2842a81337c96d33c3baead583dc8cf6 |
| SHA1 | d59477a8b24ee6587542a0c0e556fd91ffc4ebf8 |
| SHA256 | 80eb995ac62dceb03240b39693d9d1430d2cffd0d063f770fddff93d1f4d1694 |
| SHA512 | a54a6b2c990929f1028c243fd23105f163fde5dc45cdf4eb27f050e243d6bdd066a3315a2aa2106a2b062e0db1dd94b6494648a62e80ba0603160e5d414064fb |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp.exe
| MD5 | effa3df7da45e31d60514adac03a03de |
| SHA1 | 9d5e18c1e83b0afbf6506a4207089fe56ca616fa |
| SHA256 | ee2449484524932320874e2b05aaa20ffb4286a23d47a6922fd1b675237571c9 |
| SHA512 | 606ca6c6b649693c3b233953fd653c5a78960847224a289bfa4fcebc2caec60595d90a843ab7e3180265bb4e11e174bbca0e27126905f58b2f61d753443a806b |
C:\Users\Admin\AppData\Local\Temp\Cgsk.exe
| MD5 | e5a8a9128c36a2313ea4e1dc554a348e |
| SHA1 | 0612a1a2cea95f1803feed828e67d297ea311dc0 |
| SHA256 | ac9a7c2fd4b56cde9ebe7fdc6726ea396e44c50cdae0c40d1230f30723a985fb |
| SHA512 | c47deae06cadefcafe302dbf5ec14b0428f5b75490122a8794ff4501f8bca3418cfb22e59431bda3950ae8f9e518e65aa6327961c9f1b5815dfa35707f5a2fd4 |
C:\Users\Admin\AppData\Local\Temp\Xcoy.exe
| MD5 | 45db192f4b3f28c98eb17f7cc7b24763 |
| SHA1 | ae2c50a0bdc1a306863ecf5519d6606849742a18 |
| SHA256 | 58e909778682bee617ba6df6901501fa8ce5cbf441bb58456e18d2cdb0746432 |
| SHA512 | 875c0a9565192977776c6cb0a1c657aa60759550dd9f7cdc4fff29ef5a768c21d425fd3435e83f13ec74c056b207d90d36d751253ef003b3a3a818dcddf036b3 |
C:\Users\Admin\AppData\Local\Temp\ewcM.exe
| MD5 | 77371a2c949936215f5dd85d626bfd4c |
| SHA1 | 43006a5d027df81190c45f39b625a9276bddda04 |
| SHA256 | dc0a30fe9da7abeabcf82cada7cc9f0b6b8bb0f412a67f507fd8a7ee5f2815a8 |
| SHA512 | 4176f45376031391f3564382ec22a5b21f4bd7fc01411f1dadf79577e923beedb922986d3aafbec99b690b14958408a299c15aa8d6bfaef81c3009aba1b56594 |
C:\Users\Admin\AppData\Local\Temp\XoQIkogE.bat
| MD5 | ccd7b39ed10a0c8d5d3bf7eec1d37085 |
| SHA1 | c1514956f0106ded43905b5fd1ec42bd05a23915 |
| SHA256 | 1114a20fd64b9e5ddb74bfe3acee4065fdca80dcefeafa3faa81cc0d5a2cb643 |
| SHA512 | 932a0859c4acbab1b500da02432dbedb00aafb9cfe852f20546bf4aabdc01f56dc8446f52956b58afc73c4f3fe9041cadb94e4a3b8d7f45944bb770e1629931a |
C:\Users\Admin\AppData\Local\Temp\eIUu.exe
| MD5 | 009c9a5121e2f4253772995b043e117a |
| SHA1 | 58d3ea4177832ebdc34a0aec8f995a195fe5d346 |
| SHA256 | 22fdaff246dcbb5fe242a396dd188bfe42d9bef80a2e5f9047a91dcec0236b55 |
| SHA512 | 519b984d8641899745760b622b4204f0032b6da2455d70a034ca9ee1f0fbe7d2d77d887776a8fb2503ebf42401750e8d0f06f31c53bf11822ee73a12aef0db74 |
C:\Users\Admin\AppData\Local\Temp\CUkK.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
| MD5 | a83f21f48f43949c5d3b0cd26f8727dc |
| SHA1 | c006eeef7c3e95d3e26d3436f6fce73b93913ee2 |
| SHA256 | a12c1cdb25a500a315d54ba1beabb9b816827e9eb4b5e59ca0c8e0d4be27152a |
| SHA512 | bef13e445c1d6166635a1ec1bb1660979666293e2cc0bb8c03e34f470d4d985ac68f48a9f288582d1effc088911d0dfd7520d0e25dfb7c80faa85b57b26e159a |
C:\Users\Admin\AppData\Local\Temp\ywUC.exe
| MD5 | a446de35d598a2c061fa16d5eeffb32b |
| SHA1 | 22a28c598853a1f5b76b7786c82d866cd8198543 |
| SHA256 | 914961f41536b355c0fdc09d586e7a9593bf4f096726d91d1d6f5f39e0f08f92 |
| SHA512 | b82b6fa2fdf41d74632919b90baa11e93a7c97bc32433b61433e5645e742b246aeaf4fe5ec7f190814214f9dcf58ff47a337173d8bb6a8718c4be1a16629dac3 |
C:\Users\Admin\AppData\Local\Temp\nAoY.exe
| MD5 | d66b7b5d7fee0d8efb116c38d4fc386d |
| SHA1 | c3651e7490561f5198bcbd921f9f23313f8d0405 |
| SHA256 | b6d08894a9139ddfa76eb32c7387a36fd35593ba86e86405c9f2d622a6f433ff |
| SHA512 | d754d5dd0cf10099c6f8e7239cf7ca0f35ed82db77d4d97b332d28fb5e8fc324010a0a0401fd9646cce4d0fd5267c8265934070c668ca9d3d58e7967cdd7961a |
C:\Users\Admin\AppData\Local\Temp\suogEQkg.bat
| MD5 | e7f0a1bc83ffa9eb2a5a0dc001babf4f |
| SHA1 | 78dd30f03071ff27f21ef3b2eba9bfc0f7b992a2 |
| SHA256 | 60cd3439a6e36bb31dc85c1ee51a8f98a87bccef3f8155e1e243404d139a0810 |
| SHA512 | 186ab3f55ced38821fbb9dbce579a95b889b348942f79f2e5dcf920c5929baff190bef61b050f9db047ba29d8c5bb2bbd1e5a667289ab8862ccf61853f571ab6 |
C:\Users\Admin\AppData\Local\Temp\TUos.exe
| MD5 | 4c85000e4dbfa2cc788f4f489c905884 |
| SHA1 | c87cf3e34d85ad35e7894cff461d451b453c62c7 |
| SHA256 | 6276b78ad1e9f2941440086f5c4ecba5c2f7c1bef6f44b066efc32164714a3f6 |
| SHA512 | 410a337ec98717d149983e32f27098a9cd33bb9d93beb4e1c15cf35b5efebbf8dbcbe1d54a665df759e74b97ee91254c2b1df096ea720d2d89e5b9e6e8facdb6 |
C:\Users\Admin\AppData\Local\Temp\DOEcgUsE.bat
| MD5 | 022e1df3e883b50a81a9a3db33e28601 |
| SHA1 | c8fd78f4e533071e6e00183ac874d2319278457f |
| SHA256 | bb00a0a4c9fc2d900258069aeeb48d47da31bf65d1dd7bb1bf0c9478d16626ab |
| SHA512 | fa6c03e49aeee9016e9c81dc0b0a51ce6405efa6c739586c42c012c9968a0cb1f985b360ff3b354c21b9fce0d36871dd3875e72b31488afc76999934d49a532c |
C:\Users\Admin\AppData\Local\Temp\PQAgIAEQ.bat
| MD5 | 4e78d03248fab16a3e6bd0c19355ea4e |
| SHA1 | 44400d5bed3a65d1258903f9d367945f784110a0 |
| SHA256 | 2749c8c9799015af1f3ae7f2dcb18070a181ffa14a5ee0e294891c2af874fb79 |
| SHA512 | 7edabab8277fb6be8b846293a0de82c785c5197d3aed3be6674a07fc05b624cf030667d28b2131a523fe41c3329ab749a2bb8e909010a85929ed33e6e08f805e |
C:\Users\Admin\AppData\Local\Temp\EcIgYYsU.bat
| MD5 | b4043fab1334427273cf36f9d8115535 |
| SHA1 | f1bd769a3c9bede3d67be0ae108963d454aa2310 |
| SHA256 | 9b08bb0cc613a1d820ed4e74e8ac943c65287a770c99e3643e37f261862f5fe3 |
| SHA512 | 4f9442ee0aca99195dd73f4b81532d6ff08fcddc6aa1f3a4783bf52398aaf75dd2931fd3a7ad5a01da3a116b0cfa66107d127d7e2f8c3136eec53821be271d01 |
C:\Users\Admin\AppData\Local\Temp\ROMAscEA.bat
| MD5 | 359b4fff97d2385035e8829084a1675e |
| SHA1 | 05cf1687ee49722826ffc2f60237ec25c3b57bd4 |
| SHA256 | 3d35f0f05413d96138022230022223276a909edc4a45b4d45e83705b8d958cc4 |
| SHA512 | 9dec520874382f1aa04dd1f31f32eeaa64ae011a78dde76e5c7a0fdface2e0c815c6caa6e2151b7dad22482ca9b557934b69232c905a4fd336d7b3cb656da8c3 |
C:\Users\Admin\AppData\Local\Temp\nEIQsQYI.bat
| MD5 | 48057d9c509a721ee36f55d07cf479d6 |
| SHA1 | 302f16ea15ded44847301230d0a509f983f89152 |
| SHA256 | fd771a230505dab7883a1854111ca5c0859c794f99e085fca6d2f62cb8245473 |
| SHA512 | c29af15c811a090ad3de3c586ef07c20ab393715e0ae4a5877c50ab65599309bd851f5dbe57c877dfce8b31b37639574201d84a4f7cc10ce44df0af889781b89 |
C:\Users\Admin\AppData\Local\Temp\SYkUcgkE.bat
| MD5 | 19b003b2894cf1d270fa8f4a039606b8 |
| SHA1 | 14d4a14c4cc2b9592e0de8be07d5dc63cc91f077 |
| SHA256 | 997488922c3b41417b53f96efb00d58f7d9e5fd3f06b50deeabc21e399161653 |
| SHA512 | 6b1d1f832f285e40b08358a7230dc429b07db6020ec9fdd317a8a8810233261f275fe7b45513fa877ab98ac7ecfe98bb935a03ac60f1b05c9a5b1bf891d02963 |
C:\Users\Admin\AppData\Local\Temp\tcMwAsso.bat
| MD5 | b161bc80041a5f8d9f8f2fe0e516b60e |
| SHA1 | c079598a77dbd1e2f91f87e77c1d0de71fba34e0 |
| SHA256 | 4407f4582b36b797bca17ad896ad134c7f7a739d7970651bb732a1cf690c3e5f |
| SHA512 | 0d653dd12709d108a2a33d200684b099db36902f93565547f248e7dc8c3931cc94849bfcd0b5ad7080a3ffc68430654a2f543bd49dc1ac553f9dd316a7233001 |
C:\Users\Admin\AppData\Local\Temp\PSMwYcgs.bat
| MD5 | c0ef20ca25288c581ea190392b43ae1e |
| SHA1 | 8f409f54fa10fe1a93d1cd4115fc45b9ffccaab8 |
| SHA256 | 97cae2a73e5db8e5c085a468c9f8654af0c9a9200afe674da548894eac6fcd44 |
| SHA512 | f27f55a62b619142500e8608fed23a21e55abebfc1a169ca498899bc4114594477c9de297181cb726433c96aaf876d8b060b5bb25a7438536facdec323c22bc5 |
C:\Users\Admin\AppData\Local\Temp\yoAUMQkU.bat
| MD5 | a907d274e13cb62ce25d73c5b11a1748 |
| SHA1 | 65db8865411e0b9162658fb1fa0568889b0ea8d4 |
| SHA256 | ecc13c6726bb1953095d238cd5e8c8360ad378e9d696a0c1ac603ffba16f0333 |
| SHA512 | 815c1191a9bf353c293059ab4680b7f20472641304d5c49d9b26906fdb280b99599aa957054d31e490b9dd6d44a694caf0dec19136f3780020535f4994e3173a |
C:\Users\Admin\AppData\Local\Temp\GAQk.exe
| MD5 | ea6fa38f9e0657db0e4421d06bc2524e |
| SHA1 | 30c70a3059d454efebb3aa7f4b37884b73888f32 |
| SHA256 | dba417becc838f14d431bcaef1dd79d2776a962630d7157ec7811725e5779671 |
| SHA512 | da0a1cf45de00e72864179c5c00ad034ff800edf9ff60c4f05a33aa9e392eeda7f468419077cfa491b1bc9b1c8622c1f87517f885daec9e4bcf42a698b1cd0ad |
C:\Users\Admin\AppData\Local\Temp\tUga.exe
| MD5 | 5aeb06d5d2f6b1de6c035dfb27ba792a |
| SHA1 | 78531e0b0a96e756b33da260a8918cfcbdd1f93c |
| SHA256 | 2d08fb9e06128c8593e5e0543b6ba8411536743c95d3c47dfec2d514b96438ab |
| SHA512 | 6e7df60035c2836d5237cfeea5300233b4d29cdaa8e468cb23ad32e8ebc7a2391d36e2f509622cd7e89497f9c05a29d8840e76ff172ca923ca71efbbc5d7e02b |
C:\Users\Admin\AppData\Local\Temp\lAMMkckc.bat
| MD5 | d797d3210f60b2d47efb9c47d4f6f19e |
| SHA1 | f3d7107498e9b6a006431965b8a9d13f9f331da2 |
| SHA256 | 9ec20062381642aa354d96fa7b44d6cbb38c16197e55f4ca0f4a439c79e05b97 |
| SHA512 | 6ade1d7f6b548a1abd6afbbbb59a9296b3ce28749ded508a38108289e11b68d5a6f6267435cae496a1befbf5483f922c99dc5f4a439c9b1bcb0f4c4fea19c908 |
C:\Users\Admin\AppData\Local\Temp\AMsI.exe
| MD5 | 545e5adf38c8e1bb618323f1e0639b27 |
| SHA1 | f7d4bcdaa9474bda67b31963c916a0be91eb1572 |
| SHA256 | 0073e92036d9a4b520311ae27a6b06cfb59fd42ae62abd1f94632969691a45e0 |
| SHA512 | 0403ab60a0709c61ca12ce75ce496630c9b0ddce400cf46402a373c39a502168929160a860855dff5644f4ad462737b1e4714718e3c889cb0eab5106c36b3778 |
C:\Users\Admin\AppData\Local\Temp\foss.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\KUoo.exe
| MD5 | 507b8ce05ce0a326bde72c7ec293f7da |
| SHA1 | 03610ccfef48ea9a30ff3e65203c8625954553ae |
| SHA256 | bc7cb8306e01258b25f52fd33cf4ca055c9217c5dc3a359d43e053f15f07b8f0 |
| SHA512 | b5230c440aa2c2c88756a08d10ca4e385978cb4179592ba49680dd5dfb2932ce74eb154feb0965af331430af8def36a64dfae84f3d77f37adee8fed1f58ac2ff |
C:\Users\Admin\AppData\Local\Temp\BAAw.exe
| MD5 | a054edefe0840d28f66edfca664463b2 |
| SHA1 | d1476a41df400c3b28e9f60fcb7865dc0af30c27 |
| SHA256 | 61fe0dc6bad16dfe6cb026965c62e24ee14ad93faa0a2616e30b1b5e73a953a4 |
| SHA512 | 489767ea3f69d31d7a74f40ca6e537bde5fb92e9faa785bf734edb6924d08ad1a18c70ac5965dccd6adf8e25b63ebf917bfc620db22b7c36ccb7a039cfff8a5f |
C:\Users\Admin\AppData\Local\Temp\pukEoQEU.bat
| MD5 | 25ba8e30ced2159058ecc555dfdcdfb2 |
| SHA1 | c2ec88c8b61b7e1020593f4bf9519a2e234ab0a1 |
| SHA256 | 8fc0f54be8722f1b118eb86b50a4f22112d83acc2320dac2c98a552ae64c6d02 |
| SHA512 | 62aa216266f4a91b8c61bda914878f4b9b945098039e6320732a784e7c2fbdd1d75841556e4cd04b9ebef0b99a937878e5cb2188b7ba4b221bb94c1ae47bb1a6 |
C:\Users\Admin\AppData\Local\Temp\kgYE.exe
| MD5 | 1f0556036e87d05592543fbbfa5e78fa |
| SHA1 | 15925ef54b29df3621c572b3cd091e5edc9cfaa7 |
| SHA256 | 8ca9aab2adec1d859b6da1a369d92db6657d97002ec59b2edb926d65130ed020 |
| SHA512 | 7c41ea68b1b7bf5567a33838c87a32dd8ec9abb8397f2da26b0135da3da9a393163e77138dbaeda881450db0f55b8a80f30ec33356cf4216e4f147f7385e995e |
C:\Users\Admin\AppData\Local\Temp\VIUE.exe
| MD5 | 4ca13230adf656b081b8415aae341985 |
| SHA1 | 3b68d0efacc609f25a006db4edc0731058b66566 |
| SHA256 | be245448a8d610fa44818d0ca84d5bdad063ff4cefab14ca906f4eac1f6e66dc |
| SHA512 | 92feaa28ccc3a61540b0daad194ba25f101c1462b424793ea9bb29c24f5c628faf991b314b714e346988cf232f4736acecc9c153ca0e6f6196cadea160feb6be |
C:\Users\Admin\AppData\Local\Temp\nwEW.exe
| MD5 | b31dd27388c666a73bed3b22d9acb426 |
| SHA1 | 791d8163396f9f4610b28f41ba447cc212c08412 |
| SHA256 | cc2b32c04b736b52c180cc10e5b3687b3d4aa66c477d9bbaa550244ff345c1b5 |
| SHA512 | 4c0246d634d8d3193ace4ec3a4a7bb1b82aac686bbad0c354ba0c6133d506ec46e800f93d835a9ee612360511d928ec73786d0b1ce7be2d79d37ac781c8a4aaa |
C:\Users\Admin\AppData\Local\Temp\WoMg.exe
| MD5 | e8ef7ec0515d033a4454618ec7cd6150 |
| SHA1 | 8e821774fdf83b8bd9a3a91e48f70bed313c7ec9 |
| SHA256 | be5da3ce5972346075bc49af5ab2ef463f9dd813278a34e86e3d9888bc51fdbd |
| SHA512 | 6bc45d1759d938a01f208783f79f64a6a97763b0007f057588d219f0520c86ac5961af5f96e1245e7a4ca67c9abdf2b5d29131f4d4dcc33364d99381fb616f9c |
C:\Users\Admin\AppData\Local\Temp\sqAMIwsc.bat
| MD5 | 3d3a477b45b169838453a95be7b1454d |
| SHA1 | 93c2a76c2fbc807d22767d43ceecf9d72cf074c0 |
| SHA256 | 4f65a6b8c63d330677f896e3ed99746d2bc61d99ea0635ea6ff18eb261d7134f |
| SHA512 | 1b5f387201871c27e6aa7c89e602f28384a2e51971bad85ef69e5e13307817dc1dcd63e13d3069635c13373999cf0d05a1eaccfb7ed79017e354539f8b1c09b2 |
C:\Users\Admin\AppData\Local\Temp\usIE.exe
| MD5 | d842f45c64d288a3d1e35d30716cbabb |
| SHA1 | f21446b212cdfca6acc15fefb255dc7ffd22425a |
| SHA256 | 9a870c9e2c7121e72392d78fc6f1132173562b05733d35ac4939a2af148dd5c5 |
| SHA512 | 23217707aee51be7e840e4fb9241c16bb823e106a62f80629bd68c83339b785ddb59541ce7d876a064a0c23d9f0012f4bb14ff6bf5d02e84cf3dbd41eae2d2fd |
C:\Users\Admin\AppData\Local\Temp\CMcc.exe
| MD5 | 25c780eb157f0edfae26be630dd52f7a |
| SHA1 | e680ce030422e95e554a88cb362b57eb7f47431e |
| SHA256 | b787ef3f0a9b50548c920e87015ffce8a19c2c2f9949f47252a9d16cf7e1f602 |
| SHA512 | 59e459ef570fc5609f5a2087311d8799a4b11ca39e90f8fb05951f2f33e3904e585694e9176c5efd2476cf204edc17841ae8f9486268e27055ea798cff2a810d |
C:\Users\Admin\AppData\Local\Temp\AYIC.exe
| MD5 | 28f4568ab21d4e8b006837613092ba45 |
| SHA1 | a44aedf3d443f23149d3a82005c2dcefe0a21cb1 |
| SHA256 | 0dc4c513f3581822454056829cd1b3a8b5c3bb55b053e247501d9b64d3318f12 |
| SHA512 | 4b2eaac2965a5131f02f7c4125060810052df28b6f00cc05fa35380aaf783d46ce8e6dcce5454d3d919a5cfaad971b6e392975893245fa541196f395a61219b3 |
C:\Users\Admin\AppData\Local\Temp\gagMUsgU.bat
| MD5 | 0d1f99edb54e5de06f73e293dfb3c6c9 |
| SHA1 | be022756f97c92c4436fe589b603d7edb4b4cf84 |
| SHA256 | cf39cd31f1e49c8f54f15f77883c1ae59c6c752443b9ef5dc52df6b385f6158a |
| SHA512 | 2610496bf1589bc56e47b5c60b69d99b3ffcc26ebb3dad90c6be4c72c7e1609e0941887d148fd53f0b69b4d4188a231ae395c014c224a66fc41193509bf35315 |
C:\Users\Admin\AppData\Local\Temp\UYME.exe
| MD5 | 405100679244cf10f9770e2a260088a0 |
| SHA1 | 778e49281d0b99f6566aa19e82a6e2971f8f384b |
| SHA256 | 2cef7e6e492febe4e6d5ad9c52dd04ee2f2239c6046cf475728157e94d356ad9 |
| SHA512 | 7610dcc0135fe2974ccb73c64d8d5912c0d0b3daf5b86dde9be05ab97aed2f39da02ad3d3d36785dec2173f82a14092cd58cccab44cc5e195c300a102a839d0c |
C:\Users\Admin\AppData\Local\Temp\GUIC.exe
| MD5 | c50369d3e841afe3c1b9d60b5bacd285 |
| SHA1 | ecf0b0c5ad24971768f46b495acdb6cd20fdd287 |
| SHA256 | 8e4ba56ee4af2da6a7fafdaee1797de62cf547ff28dc6d3abae5f56a2d768118 |
| SHA512 | 4fcb2ee7403211fd5c169bc0e4ed15d3cb1a4a016175adfff0dddcd78933f43c721846c27a99780bd394c5a7b209d28b7871e3de9ae6c753763fb1fb6da80f20 |
C:\Users\Admin\AppData\Local\Temp\dUoc.exe
| MD5 | b04493f0503ceecb3f175d0796bd7425 |
| SHA1 | 7435b4caf6d75ee203f81fe74d69d8774cf5e79e |
| SHA256 | 0bef24391d59031ca427df41f7f77df357ca20740da4349c58e811621a26ac09 |
| SHA512 | 198200efbd71e12de7174323d5fefff03fd30f6ea8c148b7e42b7d1a20a657d982196900125204a63fe42ec58fa4c2cb3b1e5381501db7176e5f98a7e5923744 |
C:\Users\Admin\AppData\Local\Temp\yUge.exe
| MD5 | 932add24fac9cd36def4adb55faec445 |
| SHA1 | 95a72d26c10c5f2dd525e5ca12549daaa538c135 |
| SHA256 | d812aa4b7cd48837f88f558f9b7796ad179e9122ba16768051b1a8c5a4c8ad54 |
| SHA512 | 06ae88bce81fe5d3a0cbff355f23cb9a45906ee796b66a9cac80fa6b9c781096ccfc41d63a9bb66edd2a22aaa63e6b71e7feba5c1fb22d537416946dad6a1899 |
C:\Users\Admin\AppData\Local\Temp\iQAc.ico
| MD5 | 5647ff3b5b2783a651f5b591c0405149 |
| SHA1 | 4af7969d82a8e97cf4e358fa791730892efe952b |
| SHA256 | 590a5b0123fdd03506ad4dd613caeffe4af69d9886e85e46cbde4557a3d2d3db |
| SHA512 | cb4fd29dcd552a1e56c5231e75576359ce3b06b0001debf69b142f5234074c18fd44be2258df79013d4ef4e62890d09522814b3144000f211606eb8a5aee8e5a |
C:\Users\Admin\AppData\Local\Temp\zQks.exe
| MD5 | 8ef72451135fe130ccab7ba8572fc256 |
| SHA1 | 63be4f2e776f2f37d60ab56349cfe04d60226bfe |
| SHA256 | 07d46f9b000b620fed5a29bc1e3a5ae9cef357ffd0e88755b0aec5cde1d39bde |
| SHA512 | 340ad7fbade91b07f744bb25ca792f81012e95885fa562f6fb50f9de0d615962b4b4b062e5ffa500b32f23cedaa2d9ffa8baca0f5a00a21bdf5ff7badd29d55f |
C:\Users\Admin\AppData\Local\Temp\lKQcMksw.bat
| MD5 | f66234f70a4491224659f4b23cac66f4 |
| SHA1 | 50f060c3af6537728443c3ba9deca962d5d3f294 |
| SHA256 | 2148a524b3bbbdb819ff9e532eb2e1123ec38b79c181f518b223256ea1b115d5 |
| SHA512 | 0525985b7ca3f7f4a5cec072306355c6c65719e516664020b75b41ceb2c278b9cfa0d91e6ace3137fd2e12b46837c95eaa8b86e58cbf08c2c5e0f32cbbabc6e1 |
C:\Users\Admin\AppData\Local\Temp\QAca.exe
| MD5 | cc2de512c20c3466b787896bf47b8131 |
| SHA1 | 1817a826c5950d8699e332df676972ef6582823d |
| SHA256 | 8a4c0a3f939a861c4a3f0da8d6217fe77693ddac38105f5bce6ca15504a970fb |
| SHA512 | aecad487ee7ebb13d7756871990ab401d880c47ed69dac4705c0ffcc39d4deab123b4c9df233901f6e0fe121d21b3a8d2a1696399f191f312bffc1cdf591af5c |
C:\Users\Admin\AppData\Local\Temp\swca.exe
| MD5 | e7f1a07eeb1d65cb5d775969ff59db65 |
| SHA1 | 97d5df2ee8bfd0b99ea70c6c360cd71a80407882 |
| SHA256 | 3eda2cd7d38746696d1daca860ce84524465fc20ed6bd5c99c4618c9620cbe58 |
| SHA512 | c9d4541a2f44f2f333f757e224c20e889bc8daa1060fe8ff894831d352ecbfec58d165cd41bfc9363c259f95fac00e8afc7ad1675f5c14ef6ec1e28000a12bce |
C:\Users\Admin\AppData\Local\Temp\UIIG.exe
| MD5 | 1ac4c8994930636de3e6c832d2ba9ec7 |
| SHA1 | a51523349ffb489bf86899747b733357b4e537d7 |
| SHA256 | 6b6e789e3981ac702d094491ed85f9bec530eb355ed45ce4182b4b5bad535162 |
| SHA512 | e4dd3fe412f21028007c61e1be29a1aa47b569ddc7ba87cb4b55def3bc2131b1367694b864210e109f374e193014ab92843642ca546765a094727569a8333142 |
C:\Users\Admin\AppData\Local\Temp\oAQMMEsM.bat
| MD5 | b2a2d589ec662d02181a13a5e4f54f3c |
| SHA1 | 8cc9bf3d31c53c2f50203e63842d7a0c198c4986 |
| SHA256 | 53fe3707f739a6295d5b6c8afc280de0f994486783b15f408b5ccbaa966ad1fb |
| SHA512 | d9fad42d086db635c936ff6aa45e0fbd969227484d392fc7ee0e27e74cd530d987b580819558784a5cc51be2385ee4f631e0e632dbeed8bc4503c1557678656c |
C:\Users\Admin\AppData\Local\Temp\oUEs.exe
| MD5 | 61deb894e0e8777bb6bf2d0c4be595a1 |
| SHA1 | 1af06aae92aad02ebce93d21abc1dbb2c5be02b3 |
| SHA256 | e421709a91c4a3954909ce6a5ab7d50033e9d0449f1ac90005d71804fc4f6cbc |
| SHA512 | 34c1c9554c6abc212e7cc46a8a4842dd46c9966dbfdd5999ab5ede2aa7b34ff6b2f00b0a8041f08c792b73c0fa9f07e98fe11d6934d42c506e461f8e9a30f744 |
C:\Users\Admin\AppData\Local\Temp\EYcA.exe
| MD5 | 7e5e7b513d6ef130455438db72576709 |
| SHA1 | 00c1580146cce9bee0786168eda8b2b223155133 |
| SHA256 | b6fa941cc14277fd4678cd33a978900d17a00b374ec76e12e6f2b8a8a37756b3 |
| SHA512 | 5473b597151db1a83c412e9c201d9f29e62778d1114241a022d88f96ad0c5e9eec9570ea140be0f650ffaa2ff8a49f31e223b8cd619d26f02e5d0ad84286361d |
C:\Users\Admin\AppData\Local\Temp\hcUIgsEA.bat
| MD5 | 4658c84114fa345ebbc5ec0edaaf6a58 |
| SHA1 | 5ebcbd487adb94f59db273800c487b3cbb963aa8 |
| SHA256 | ac5c1e9a4678616d8dadd99ccf9a8b3fa10a1e9b40caa157abbf0f774e5cf41b |
| SHA512 | 4f0e60f783f47f77d98c802d138f024fdf8c7d6f7dc3c084c4561bf942d33df5b5c0abfda2212828730ae8448b96ebdc11f353176f57073ab62d4255094b71d7 |
C:\Users\Admin\AppData\Local\Temp\IQsC.exe
| MD5 | 839fba0ea7af9e974800fdf6ee262598 |
| SHA1 | 0f32a60dc5239cef50c8cd08e77593d9fbd1390b |
| SHA256 | 505c4b3dc24a461de96ea14ec1acdfadcc46a19c5bfbb0b92e232727cd49fe45 |
| SHA512 | 3f459cfbcd9229d1e556d0aed7bb512017097170f5f25924894bba1fd42c33d335000a1199180cf561ceed999313314baf5af9a5c9a921272a328786b8cd974c |
C:\Users\Admin\AppData\Local\Temp\HoYi.exe
| MD5 | c8242183347b8f6794770faac23995c2 |
| SHA1 | e7d2bb87c6e0c161d60424f012f3bf96841ff402 |
| SHA256 | 5235eacbf862417e6fe823587f84ce70ecb42d8c8d443cfda4c4e3b211273c6e |
| SHA512 | c69d61a5fb93dd87423806a25e55f25bc62ef5bbab1d3b24ba75bc70712c454666512a76195b268091409697ddeb872534d5dee6aee3118512e66d3618971568 |
C:\Users\Admin\AppData\Local\Temp\HUMo.exe
| MD5 | a76cbd667d9a5c3fa6107f296bd6ebbb |
| SHA1 | 3a289d65cd3ad1884a736d658efb5555b071fafe |
| SHA256 | 16621be0c5ab325b7d3626b3c87034234ec5c67cca99b617153bdf54f0993b06 |
| SHA512 | 412c39e610b136c243b679b6f5fa53564f6ea9a37dc8cbeb4307499c403f02b82509635db7c96a5fa53213347aab316fc2cdf467ecdc2630c75dad0d507ae0c9 |
C:\Users\Admin\AppData\Local\Temp\QQEMkwMo.bat
| MD5 | 07bdec8ec410fd9ea2740430fd7d8f01 |
| SHA1 | 8f01af8cde3cc9ab9417a240bc6203fd425e8e9d |
| SHA256 | b1b95543c9f6445a9e93858ca72301d6b541d97d6ab30278e568bf7e9aac430f |
| SHA512 | 24ba45483a988b59c5241828f3f2c769382cc6b12be0aa485a420faa092b22ae45008f4e7da016e0be45d0cef5c4142c4e1422fc5afdc8e5fd69c44c513973b6 |
C:\Users\Admin\AppData\Local\Temp\gwAu.exe
| MD5 | 2508d47cd8d70ac6875560da784c9593 |
| SHA1 | 9adf96cb400869ca97dd0e6833dc0953f9604376 |
| SHA256 | d23a2cd88a9d1a2d3bbcc641a277df53c5ace047ddde36711402f31e3236691d |
| SHA512 | 8fc63b0e2c71f95133b1fa9c252b46bdc212f1ad74564b6a2a1b94acaba8e3dff2b5bbca1320228454ec8cc7422688cccd93586db22d11158dcd41e8e4dab47b |
C:\Users\Admin\AppData\Local\Temp\sEEm.exe
| MD5 | dd38155f68f58f8640098bfbb0925466 |
| SHA1 | b2e39ac7f2fc0a824efecefbe393054e8fb2b16f |
| SHA256 | e9f5af6146b4dce0c1a1e8edc86852d9172fc84571c26a08fde9cdb834856650 |
| SHA512 | 4e8ebe5a830a432509071f2acdab3cce55f68f13ce16782bbd6c1b896f2a4f1462a28aa964965e2084bef267486eb6b4cd30b71947e162a10ef5cb001e024916 |
C:\Users\Admin\AppData\Local\Temp\ZIEQEckg.bat
| MD5 | 8bebf35bacc6f852c2db4b50bcfbe7fa |
| SHA1 | 8496d564ee0d5012197996b8fba631a67834787e |
| SHA256 | e1a1f53fc607765f3c798e816ddc6299bca1697407a833e48f82bf7fe8ff3237 |
| SHA512 | d8fe77eaab1bb24a083fe611c978bc1e643b9c3deaca810788dad7904124c62ae873d881c8835214b508bca87da7022a9312fe676798570760cd4aeb9f11e858 |
C:\Users\Admin\AppData\Local\Temp\VMoi.exe
| MD5 | 910e007e7f73bff2496b5582ee7da4bb |
| SHA1 | 1309f1ccafbb536f9604b123673e900578284a89 |
| SHA256 | 75fee20589694265281871dc10c3f4e1c01952c9ebebe0f234ee777d79902e0a |
| SHA512 | 1a743a6fa9e73a04e64f858960f4b64e5a193e028d33fc9f2b2ad4005e11521d0bd18964e315554caccf8ac4d053be4c40637db89c1536d64dfbb6ed46ca4ba5 |
C:\Users\Admin\AppData\Local\Temp\AAMy.exe
| MD5 | 3e6fdaa1cb5049dd0d1dbf5cca5047d3 |
| SHA1 | 8d80db294431ef86dc7f7766a2efc3a7c055a98e |
| SHA256 | eaed1a14fcd696efaa80442cc86d3867b31dec5c32e43736b31a404ecae4435a |
| SHA512 | 5e3503dcd9058d9ba43ce590144d6d1b06194bd2a04597e1f121693f1e24dd67b979bd9a43b33a1c8d0d2ef19d48a1b339bd18b22e82ad19da5c4e43b1171b98 |
C:\Users\Admin\AppData\Local\Temp\XwwMwkwc.bat
| MD5 | 2112c130baad4fe6a5b101313fe1935d |
| SHA1 | b89c0f37f67d1dfc8bd9d337449ba19bcd4cf1eb |
| SHA256 | 58c8f464cfef8fd40ebc0b9ee8f77d28355210fbeaf86b73312e62d25cbfdbf3 |
| SHA512 | 2d78d411903e67d2925fc778f23307c4695b43ae85ebbd7ad114716a091d71f2a52a8229afe262853282697f34998c83328b02e42de9186ab31fb5bc81d7d372 |
C:\Users\Admin\AppData\Local\Temp\XYEG.exe
| MD5 | 4e78d1bdb17ef57311047dfba4d96632 |
| SHA1 | cba269e8e287970659f57c5991465353fdfba9b3 |
| SHA256 | 81567ce87388e1ba5a110e50ce4546ddade094d9b828e43180e124124857e519 |
| SHA512 | 4df8cbce300adf3146e222a0c7952088d560a944482889884ff3dc8159e1873ecd77e3aa317b20fa513cb7b319c43e2f2f954835442638ca8c42d53c6d9a80ca |
C:\Users\Admin\AppData\Local\Temp\HIMW.exe
| MD5 | 8302b96845b71b375b116d6d1038cf6f |
| SHA1 | 0e704e046f7f9607f013be020418863a4c752b80 |
| SHA256 | 4c8ebe7f401d43fd0343f97308604ba8061d9c1dbde17e99f5e7ee1924afa7d1 |
| SHA512 | a4f7763e174cf8c3bda6b416d7d7037df4678ef29560a1175643c6dee216c7e43c00cfd1a9f86972cedda5347c36c454b67fb2f74422d62aa1e88cb527d0ff6b |
C:\Users\Admin\AppData\Local\Temp\iscc.exe
| MD5 | dc3539f6359bdf8f78a32a16364c1062 |
| SHA1 | af4d6ec192a3a8aac13ad824c26aaf030a0c3731 |
| SHA256 | 88cc4eee1271cb840ca9258473d7d9799bad8f29c82c6dbeb5f09062d265ee40 |
| SHA512 | c002e8627c1b468339f7050fde9055c7251a0ef1be58b36f5470ef8b5eae598782bc95a9292c75d69b79a3dce388f7861faf1cb60651e68bebed40155abf94da |
C:\Users\Admin\AppData\Local\Temp\FkoM.exe
| MD5 | d1ba258162be453460a648eb1bb421d8 |
| SHA1 | 04c89a5c9c6fd3e1885337cf50e077e390cdeaac |
| SHA256 | eda350033b3a977090cafb09874fe11080b699bb6fe724112b687b89bc6f4987 |
| SHA512 | fa8341217e633a32f45ba38228b2ad1f02ba0fb4ad70e7b02fa1a2f23cb6df39820c964eb66d802cc95247d0a83cc4d9e37d46a39b6c0a39c912e369a4027776 |
C:\Users\Admin\AppData\Local\Temp\VucIQoYU.bat
| MD5 | d48de8ee351941bf7ceb5eac270681ba |
| SHA1 | 7e2152940b9908b380f8ca08451b307ce2fb19ba |
| SHA256 | 39da7b1b850daa32bc605f0b68b1cc46c248ae0f3bc92461ba618c541c375500 |
| SHA512 | 381da0eb39da3cd0148b39cfaa18e0aba72893a9f46d6faa42210f646811fabd951ba2423595b14ea67e71978fcd351bf10890da3f8c28825e712cb88941ae7c |
C:\Users\Admin\AppData\Local\Temp\MgMQ.exe
| MD5 | ffca7e70f16a8e95c90f5fa14e8a4f26 |
| SHA1 | a5a40619d14a222193c9e382ba644f88d406105c |
| SHA256 | 524280255bff4f256e50540b46bf3669859f813b24fe5f713cade31f4e13e247 |
| SHA512 | 94f755c83cfdc593503bf393c80d5293357281875af8b3e6e6f3516205502efb2c9556b8b48705d44b2763abc99eb24f4b380942f18559fefdd815e2dff002e4 |
C:\Users\Admin\AppData\Local\Temp\SgYQ.exe
| MD5 | 3a147f12624f3b3f0aae30fdc4b7d7c4 |
| SHA1 | 1a0084187380c09e12abb556db933f194906b9ce |
| SHA256 | 6ad4bbb5688d1dd94f37f7f3b2b69a804f4cddef02e47fe7130633479bc38f31 |
| SHA512 | 437dbf6e3477350ebb3e281b602d1481fdb31164596500e24b73dd28a37ffe4db9b8cdf9594edd515069997d1885215e3476ec0448c920d2291fe37ca31bd0d6 |
C:\Users\Admin\AppData\Local\Temp\asIEcUMo.bat
| MD5 | 476994e86fdbcadd56c94afc3d3b2312 |
| SHA1 | 74a0a317525d77e997a714ca9a378e7a86582cb4 |
| SHA256 | 1962ad7493afc075f2c20e060891ef29f07d0278bfc00c165957eb04381594ce |
| SHA512 | 13735289428481482b839c4cd8572df4f74b8a55ae25505a73e4f9f89bbf286c1fef547c16d22613373a8ac204fb8321b79f83f61b60794654dcfe467acdcbff |
C:\Users\Admin\AppData\Local\Temp\sggY.exe
| MD5 | b39dc8db133fe326c858f35b359d95f9 |
| SHA1 | d92f7ce5c503236f2ea493a481bcaf42a8dc4b7d |
| SHA256 | 324806dae988c72a4488b382d895d6250256e4023ec2ed0e9b9586280c57bf2f |
| SHA512 | f5e16602e058a1390ccd94b02b05ef6d98f038145be973513b1c988631d0ac1fd3b9befae3890d52ee10b10a3cbb4711765e4019411b9a1ceac40a7cdf57cede |
C:\Users\Admin\AppData\Local\Temp\uksA.exe
| MD5 | b52d32d76efb591f25f286f81ddeaabe |
| SHA1 | 0df108fcdfbf884c5c3261fe81b3882c527f0761 |
| SHA256 | 14963639a013ca948946199b4e18de3053e71b779d0d98bbb0045032bca41447 |
| SHA512 | d5ab957ae9ebcf24b98fe1655d72b41f767321fae06d5e628a9e0dfdc415a5000c3b7aed022d61886024054de42cbed123d80e5b0f74f0dcff1cc934449f8064 |
C:\Users\Admin\AppData\Local\Temp\PMIE.exe
| MD5 | a81520edab8de58ca67fd5d5ae3b99b4 |
| SHA1 | 52441b49c5321fce7a0c1bd478b2d2f271e55653 |
| SHA256 | 988487c56b1f02660bc5398f17fad69efd2f92cee8ab12cf024eb618cda6d4e5 |
| SHA512 | 1ca735a79238dca770447b79bab02dc1dab2da63956bc9c7b1f6b7769fbf6656bc14ebf9a342d95920866865b7620da0724c0a2ae88633809c2b75d2f26d1e04 |
C:\Users\Admin\AppData\Local\Temp\wAAy.exe
| MD5 | 69f8c8b75d18aae05a28e23854de04d0 |
| SHA1 | ce018ffb04cce04b420f930b261024a6fcbf3b94 |
| SHA256 | 982b3fd7457e03c4b5cb035efab5bf973c791aedf704c0ab55452d1db1c389ac |
| SHA512 | ddab741e39e0bfac48b26fa9efda29c562fd332cd784bf0ca36b67b95990f1f52a0b4a36e1dda80c786c4fa043030debbba38e58c8a3ab279eb9c702a61f07f9 |
C:\Users\Admin\AppData\Local\Temp\BkkMkYkw.bat
| MD5 | f981fd4396482718e7dc8803748b9eba |
| SHA1 | a452955ac1ac81db01a577573a23a84d389cc519 |
| SHA256 | 6365b0fbd3c71c5d01fe833815ec6baaa09fd3a0bae2200e9aa3011ea542423a |
| SHA512 | a2cd1dfdcd3c5a0947af7ff8e8351c1fe3ac9e0a1ebb13744263c934fb6450779fa5ebfda9529ff9871b31ce73f5f8feaabf7b27ab05f3391a0e635a1925871f |
C:\Users\Admin\AppData\Local\Temp\FkQI.exe
| MD5 | c89be3e6c169e0687fdb9e566ab189ba |
| SHA1 | a08f9bbf1c4596d7b741ecc8b9237cc338c90d39 |
| SHA256 | 5225833b253c602a47f4454ac5518e14e32614db60faa8517157966af30b1bce |
| SHA512 | eefa49ce64b472d6797d16a83bc216e4240ed284397d95bae681a8e951c6bfedc83b3839e51b658144ad5e82c4a755b2152ba282768e4bd9754b526fc07d25ee |
C:\Users\Admin\AppData\Local\Temp\qcMQ.exe
| MD5 | 748afee922fb5d7489d1ea13d9b677c5 |
| SHA1 | 1161862c4f5ab43bdfd7ab6ef987fa8a944ae6cc |
| SHA256 | 945ecca60aafcbe7fbf77c66f38a4f7034a4be0ed1e7f1e620426b5fbc34c980 |
| SHA512 | 01acf5c04b35094c9249b28d750c72550258cdcac4fde0cd94158853c9bcb02dbd34eac20e05f8b27becb7ddd4e829441818f24641bbf72512138d085c4fcc48 |
C:\Users\Admin\AppData\Local\Temp\PWMQkEwM.bat
| MD5 | fdea724229ea5b63c969fde8c46d8f01 |
| SHA1 | 6f477e2432aded6cba759e9600c48ea63d9c1752 |
| SHA256 | 42f5b7f286d0467fac757a70b9ff17f559aa87e6d464f82c0e98db79bedc7b37 |
| SHA512 | 041674fc3959cd96f1f081edbf38fbb6639f92d4bfff04cb1d1e004a8f3504e887b80a28127abc746e175bda0ba80ff25d0f4f526ffb32a63a8add162a068a12 |
C:\Users\Admin\AppData\Local\Temp\bMEO.exe
| MD5 | 37bf83984c7c9936b9ec690e6824508f |
| SHA1 | a5dfd512b9bc4bade510b8c6cc4b40b62d8a3fbc |
| SHA256 | 62dcf7021d849924124436c3851306d82de8f8d72daa7c39783c3a3a42556b69 |
| SHA512 | 020088f14b1753c73f277eb3a6fd555d26c0c3226bc17879a1a4765ac31ec48277fa05736a4104ee6f4b492cd05c01d3afe540e50eb20d056271835b7afe994a |
C:\Users\Admin\AppData\Local\Temp\DsAu.exe
| MD5 | 05b077043f151191e2f47665d9213796 |
| SHA1 | 9a62824a21b1c942f5701862c772905d029d0fb9 |
| SHA256 | fc0eb9b9d9fd7370e66cf89d8885ddff797c444384a379b89892edf1ea014fbf |
| SHA512 | d8a638c212e033b589e64ed0507a41b217c106f40ddfcc506b4e85c148dc4d4a125fce3025d2e90cd640d264d509fce7ea1ce4f11bea81cc663c5ac8ef8c6cac |
C:\Users\Admin\AppData\Local\Temp\hUsW.exe
| MD5 | 58b8aafaac51ef7d35d9bac74b529a4d |
| SHA1 | befa62853e4416601d82a0a65e94782addc975e1 |
| SHA256 | 749df7cf653fb51634cd7b34e001a777765fdce813f2783fec7d2a7abde81698 |
| SHA512 | 3636b7404590f7d98097f21d3d2c31498a2d5bc91245cd8ab03e266141ad16079b1b11dbd76b9b1548a7d7579f07b426e97f4c35bc7295939c2e53ab3511c458 |
C:\Users\Admin\AppData\Local\Temp\UwUM.exe
| MD5 | 54d727ae58a692d8d09144066d902837 |
| SHA1 | 881ee24b6679fc2a331cec0f0c5e991c17d0e58f |
| SHA256 | 3db0daaf82e37917b5a5f4dfec637dd28c9f5cd5ac9db6882d618c9cfcd3c500 |
| SHA512 | 4b43c24cc2ffb852903dd82c82807822335e6880edc0a890c3fd8ee316049d3c8803fbb2ddd8440af8ce9c96e5cd2402ac82bd46e12d4285b418ab6ad3a91bc2 |
C:\Users\Admin\AppData\Local\Temp\CgsIsYEQ.bat
| MD5 | c49b8311a2ea0fa955060b7d72ffee9d |
| SHA1 | 7d1b2af2bd21966f9901243fcf7c683e38e6fc55 |
| SHA256 | b0f14d803bd191a31b7de5b7acfef213f4c9ab97e9c50227e24baec218d10133 |
| SHA512 | 4af33b74ef6c59ca9c525cfef05d34f32d0530d8d9f72f21fc1204037c192a86b2ada878fd3ad19225ee51e8dded8d49ec845d41eea659d0a919ca3deaafa710 |
C:\Users\Admin\AppData\Local\Temp\MUYA.exe
| MD5 | 0efabe1f04600ae6712b83a7f9779fa4 |
| SHA1 | 40d1282916c491ecf0a2a325fc35e8418c2a63fe |
| SHA256 | 30d1c8d38880fb05320435f814b47a026d304a5923fe536bba5ea318a5fc4a6f |
| SHA512 | a28f1fca0ed353482a773ffa93f0d3215384af9d63d221dc4b44cc7339e2d199057a17188d5ef02d33a6b0d44da38d55712dac691ecf50878a527e28becab4e3 |
C:\Users\Admin\AppData\Local\Temp\oAgW.exe
| MD5 | 346165b2229bd8e2aa6e692e80928139 |
| SHA1 | 38a683360076dcc9669130200a2da2fe93b3109d |
| SHA256 | 53440d3ac35e83a069bfa105e5f1b9fd7f401806c44587ecbd51cd70baccd847 |
| SHA512 | 7cfcf37eecc16d0e5fcfd38fe3ff16aad9f77fdf62d003e3d3c0e20585e2c02a060b52f9302606548dd171b552f31909f3432a498a1ab1cc6d5c074f54316269 |
C:\Users\Admin\AppData\Local\Temp\LoQcQAQw.bat
| MD5 | 89b9b0fd00df407f87c01878f2fb526b |
| SHA1 | d87b24e548280de64d6b9f411f6ee29c938d1b2c |
| SHA256 | 642e4f31874d6bbdf0a0505c020071e9e24f65765ede6f036bcf51ffe8cfa522 |
| SHA512 | a7181fb951f7292ca55c5a750fa7e972ef900bc65489b870da7ae740b90adf6069210d2ecdc3c31f50566aa5402793efbefde884628dbc63b2571e164fb6ca07 |
C:\Users\Admin\AppData\Local\Temp\oMAC.exe
| MD5 | ca4706ddaaf9ade3c4ce1a151c031f72 |
| SHA1 | 3c4aead46af454ee22c0ad9bebba3e7b7d630203 |
| SHA256 | c4f075d227a25478ce4aa9fa920acf224b5c5f756770f485d2588d84a08aafc9 |
| SHA512 | c529f75120f95205a28dcd6ebcca458b989e08b9dde7bb21154c46a0602d5d9051fb64319b9ee7b6dbf398c97519891b67a133528668ffc18778645f83d2df19 |
C:\Users\Admin\AppData\Local\Temp\ZAgw.exe
| MD5 | bf999902befd7f7c00f89e4616131878 |
| SHA1 | 45250dd70091265d244364bd34bd5cb8eccc13c7 |
| SHA256 | e40e8ba3fc296fe071ba138d3c41c06db8d5d06a6f17449679ac93dfcceb7a73 |
| SHA512 | 27158cd72112e8f2384a321801418a2695eb490b3a26929769374a52c8c85f16930ff356697787b851d013774b8a8576adba75367d8cb4f10b7317d1e6af3ed7 |
C:\Users\Admin\AppData\Local\Temp\yMYW.exe
| MD5 | 1cab6ec330212419d312754685a22b77 |
| SHA1 | 12dd3ad2693ab4776623bfefdc0d086ef825dc7e |
| SHA256 | 92fe2940cb1e4ce5f02fcb77aa1f377aa38a9021212ce0888c4d2cb1409c194e |
| SHA512 | 9c5ea4c255f3d5b585ae8614651078c25a95f1b4d3ae67d195952ed92a2ba697774d96caf7dc5f797c3d7b03bccf66bc80efb7ab9b257e7f280fe3c081f5846a |
C:\Users\Admin\AppData\Local\Temp\nYEUIQcg.bat
| MD5 | 29ad0676b0a1235587278d807874e74a |
| SHA1 | ff5c97615f05636d47f9588ea2350af6750ab510 |
| SHA256 | 4f740c19ae161ab07cf2b890a11dca517bdabb327a96494d9b101d05567a3efb |
| SHA512 | 5a66c8cabff4262f5febd35b2b2b4a002792f76ee4a60a2d188ad54e75bf2fe19b93d29097cd429cd46d5ffd493d1bb8aa10eaa51650a4245783a709f62e363d |
C:\Users\Admin\AppData\Local\Temp\rEcM.exe
| MD5 | 3bf8b708476acec0843a5ba8d3e7ddd5 |
| SHA1 | 7d1d64431b3f09d24a7776f6f07456bc395b7fef |
| SHA256 | 9644c637d535f1a61e827eb2cbacdf6c368569348fa8f7a9784417c0c74c8901 |
| SHA512 | 9f584683a4f9fd14f9e50bbe8dd753a544a2daa4c9e8b6a9c3c1c8e2068cb3b64dbd37239a1c68d0f4dda6e48cee534d734b9af17dd0efa24e3c900211bd40c4 |
C:\Users\Admin\AppData\Local\Temp\jYYS.exe
| MD5 | 2835c2f6eff6871a77c7374741fb79a2 |
| SHA1 | 6d51e93459893b8a88ce5b8a9218627f216330e0 |
| SHA256 | cbd0f4835ac92f7e966c644bcab4c93be1716825d82e5f784ec30d14ce33082e |
| SHA512 | 7c416a0bcf8e1183fa7d055ce5ba34fa8e666212ce90d8ad65f5c85d8cf7d36d603b80dec24fd67820f94354c82354a6bd4a6fbec831aac0353ffe7d003d4b2c |
C:\Users\Admin\AppData\Local\Temp\PcQq.exe
| MD5 | 4a1bad120c5f05859f08f922c8a2bc21 |
| SHA1 | ba0b31b9dc4cb740aa09a4e5821907ac9ea9bdf2 |
| SHA256 | e751ddb86fa08f241a87309c4cce05b4ba6d2b7de089043b4fe435cdc35df4dc |
| SHA512 | 3b27fed75b04463e78e2981c3ef942cc5a493aa4e06d9fcfa955a2a3f45789652b4bd6c1a7441779b8620e5e6d30d325d88d56b39919621d086d50809f14304e |
C:\Users\Admin\AppData\Local\Temp\zcky.exe
| MD5 | 282fef1b7722e109874cb1a6afe52a5c |
| SHA1 | 537e8be80157422f7c244dcb4d2d12f2662265d8 |
| SHA256 | acf76b81fc8933b491dec6272a0d494eddfbe94677123ceeb2f4fc9336b3dabf |
| SHA512 | 590aa2133132bc2e82f213a2e2ae1864657e7c73cfe1e728f93e40c47c23af601e665ba5af3070a9b7312d61e53c7a263bac3df738b14baf2c4b0cdb6dfa428a |
C:\Users\Admin\AppData\Local\Temp\PsgO.exe
| MD5 | 474a58b8775d7c90a373a0411810b171 |
| SHA1 | 0b1b5361f431b26b64fb7424757129dac8d750c4 |
| SHA256 | 3f64c265f41fdb6a0c78bb3d3afa521c543e315cae8c98577c8852c40031994a |
| SHA512 | 2b3f0eaea13eec98b5306a39b49e8192162b1c82e77395fd31ba17bcaab88da6480aee19c334d1b78af3d72b2c8fe2d3b1ba80048c456aa3be6e1b3a3d1e197d |
C:\Users\Admin\AppData\Local\Temp\pIwcQEMg.bat
| MD5 | 4f9fe515ccdb4ad43c160f0cee1aec3b |
| SHA1 | 3769f0a0a27e0d6046470efe66cef4da3cde4ef3 |
| SHA256 | b0ddeeca49ea99f3fbe4a4ed2068b852dae6afee2d8bd98fb6b94c5962be158f |
| SHA512 | 095d64cda072f82ec9b585f22e62d33f1d7372c69ff9666397423f13e947bca20c1475e75bf92e6016197cdb1f38e130ba7fcaba97d173893dd8d9420fbc2768 |
C:\Users\Admin\AppData\Local\Temp\mMwO.exe
| MD5 | 1dd0f0459036dffae5f996f8c661a5bd |
| SHA1 | a1e393ab1a6697e79e0229a3e9c28b45e02706aa |
| SHA256 | 3d91bbd02da17f5ef702b846d4405b446d1e152023bac4f143f2103deee5049e |
| SHA512 | 29c2ba82c26db2139158d71b008693294ae64148fe3b767c9615dc6794090efceb7f76faf86c879a878d619195cd3e01e617c57260d6a9cc5187401e3f77eca2 |
C:\Users\Admin\AppData\Local\Temp\gYko.exe
| MD5 | 1c8fbbc89f9e6ceee762d4b99c948c9c |
| SHA1 | 236bb0bde58f3f842bb8171fa1d625fced24e2ba |
| SHA256 | 7c2e67f42e422048e9c3852515567e72c57e4a8a1cf130623b986aed9c6d2dbe |
| SHA512 | 854f468452efc1bc2d10d06c2150aa65448ab30a9e9a8cf8be3551db0e0799af24a21fe1c4e57091ad5cbd6d7d664800ce0418572482ff40c2d125ace04b4807 |
C:\Users\Admin\AppData\Local\Temp\mksMMUgk.bat
| MD5 | b24380c03ce52314a37394292c0c7422 |
| SHA1 | 900b193e9c0b5ff2f9ba443b8a8af2cebcd18c02 |
| SHA256 | 1ad4459851e0206a97c06c8cf244b314bbda2d303352c27556987f0273428632 |
| SHA512 | 810404415eb296c3d32cbc6004529337f8cdd051a8dfe91f4573fbb69f44c4a828659dd9f9b5ad8200787792f96c85aec33b30d3ab1180ddbdda5d5699bc44bd |
C:\Users\Admin\AppData\Local\Temp\sockYAsY.bat
| MD5 | 317d37b0edc7bd7cbd25d97f53a16ce5 |
| SHA1 | 18c9667c2999cabf0f54d2a87d10ee9d15aef35d |
| SHA256 | 06efe37f5e983469e8609e7af8399f4bdc5a80d361247a3a732ce4bec4fdb826 |
| SHA512 | d47e006282580432edfca63eb7883fe28b304d7a51cf99a5b5dc85aad46963f2b0a514c3cc53983cc4a25a6a689adc85a20b81344677ec5ea66fe6af2dc9d95a |
C:\Users\Admin\AppData\Local\Temp\VMUw.exe
| MD5 | 58c6c94dce3f38771e9feeb231ca1ac8 |
| SHA1 | a75b1bb99b87a3736aaf8b8ab0e21da91667df12 |
| SHA256 | 387f0d3fe094081db669a43eca030363fc5c32a6cebe9386d90712dc666b769b |
| SHA512 | 49493f1cc0de8f75048bb009fa705ecc9dc394592c67e7c431d0b7aa1ca795e364c6a910646daa8ec8601e12bf7eda0081c5b40dd0713177f717b0606ae96046 |
C:\Users\Admin\AppData\Local\Temp\lksg.exe
| MD5 | da2a371ecc1362c80591b1791566fee5 |
| SHA1 | 8eab5f597e46242bd8fefd4f81089c5548115302 |
| SHA256 | 397b6c39f0a4ac3fc12f758b9f61af9461a9872b763a5ac644fc803270b826ce |
| SHA512 | a4318526cfafa8b97d9f082da850d1b82b9122a3a4a8d007995c193da38a9c681e3f1473ab43d77101d5adbb131f0bf62af6393d499d6999f6f2c42c80c4dbdc |
C:\Users\Admin\AppData\Local\Temp\kmocYwYk.bat
| MD5 | db3262c38a21f5c1b48ecb03f379c190 |
| SHA1 | a87cdde6bf74593c79ecfff211ca94386d17499c |
| SHA256 | 4c8fda41e71cec4ecd3d2019354cc0e75acdecb5785ac469400dfe3ec56a4120 |
| SHA512 | 20df52f1a23825b79bd0b6484f35bdb95a47bd7a9b0838160454943b749380584149dcf77e2a14f18a89252276db70badcc5939a1536fb9bc750b3c4bfc93184 |
C:\Users\Admin\AppData\Local\Temp\DMgO.exe
| MD5 | fe2a3a5bfa040089f994fa65e1c4a054 |
| SHA1 | 39f50f569cc26d23f15e1bb1ca84f911e2cbf28b |
| SHA256 | 1083266fd788929558cd345c059db4565b9173f61124799066827b928adff5d6 |
| SHA512 | 2f25e0257d5918206c2d2040788c559b49fa5aceda369cc71e26221707a0e9019cd29c7f5699d9348ee9e278bfb64a270c890a502392237981e23d3cc9ad13b2 |
C:\Users\Admin\AppData\Local\Temp\OQsg.ico
| MD5 | f461866875e8a7fc5c0e5bcdb48c67f6 |
| SHA1 | c6831938e249f1edaa968321f00141e6d791ca56 |
| SHA256 | 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7 |
| SHA512 | d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f |
C:\Users\Admin\AppData\Local\Temp\sMYO.exe
| MD5 | 3ea865f55e848b4c1bab492fbeaeb057 |
| SHA1 | de413d4f72b3fd2506c97d50b52dbb56485c004c |
| SHA256 | a76c86be8b5da84023d0af6776bed8284ee72a538db56d8f6fa316aeca012ba9 |
| SHA512 | 01176ee4ee63bb77dc197b85550040952a1107d4b560285b5d8bd623b5f8e1d406e1f4e719a2ed4af81aae108f9993d73ca0e2312b7062aae8b6cf8c708a690e |
C:\Users\Admin\AppData\Local\Temp\DccS.exe
| MD5 | 2943b1ae7d403b47fc68d3ff2ec801f5 |
| SHA1 | 505d9a06bb5da0ba21c32d1d77e8323807ffbdae |
| SHA256 | aafb1f25bec40a7ebc4a3ee994fa3a00c5fad4d29a9eff677a80dff45bfa3da9 |
| SHA512 | 1e15ec1bfa491ede55bc297a5463c83836380cce7878778d1fac4b6054f31c0d7ac25fd3ab301d2aac2871f645b31b7003d9643cd798eb5dc3481ce7cb7e4b1a |
C:\Users\Admin\AppData\Local\Temp\ucMs.exe
| MD5 | 9d3cdbc4bc66b58f84a311534151209e |
| SHA1 | 7ad96334f3503d6ff99487b19d85a6fd6f49e2fa |
| SHA256 | 2dfe3cbc60b19a18ab7087890c9530d01f297572770ea214189221540f2febca |
| SHA512 | 7cbc5c813a98a0ebd7b69763284f0f0efffe1428bdccc45bfa05d423432237232470be648f92d6c8820e745faf1be999afac998c4949f6473e0a4c56d209097f |
C:\Users\Admin\AppData\Local\Temp\KkYk.exe
| MD5 | ad0747dde37ec4cda67839a393fdadb7 |
| SHA1 | b7c45a8706ca4e4686032a0a5d2fe79f0a28149c |
| SHA256 | 6be4f4aff6c5fcca65ca437dcfa67ce5bf516b9ea788cbb2ea81b3634dd58df5 |
| SHA512 | c218a6103b66059a8c40e4e90fb5b6584b887c545684929e5a7d548d872db50de1a3ab2b2ea5ba1bda73dce7d394995c45a41391a52fd61ddfac4c310693d4f2 |
C:\Users\Admin\AppData\Local\Temp\SQYE.exe
| MD5 | 2c35a2928f8169dd1a607e5f393d353d |
| SHA1 | 83fe8827b268f8944e3e6ea9783773742ea392e1 |
| SHA256 | c187d67b50f35ade4f98d6d84824ab0b9d4152f1aa36aa047528f091306b0652 |
| SHA512 | 9ac635a8d18e7f1a3d160305cd4e44197fff87f7e9852ae5ec1ac8a21fcaa3378f4852b379903eb316bf2faec2c5d81ff4fa291be1e6129b6a3a3e0cb186bdc2 |
C:\Users\Admin\AppData\Local\Temp\sacQEUMs.bat
| MD5 | 7640f0c7d1d2d81d957baffc89d338ac |
| SHA1 | d29d303ab7ba60be783d2ab5fe60e319e24294ac |
| SHA256 | 3982a664020ec3bb0ebddcc2d63cdc0af3c7b4a1afcaba0ea43ce92019273112 |
| SHA512 | 39044f6fef4613f23b4f9df3496063529ab8209db16e56dcac8be468d60df4e0b6c0d44e59868641bf0ce15fa164cfe47d006ec954f1b239cb708dc09e186501 |
C:\Users\Admin\AppData\Local\Temp\nkwU.exe
| MD5 | 8f0d86c30d36a4f3b798e6c5540c7d05 |
| SHA1 | e03b69787f68c696b71907055bb4621d3636f687 |
| SHA256 | da353309c369d10f8e5497ddd9d0a6e991a6ef60e3fc4d3b1dd89390dce65706 |
| SHA512 | 5f8debff2dd94a9bf155658e9bde0a98c8226aea039ecfcea61ad45cf89a1d9e4437fd71c1d8843ce90a33bb9304039e476b008ed01422e70d7ba493c75151c3 |
C:\Users\Admin\AppData\Local\Temp\VsgE.exe
| MD5 | 5f129be44a897fd3cb6416f7006749d2 |
| SHA1 | 24595dab45a93957c9dca41f312de8dfeb315cd1 |
| SHA256 | d037d9fa8bd3a8d9279b209dc255623dbc224e97162f39f9dfdd5636ca1d1f89 |
| SHA512 | bab53c9a17fab8fdf2b6bbd26969dcb16607b8c6e63a2286cf5386be37a8e0f472eb45d931cb8e23aee9d3976671c9082fa0cc3fa9bffb774e5c089d4fc4866b |
C:\Users\Admin\AppData\Local\Temp\DIcowooY.bat
| MD5 | 0b36150471d46199da9828f4d0e20d4c |
| SHA1 | ad03e03f5afccda54841b887bad90197566d15c0 |
| SHA256 | e404da1d222ed7543ea949b921f5c3bc3935b53934c9ca28c3e3ab43bac0edfa |
| SHA512 | c87f45392541286b919de4835597c544ece00c2de0e6fecd1f276e520c19fd6ea7a7e2534d45ea34e5fd732b965fa1055d8738d8c44bdc7513d1fed1b9e84161 |
C:\Users\Admin\AppData\Local\Temp\nWcscIoc.bat
| MD5 | dd4b2215708e9fc11e3819fd74992e89 |
| SHA1 | 41126842b41a66b1ac5ab58e50a795d0e12e5241 |
| SHA256 | 1bf521f18f9812fdc63e6e780532f16d63610ab3f06bc9fcc48e6f9daa0fef36 |
| SHA512 | b4b09da3b9161dad4a9984855759b69f2111d0ea84c383c5871923d37ea9cb751f4258991cb0f53968ab4fbb8b888de57dcb15b8d7b700dc48a16aaee03a07fb |
C:\Users\Admin\AppData\Local\Temp\ryEUYswc.bat
| MD5 | 3995771670b257db3ae355bed98030b8 |
| SHA1 | 3bc26275ae120873308a89bf0e9b1a1fbc49b398 |
| SHA256 | 6275ee8b8100ffd32e4ce1e587b3718ee33e8c7c077f960097390275cef07532 |
| SHA512 | b96684baba1110afb60afa0719c469f14337e9d65a3822ca64b06c2bca19bb88fc452cd4dd532e4d8eb4594bf6e9320734b8f47d385a18e4f6a281fb13a1798a |
C:\Users\Admin\AppData\Local\Temp\UUUO.exe
| MD5 | 0c8380c210bf239c22c841134b1863b4 |
| SHA1 | 50ca3cc1c1ba7ad7e50bbeaf63c3b2d2f7bbe94e |
| SHA256 | e39309a6d071b61a2dbdddf8345bba7ac68e8b575cf3482899a7cdfbaf679a25 |
| SHA512 | fd5c9aeabf6c10ec74c051172ef72e59f056ae54743f198f339e7f11b5c9d67eea919b723b6b7dcd353fd3765e388836196ac9e0d8cb48085963890bfa75b6fe |
C:\Users\Admin\AppData\Local\Temp\hQgsksUM.bat
| MD5 | 8ad66dc550123b78d7496db30b171022 |
| SHA1 | 84df444d24d1469728cfb398ded82f0238fd96ae |
| SHA256 | 597b929fc8aa6c0edcaa350c9a41bbb0b17fb0ec1553e3f576501e7395b94df1 |
| SHA512 | 4e5c250715651fdfca2d0fd4dc204ffebbe850030114143106748710e6ac51c0c6d07f0046a0c2592dac107113fc9573ca59d81f2dfd5223eb8139cffcd0cfca |
C:\Users\Admin\AppData\Local\Temp\DIgskcgQ.bat
| MD5 | 7b9b8dde663698f985b4e146ee04355a |
| SHA1 | 82f4c18da5b5402734c3c8b0675a8a1743880fe6 |
| SHA256 | 526545764d2576d051b34e1df71ab600c4a908499b9d797f5da4a40de18a5eaf |
| SHA512 | aa9b8d5b17c141402e8e9743be4e3904450d2b0aa8df647514faf81d57836554c46e7f3768d5cf0958a6205bb0d115e6872dce289fe76b9ceb36ea4e314bf51b |
C:\Users\Admin\AppData\Local\Temp\haQAAgcg.bat
| MD5 | e0f82a974aba209cf5375d988b13a57e |
| SHA1 | e9cc9cf85671c16cb6d6eeb1bebd55a8861b099b |
| SHA256 | 5cb88f13ab3435891f98742297894e05beb0b4b3cc6ab7e3583f8d3409097003 |
| SHA512 | 5716448ee701b2dd312aee7619b94e9316e7e049d121a21b1bbf21d77609fc3e0a728ae8d3de287599a878dea012e24026166bccd63c97ae5a0056a9f7a1cd90 |
C:\Users\Admin\AppData\Local\Temp\EcUQMMkw.bat
| MD5 | c8a065252781b54b806f21441744c66d |
| SHA1 | 269c0f56ea549e9e3674e21b295135165898780f |
| SHA256 | db65e675b3e85a0ccadad254160bfb5739970a899adb4a4952c03645e87458a2 |
| SHA512 | a376f2122d6d0edf4226b9f8cdf9bc1db85c2ff8fe3ec6c99cc1a80501a1458901386d1849fe321bc1299605e7dc6c95c50ba12a39c51f6f7002d9563286d45d |
C:\Users\Admin\AppData\Local\Temp\GYAkoQoA.bat
| MD5 | a4b6208c55774bc08bff988194417077 |
| SHA1 | c224bea22dada62e8b2c15c27e1a46ca3f497b17 |
| SHA256 | f529df0ca8f0a0fdf2044bf9c57217a4a5a4ccf93730615925b198a3d0f15ec7 |
| SHA512 | 9be778131148fccbee9bfbedbc1d8beb4e8f4eb7ea6d57a82d37b8f191da8ff0800432fc2fa7f0e430fdfc26337e107660ffe2503c4287c4b5a3634c18837423 |
C:\Users\Admin\AppData\Local\Temp\mAwwogsE.bat
| MD5 | 9f70df04b38acc5ce1a80b11a5ba61b8 |
| SHA1 | fd8c1296ca37817e3311f9d1f3575bc018fd2425 |
| SHA256 | f8a2793df5c524055b94a42edf277aef800db31d8f1c27de1dd3f727987c5f90 |
| SHA512 | 78447c0a9dd138f65898c3bc0a6e5f616fe95cd3cadd978a422442e067066a14c45ff0e0426cf0143ac4f5bcbd5ecb0e3105e60d75b3b6eb31952be1c48812dd |
C:\Users\Admin\AppData\Local\Temp\QYQAgUMw.bat
| MD5 | 7d85942318257a2f25b20ba3746ab105 |
| SHA1 | 9c9efa52c7ab4fee9a1fcb644d3dc832ca2740a9 |
| SHA256 | e2cddb5d3295c60cb5712d98d84c9d3b877bc1baa6f39a3656111b3d9be8d749 |
| SHA512 | 67325b7ec08e096da08fc5d9c39f4e4cf4d7615a289688f80c65d82ab99c69315d6fabdb556361993d0f1ffe13413d874e83334795f3bdf221290d161a7a3483 |
C:\Users\Admin\AppData\Local\Temp\MwoEIQoo.bat
| MD5 | 3656573464c31d285f5de4304c4d91d9 |
| SHA1 | dd444cf4f7914c34db66572b25416f6349fc2159 |
| SHA256 | a152bb833fd4c07aaff46f72c26a8e78b958a1503b16f806f16aec4ade1b4835 |
| SHA512 | 7a7ae5564b9223aafda8aeef0f504d2a924aeb4ee2a5f93d4a68115bbf7099e6887e471340a62816863ac44f8e074b236c31550c6a8810db4ea6cada2ab8a951 |
C:\Users\Admin\AppData\Local\Temp\jkwgMAMk.bat
| MD5 | 97842759cfa7ba7e7d80d5adfc135912 |
| SHA1 | 378e31cc89082124bf49af4e0b6564d0167a2b97 |
| SHA256 | 8ca9402a6ac9a7ea43a42fca9f6ee8fa32209cf30106e6e4f2506d1434a04c0b |
| SHA512 | a1e95df3c43433c7ecfa4da7bbf99b5a540e05510aab44a3f560761ab672c280d96b36ac0ed57b579a28c4259bc049555ab67c305746ad3ec8067253ed6c8526 |
C:\Users\Admin\AppData\Local\Temp\xcwAQYcM.bat
| MD5 | 98c6ba8e1bd7e6c95aa9a19357cf314c |
| SHA1 | 058b47ac5a58edbf870032eba50714434382b28b |
| SHA256 | 37230399b8e7947732043a1303a036889213c79819dfbd5a3219a23d67a2ffb2 |
| SHA512 | 6ccfdf665de3c1f728c8aca5ed56d65951b4bc582bbc2ea2f30981703c658ffdb73742b0a0ac27e418e7ec9f45e258eb6af83c1cbac647f25de6e63ed4a1d997 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-01-25 17:37
Reported
2024-01-25 17:40
Platform
win10v2004-20231222-en
Max time kernel
150s
Max time network
147s
Command Line
Signatures
Kinsing
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\System32\Conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\System32\Conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
Renames multiple (80) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\GSAcYQEg\dIAoEIcE.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\GSAcYQEg\dIAoEIcE.exe | N/A |
| N/A | N/A | C:\ProgramData\YUEIYYoU\MkAEMMUk.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dIAoEIcE.exe = "C:\\Users\\Admin\\GSAcYQEg\\dIAoEIcE.exe" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\MkAEMMUk.exe = "C:\\ProgramData\\YUEIYYoU\\MkAEMMUk.exe" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\MkAEMMUk.exe = "C:\\ProgramData\\YUEIYYoU\\MkAEMMUk.exe" | C:\ProgramData\YUEIYYoU\MkAEMMUk.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dIAoEIcE.exe = "C:\\Users\\Admin\\GSAcYQEg\\dIAoEIcE.exe" | C:\Users\Admin\GSAcYQEg\dIAoEIcE.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\GSAcYQEg\dIAoEIcE.exe | N/A |
Enumerates physical storage devices
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\GSAcYQEg\dIAoEIcE.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cscript.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe"
C:\Users\Admin\GSAcYQEg\dIAoEIcE.exe
"C:\Users\Admin\GSAcYQEg\dIAoEIcE.exe"
C:\ProgramData\YUEIYYoU\MkAEMMUk.exe
"C:\ProgramData\YUEIYYoU\MkAEMMUk.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PiQcocUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jYoQMocQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pgIAwYME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EWsMEEkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sQswIUUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CYkMgUIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OGgUEMUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vEgAsIkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zMAkQMEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PgMcwAAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zAkkUAMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\McwAAQww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wGgQYcco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wUEkYUoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ugYcUgUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AasUscks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DCsgAsIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\feQosckE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pcUsQIUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hmgkoUoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\okAYcAUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eEckcgUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aGkcwEAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VaQQIwYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jsowkAMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HocMMgUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IyEYsMQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oiMcccIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GsgQgckg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OCAogQIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\koggAUQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vWgssoAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fasEgMAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BSoMYMYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aiowwQws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mKkAcEIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Sgwwcogg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NioMwoAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vgMIwkYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RGgwcAEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PcUYccks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YkcoYIkU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qaAQIIUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EMUYUQwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fqAsMYcg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HsAUgEMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TqAEYQgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ymskEQsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KuQwEQQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mSQgAUwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AeggsgEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XiwAUEsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RqsUcQcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DAYoccso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JIMIMMgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iOgAswgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YAEgAIUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CoAAcIcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dAgoUEow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vucsEYco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DIcAYUEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HoMgAIcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kecMksMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KQQAMAkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MUMEYgYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AeEoYMgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nwMEgMAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PeEMEkMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BwIQMAcg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TQQcMMwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AUAsQEoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mQgwIYcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kaIQIsIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LcIskscQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rOQIAwQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nQAocUgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AQYsQcoc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CmoIAAck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AmYkQYQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YmccEUYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VUoUYkoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZgcwEAAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZiYMUkAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fSAoAIgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IGkAAQEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ksQswEIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gioooUkw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UQIYMoEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bQMYoooU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PSgMwMMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bAcMIkQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nwsQwUsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\keIgUsUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SOYoYAck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TCQscgoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rAYQccMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pIYsoAMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rkwIIcYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uEwgwMYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WCoAQUsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OeogwckI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NoocUQkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HAcscAow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hqsUockU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XwIEAIEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GsAUQMgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QysIgEQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qIcsAQEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\beUUwwsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\juIgkUUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NkMYQEwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XmAIAQws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ucQgcQAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kEUsAsgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oGQUIswQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TgQIAIso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nkQskUYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jiIMYQMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dssYsMEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mCMUQcko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mWoosEEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dkUcQwAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DWgcUUgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kAUAAsso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CYsUoAAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xGAwEscY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hKEAkEgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GWggcgIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iYMgoQMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ayooMkYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nyEswYgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VoogoQcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NWQMMoIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lYEkkkUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gekwMIIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YesgYAMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wiwkocIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WEoksMcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DesIkMgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VmUkIEkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hyMIQEIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| BO | 200.87.164.69:9999 | tcp | |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.180.14:80 | google.com | tcp |
| GB | 142.250.180.14:80 | google.com | tcp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.160.77.104.in-addr.arpa | udp |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
memory/3988-0-0x0000000000400000-0x0000000000438000-memory.dmp
C:\Users\Admin\GSAcYQEg\dIAoEIcE.exe
| MD5 | b13dde14ce4258e2c6a3e98d8a904f96 |
| SHA1 | 947de0e02f8bb584be3086501978d85e194966ac |
| SHA256 | 0374c29503eea3667d3a18e4a12d5e4e5363a0f421c793f8277fdd01bf2b7329 |
| SHA512 | 169dd85f16c23574f3f618c17932bb624495295e44263331687a5c067cd6bf81e04018c3580b5f966239456675418d47d7faf9f6890c4397a4681d577becc86d |
memory/1636-15-0x0000000000400000-0x0000000000432000-memory.dmp
C:\ProgramData\YUEIYYoU\MkAEMMUk.exe
| MD5 | b006bc053155ac8ed460b74111a19f50 |
| SHA1 | 58e05ae080037ca405e51bf714d2cabd84a5aee9 |
| SHA256 | 5b6f05f013c12b2ba66426270addcdbaae41d08f1d82974737457a7e97586597 |
| SHA512 | 24c0ff0acd14997fcf907054917c14e6464cf4619a1e3597c8147740d67fab1090b961201d9b8744d56caf94dbca35db5f2338f4f0f26ca8ddaac139cf7e901b |
memory/2408-7-0x0000000000400000-0x000000000042E000-memory.dmp
memory/3988-19-0x0000000000400000-0x0000000000438000-memory.dmp
memory/3640-20-0x0000000000400000-0x0000000000438000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\PiQcocUg.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ce621c0a61fa467b80d3942f722fecab_virlock
| MD5 | e0a80154e2c7c04bdff156ce10733245 |
| SHA1 | 1c79f105e609481391cd58ee99339abd10dc8926 |
| SHA256 | 19a3fe8192c7b0b9062dbd36d0223aa2d4ed15e571e2a16ff5090297b268cc21 |
| SHA512 | 1fe4c9c18322fe7fa2bae34cee82dde8aa1d99bd798fca8486a2a5c857e6c93f645dc0780478a827574cd46492dc61a1b9044cbf8f101305552107f5f4c07e10 |
memory/3640-33-0x0000000000400000-0x0000000000438000-memory.dmp
memory/4076-42-0x0000000000400000-0x0000000000438000-memory.dmp
memory/2172-45-0x0000000000400000-0x0000000000438000-memory.dmp
memory/1088-53-0x0000000000400000-0x0000000000438000-memory.dmp
memory/4076-57-0x0000000000400000-0x0000000000438000-memory.dmp
memory/1088-68-0x0000000000400000-0x0000000000438000-memory.dmp
memory/2528-78-0x0000000000400000-0x0000000000438000-memory.dmp
memory/864-82-0x0000000000400000-0x0000000000438000-memory.dmp
memory/3016-90-0x0000000000400000-0x0000000000438000-memory.dmp
memory/2528-94-0x0000000000400000-0x0000000000438000-memory.dmp
memory/2208-102-0x0000000000400000-0x0000000000438000-memory.dmp
memory/3016-106-0x0000000000400000-0x0000000000438000-memory.dmp
memory/2208-117-0x0000000000400000-0x0000000000438000-memory.dmp
memory/4516-127-0x0000000000400000-0x0000000000438000-memory.dmp
memory/2324-131-0x0000000000400000-0x0000000000438000-memory.dmp
memory/4516-143-0x0000000000400000-0x0000000000438000-memory.dmp
memory/2368-140-0x0000000000400000-0x0000000000438000-memory.dmp
memory/1888-152-0x0000000000400000-0x0000000000438000-memory.dmp
memory/2368-155-0x0000000000400000-0x0000000000438000-memory.dmp
memory/1888-166-0x0000000000400000-0x0000000000438000-memory.dmp
memory/384-176-0x0000000000400000-0x0000000000438000-memory.dmp
memory/2516-180-0x0000000000400000-0x0000000000438000-memory.dmp
memory/384-191-0x0000000000400000-0x0000000000438000-memory.dmp
memory/4220-199-0x0000000000400000-0x0000000000438000-memory.dmp
memory/4536-203-0x0000000000400000-0x0000000000438000-memory.dmp
memory/4680-211-0x0000000000400000-0x0000000000438000-memory.dmp
memory/4220-215-0x0000000000400000-0x0000000000438000-memory.dmp
memory/4920-225-0x0000000000400000-0x0000000000438000-memory.dmp
memory/4680-229-0x0000000000400000-0x0000000000438000-memory.dmp
memory/4920-240-0x0000000000400000-0x0000000000438000-memory.dmp
memory/2172-251-0x0000000000400000-0x0000000000438000-memory.dmp
memory/1468-252-0x0000000000400000-0x0000000000438000-memory.dmp
memory/1468-263-0x0000000000400000-0x0000000000438000-memory.dmp
memory/1580-273-0x0000000000400000-0x0000000000438000-memory.dmp
memory/2496-274-0x0000000000400000-0x0000000000438000-memory.dmp
memory/3436-280-0x0000000000400000-0x0000000000438000-memory.dmp
memory/2496-283-0x0000000000400000-0x0000000000438000-memory.dmp
memory/3436-292-0x0000000000400000-0x0000000000438000-memory.dmp
memory/4992-289-0x0000000000400000-0x0000000000438000-memory.dmp
memory/3416-300-0x0000000000400000-0x0000000000438000-memory.dmp
memory/4992-303-0x0000000000400000-0x0000000000438000-memory.dmp
memory/3416-311-0x0000000000400000-0x0000000000438000-memory.dmp
memory/372-312-0x0000000000400000-0x0000000000438000-memory.dmp
memory/372-320-0x0000000000400000-0x0000000000438000-memory.dmp
memory/5024-329-0x0000000000400000-0x0000000000438000-memory.dmp
memory/3576-326-0x0000000000400000-0x0000000000438000-memory.dmp
memory/3576-340-0x0000000000400000-0x0000000000438000-memory.dmp
memory/4400-337-0x0000000000400000-0x0000000000438000-memory.dmp
memory/2564-349-0x0000000000400000-0x0000000000438000-memory.dmp
memory/4400-348-0x0000000000400000-0x0000000000438000-memory.dmp
memory/2564-357-0x0000000000400000-0x0000000000438000-memory.dmp
memory/2128-358-0x0000000000400000-0x0000000000438000-memory.dmp
memory/4636-368-0x0000000000400000-0x0000000000438000-memory.dmp
memory/2128-369-0x0000000000400000-0x0000000000438000-memory.dmp
memory/4636-377-0x0000000000400000-0x0000000000438000-memory.dmp
memory/4560-385-0x0000000000400000-0x0000000000438000-memory.dmp
memory/5088-387-0x0000000000400000-0x0000000000438000-memory.dmp
memory/5088-394-0x0000000000400000-0x0000000000438000-memory.dmp
memory/2724-395-0x0000000000400000-0x0000000000438000-memory.dmp
C:\odt\office2016setup.exe
| MD5 | 4afc366c83046ee5066e1cb8972339a6 |
| SHA1 | 8e9c920261a186b9f9171b0b668eef956c886581 |
| SHA256 | a9089f078fe4e0debef149ef1345466b4ce7792fa3f76da08950083e397d89ac |
| SHA512 | 97ebb37e2692039bb3885f81c87b17c678c988f311e2f42ba2083868d37d2b9fc23fd22f31add3deaba2a198c3bd0f3547ee9bcdf53939a0b13403d15c3ba586 |
C:\Users\Admin\AppData\Local\Temp\YcMS.exe
| MD5 | b62aa6d5fd39438a40ca689ef75fa7af |
| SHA1 | 4ccffa9f521f5f88ef13fea4b83ef9fdd4adb55f |
| SHA256 | 2bbd0094e930027f414b809a51886afbfe3db08ba848c1acb727d4ba4dd63410 |
| SHA512 | 2e15da21fa190a31716ec1cf94980d16d253f8c13af42b734d4aba7e2bc4ae20b3af58746302322f35692a28d7229daf713e9b5c359cf0926ad86b5a6351e9b2 |
C:\Users\Admin\AppData\Local\Temp\Awcs.exe
| MD5 | f88d1801ceee7f822f9467c4f8acbbc8 |
| SHA1 | 5c6def0bd2b45b67b6ce8f8c989a6af08af62850 |
| SHA256 | 88971970355db08a9cde9712b57061e96c809c04ce41b2114e987972d06ba8eb |
| SHA512 | aa1022d25f4829b3eff7433ab7a8301de3c5f3f3fb6e872c1d096047b5654ec93c38746836f775df16d1803ccb6ff9a2ba10f3b7c83595ef31a4065e011e081b |
C:\Users\Admin\AppData\Local\Temp\UkMm.exe
| MD5 | 555e26179082d7d503ffe52bf6d65eb1 |
| SHA1 | 60fe63fdb473fbd19bdd4d48637f2b732bc6f2ab |
| SHA256 | 24f08ecabed4a806fcaa4619000b372da43d4dd5481daad1158b41c658daa92f |
| SHA512 | aa47ce6ba2a9cbf11cdc0fce0d0fed48432cdc44b4237649ef3e1f8d0b0e9f47ff62ee975388e0ec145f7a934f22074e3d020d4f1d9ee3c24b184c6801ce7c35 |
C:\Users\Admin\AppData\Local\Temp\cEEa.ico
| MD5 | ee421bd295eb1a0d8c54f8586ccb18fa |
| SHA1 | bc06850f3112289fce374241f7e9aff0a70ecb2f |
| SHA256 | 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563 |
| SHA512 | dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897 |
C:\Users\Admin\AppData\Local\Temp\iAMg.exe
| MD5 | 4ce8b127f86317d5b21b2f78121c4123 |
| SHA1 | 3d6ba7f61679384c960029095edba6eac5ba8895 |
| SHA256 | a956d18ff5b4a14ae49a09b39217f932fe68e8f541563632f44d12a06f82ec29 |
| SHA512 | f7dcd51e3db6346110e53943b441bc32e7eb3e11c52e3521154e350b67b43c8f71e3482414313e81214ae98eaa3f09de0adcf19343bc75d332f4758df2dce68b |
C:\Users\Admin\AppData\Local\Temp\AMQo.exe
| MD5 | f45f739e6af88bc2a6785a9ea2ee31e0 |
| SHA1 | fdfe15c36cbcb7b3a40f427575d8791c5ee45d9b |
| SHA256 | 3633fc99053b8745669fabf4282d517a283b9c1b38ee1bf24ba05d14efd0c022 |
| SHA512 | 9870a7809c9dd4f509f9db98d1fedc464f50affd8d1403907836411fc50d2d3af7ab65aecff01c4226a3c6cee75eef97b1a6aea8afff2283e12f01e1010ac517 |
C:\Users\Admin\AppData\Local\Temp\uQEy.exe
| MD5 | e51008224b7e59123326c5c01f5fc81e |
| SHA1 | 36ddbe2ee3f543adb467e4323cc8827bf53a0f69 |
| SHA256 | 4d697618bf4383dbdaf87379e60efe310fc2be18071642b45ad3f79f8f18945f |
| SHA512 | 1ba8ca5fd0a5a63d8e5213b21cea3c206b743ac2ae6d73273fee9dc4159a148596ce4fc952e7f7d8638e40e119efd72938db128a7efb09c444a22fd2e30422d6 |
C:\Users\Admin\AppData\Local\Temp\gUoC.exe
| MD5 | 970d5c7519ce5f55197b881976c67ba4 |
| SHA1 | cba355d32801538a7724a7fdb90a984d3294100a |
| SHA256 | 44ab6c40d340f828baf1f914199b4cf3124f951e7135f5a3e5a90b5d970e0ee2 |
| SHA512 | c3ac2c8a78cf7307a2eaeb357fb99d833f59ff27a1f54ac693ebdbf194e86eebc5d62ec8f8f1de2449b8093a367abc961befacbd62d2893f971696b1e78ea4d7 |
C:\Users\Admin\AppData\Local\Temp\swoq.exe
| MD5 | 3ac5a437e9f263743637af5c1be38023 |
| SHA1 | 5ef9be4fd74f888e757c71c9af27334af5b2a9a9 |
| SHA256 | 50c5083f5d51d323c267c5c6d8017f457f231e791d2841ed5c8ac14797cdf8bf |
| SHA512 | c68b7186ec252c28e9fde3cadc2004f90d96bc125e5bca6d0076d3572547925122443dfd002e7ffa54e863d1bdb2bba104925007222465245b866f7c8cc94915 |
C:\Users\Admin\AppData\Local\Temp\GUYa.exe
| MD5 | 916af75119afe5d131a868e92ca22b5e |
| SHA1 | e3c61e3aa4b4002a43ebd4371cb52010f5d440bb |
| SHA256 | 94c8dd9ea9235555c4dabbd76e59c5ce7a34753848a6df7414c4725cda653033 |
| SHA512 | a5fa3c538d30a8a04f82c338000c68ecf56845d4153df0c38177801f744dac46990b9a72324f8a0655e2db298fc6eb34bc8447b7fa17e8b468d42b10e61fd3f1 |
C:\ProgramData\Microsoft\User Account Pictures\user-192.png.exe
| MD5 | cbfca4f103a96f261ffa30692f6af656 |
| SHA1 | 87113d8701e046862d666366773acd5fc8e39cc5 |
| SHA256 | a15df3e08fb239b0ccd92acd59f502492759a8a6ed603ce9ada239466c8b92d0 |
| SHA512 | 57b47c26d746d65c4d7f357773647cc21d381557400b3f43e421a3dad184702fca03bcfbaeeaed1a9fac41cbbc0c5ce0610f45952fe0268e414bdb8e4fc871c8 |
C:\Users\Admin\AppData\Local\Temp\aUQm.exe
| MD5 | af02b00c29b5fc7b1e8d97d83d469fc3 |
| SHA1 | efa43e05bc3fd95a3df5b110381a42e29e648023 |
| SHA256 | 563156df0434e1de0a26ba5b437c1bf94ae911db17d15b86c78d60561d078799 |
| SHA512 | ea495e36a24f7cb7563d44d2bca4f12eef83b9ebf6c36ed70a248db5dddf16c91e53bdcb885abff4b5b7625fd6ec84cb543e1cb9846ff5fa0064136dbaed43db |
C:\Users\Admin\AppData\Local\Temp\IIMq.exe
| MD5 | e573d40af01179edd41d84a4119412db |
| SHA1 | ba221f688303f6e221d2e3324db12d471b544a4e |
| SHA256 | 29229273d8081a032d2e960dc848caf99423d4814af2c256bec656e2e1e0b1b0 |
| SHA512 | cafca3c7843c875b4aefeb575a6f5e5814de5cdb770c92c948d36b6942564b238a32d7f95b07447f0a63d0bb700c8647cf110f2eb0b624a56e4713700adee854 |
C:\Users\Admin\AppData\Local\Temp\usQK.exe
| MD5 | 2ffdf5b7d2d878f8185fc5eac02939f9 |
| SHA1 | 54883f12d7cf2b3aee2d86c1bb26b71ed5494833 |
| SHA256 | 63c2b595b3b803f32f6e76feef0a368cddb873d90584e1714c3e9c153b30adf3 |
| SHA512 | 6864c433ce3ce0b08ca9bf2f1845d22188810c2973d5dafb16a089abb59ed07da434d3876729fa70c70459ec935f235b8aef60217cf9d87fc2747aef62bffb8d |
C:\Users\Admin\AppData\Local\Temp\iIES.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\eYUo.exe
| MD5 | 4237ff2159d87228eaa979e4e3daa242 |
| SHA1 | 1ed577ab639ed6077a83b3dc71d169d19d889129 |
| SHA256 | 6f04fe1164ca74efab9bf67eff8390423ea08dda34305a359b25adf3343f9b8d |
| SHA512 | 07f522eee99e35ec1ac92d5393d7fbab21366a6780877dbbfa786321bb865486bdd84bb55c7c3018a4ea29be93201bc10dfe8e54c6aecab9d916ef05181ad5bf |
C:\Users\Admin\AppData\Local\Temp\WAoG.exe
| MD5 | 7d8bb942382d21b4a7f96677a9c71ddd |
| SHA1 | a3d9ca647dc3cdd5c44b37b88f42197064c861a3 |
| SHA256 | 5b54c7548718daa5cc1cbe56a62d0b231d5a1e8e3cc05b0983b0b84b73bb9504 |
| SHA512 | c7569253bda56169cf952feb97769870e287abc8cd257fed284c6c4806b9780db32aaef233e9fe9b1b9f4dae6bca9e2e2ad19707c6988ada3df5eab3f701033e |
C:\Users\Admin\AppData\Local\Temp\qYsQ.exe
| MD5 | 90e333b553b61cb46b302d329f3f808e |
| SHA1 | ebdc96ed01a4dde8f0f1267c9a0c711aa21c9c47 |
| SHA256 | ef52a5fd748fe61dbed61d856c1c85aa642c4d578011c252475ede555f9f8cbf |
| SHA512 | d0b6ba256db7c9113a43c9aa27f121f9f2c05596fd1f2dfb07990ef6d9452cce8ba1e6a9cd9b130c3dc690660e989cabb5e411f98da5ebc7454620b3e111a90b |
C:\Users\Admin\AppData\Local\Temp\cUgW.exe
| MD5 | 652877a2d9ec4fcd3e93c49b02c2cab9 |
| SHA1 | ede8989e3e06419eb1f042a6b705ff47c933577f |
| SHA256 | a3e6fe1f540fecb013f988f7a2566ab048fe315a1d5ece57c383853bf1dfeeae |
| SHA512 | 1a149cb0f1f148f28385818b77444a74cb656198fb1b20f71e0c7edd6ffdd786f13683794dab42b6721d8bfec3ae5638af8bf3155abbae5398cc5e91b1facbde |
C:\Users\Admin\AppData\Local\Temp\okUo.exe
| MD5 | b602f78463ebd24d979af97f5ec23846 |
| SHA1 | 3853da4f002df92b5e87e04e426ba263cb1209f3 |
| SHA256 | b7ad7df026184e6c4fc7df98410f08c8af0c72a1bb28ff6f7b8bffbc0175d575 |
| SHA512 | 47b30984ff30498507d3103345aa38f3e0fa58cc294223a71ac3adefcc43388bc5630dfad03e4d0f87ddaa2f527b4f7c671afa9a2fd1d46198d15b19c9f870f4 |
C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe
| MD5 | f4e10578008ff5e0413d67a85ecbb15a |
| SHA1 | 26bf1ea4e935cefbaaf5b5325ca9a0e4592716fb |
| SHA256 | 032536f14f69b1cf4f9df767c928e518a92c23aefbd30fd67f7027971ea1fef4 |
| SHA512 | d9c6ecc9fabdf8970a5eb994e0465952b4bc4527f66e734422a65948e441d62d21da8592f37bcc7a3f522f534b6246adae4ef3db35195f1bb307581f63cd2c7f |
C:\Users\Admin\AppData\Local\Temp\UgUi.exe
| MD5 | cd0029a52647ede682131ef0bdb7f54b |
| SHA1 | b85f11ef72dc912b878eedd3109046d72de25b73 |
| SHA256 | 634b7c8748825d0ddb14911d35120c5a275f82c8e24aa51cc9358a5ab6b0dfe5 |
| SHA512 | 341bbf36ca85d88844000b32bf9fd026f45b0bf7c9ad08332db3a06be084a97f1d7266b8a859ca8a2b89873c96bf3c9388f758ceeb82d4d06ba1a23916add894 |
C:\Users\Admin\AppData\Local\Temp\kkQK.exe
| MD5 | 83ad59a9a85193ff579c1f572007c38d |
| SHA1 | 82cc1a035f8d628be95ddd13454c21f81d82f754 |
| SHA256 | 097c2c598042610ebdf46f7b9165762aa95a379d91dabf7871cacd715256ba7e |
| SHA512 | 6875e1433de1f50f48107e8f4bb05d6917ffb6a24885dbca356e1678c282d6dff9a1f5bfe4d592abbbfb55b8223387ce3930cb95e15dbfd962be5723e86ecece |
C:\Users\Admin\AppData\Local\Temp\oEkA.exe
| MD5 | aa11e8c9d5843c5ba8e2641162d2f430 |
| SHA1 | 47554ff4f9e61a827b57ca1f6fb074cbab46a383 |
| SHA256 | 62ee0e4a021f0dd47a13a6393f3ccc89e10341cb93cdf321a1fb9c3ee4d1a50a |
| SHA512 | 844887965f2ccfacf360a61cfff60d55a4064b6d73b07bda47d531005f362ccf45a47abf30b6c5a40237cf75304081a45cbc93dbaa7a82eaa7f991149d60dcb1 |
C:\Users\Admin\AppData\Local\Temp\iMAk.exe
| MD5 | 4404b94de400926aed9f51926cef535d |
| SHA1 | bffe7613c362b34ada06f8d7891960d0195b85ed |
| SHA256 | f68ba4d05b86c31f4532c9ab9fc82adff1ed67cf55481a382357f2837023c5e1 |
| SHA512 | 15b63ad57cd23c20905e913e62240ccfa8969d0a76f284da6cf0bd8f2795c37f4ed3372a2ea222f2a0e9c235589ad36e374ee4d13f240dfe613e6a282c1ab9ac |
C:\Users\Admin\AppData\Local\Temp\OIYw.exe
| MD5 | b845cbf812c4df401327a3849c01c6b3 |
| SHA1 | cee0a80988f45cf77510ccdcc3782ce4d22a01ef |
| SHA256 | 47ff670d2990bb20a99c30169c94e7915f6dd058bb50e219e29cde5fab7f9d4b |
| SHA512 | 59380fb465514730c5305136c86e0a1744a3ef21644d70e913cd012610ea49590361dbe9623747f1cdb0337ae829cbd19b638b69e2187d066cc3d14a46438117 |
C:\Users\Admin\AppData\Local\Temp\uMQG.exe
| MD5 | 91ebb6cb44dfc04840f3e8ac3b0cdf1f |
| SHA1 | f2f73a48258a1a87b9207f33e9c6c1a3879e0586 |
| SHA256 | 7765f7845ce70c136ca3c9a02fffef9ef418442c057873f268a9c8d14e21e99a |
| SHA512 | faf7df2a08f7e815bcea0df5a52db658f102d237aa8b4e2ea2c2478df8d76e41345a3d6c01ce83812f4371166602f3d76eb0793e5830343d68424f1df2c2c754 |
C:\Users\Admin\AppData\Local\Temp\uUwI.exe
| MD5 | 4f0f4b2823eceadc1b0db71a77435bd3 |
| SHA1 | 77a5fe78d02c04d5db79ab71ede5355408e2f56b |
| SHA256 | 58afbba5062698da974e2835296d6b07960e13584f6553bf5fe073a187163e1e |
| SHA512 | d610b9663f031a884be4e75a0aefb49401bb7b4cfa77d4be1db4b99459db02b79400dd88f65bbf95158ccdac9400a015e91fe19c2b7e593d09ca10fffce7c5b4 |
C:\Users\Admin\AppData\Local\Temp\GAIW.exe
| MD5 | f0e0ecc1e817d25f313fca9e60b304cf |
| SHA1 | 8c1f32a5167f98f9271d7b218daecbcac90333ab |
| SHA256 | 2f12459bec87eed0541f7ce46d869f0f7d2eb64a0d521c62b13c047f0435849b |
| SHA512 | 5dae13f26435798d82a1fed055c2c900a3bbf5b6209f7ce17336d3696050f715c90e6adebb1fa6a18f5f2be748299471d71b7e19ada105736175a38b12d01b18 |
C:\Users\Admin\AppData\Local\Temp\QUYM.exe
| MD5 | 98bb5ecb284e717cd3c5d8949075972d |
| SHA1 | b6776806e1817e3a40ccf057513c23edae23a4db |
| SHA256 | bf9ce89178850ded6457c3c0cfe77c4e8415ae806aeb0b43bcc569eea76f94e7 |
| SHA512 | 7d90ad68c5883aa5f47369bea60438b8dd9816a19f9d60fa5f9b47444ca886e3f65a93b06f68c70cf2a110dd7a389ffd074840532bf8a967153caf7040912d9b |
C:\Users\Admin\AppData\Local\Temp\AMIY.exe
| MD5 | 84c5fb7461b56866def988703acbfbe8 |
| SHA1 | a9fd3ffadfcfc60d1ea16e742eff393cd895c776 |
| SHA256 | e2af7ad9b984e348d99990ac10921e2c94cd7774f0950a1f02b9acae45de046d |
| SHA512 | d41af9d94957f88ab68f15f82b3cbbbeb88af903e759111c83190514d8befa00995bea19dcd8ccf80d8ad43711a364c328bab10d0ba3cd949284471844c97768 |
C:\Users\Admin\AppData\Local\Temp\Swoc.exe
| MD5 | d382bd9efdab77d6fd959c7faea010e9 |
| SHA1 | 7374bce9361ca6173ab840cfcf50a9d0e46bde1d |
| SHA256 | c205444387caf081e0698ab876bdaf2035458f1338eb7f90226cdc591167d232 |
| SHA512 | 4ab2d4b517c5f8f58aa70e270258c140c712c52b4e17309032f426c31458966ce2fdcd1f23849ad8b6d482308ea7bdf618175fb87917197b5cd945db1dcd75b9 |
C:\Users\Admin\AppData\Local\Temp\McAM.exe
| MD5 | a05d5bf3f0cc55733354a0cf9d40fbbb |
| SHA1 | a0f61464ffdd3baec54981db200178313798c37e |
| SHA256 | 7e080e84d725528e70c2cdd563143b77bc96267cc491816e9e389decb9dd8764 |
| SHA512 | 692be9bda1dc490d7597e73e56c5a25252697d2c248a331c496886cce03cbdfaaab943dc022bfb1c118ecb51bde6e346e2645537d197c36894dfa9e309d75bd0 |
C:\Users\Admin\AppData\Local\Temp\SEYM.exe
| MD5 | 1782f5025006a829b1e8e32a7c970af9 |
| SHA1 | a913f02f1570e291b5e1561e3b1144e7335f1ac6 |
| SHA256 | 0b7b9a22404cffcc2f38d31428c954d3fd852e1507831abce5fa4c3853ab0a9f |
| SHA512 | a7b1ba82aede5a3b063b37dd9261253d2e25d648e98b7e3296a7ba10edf59861e11c53ebb9f77bb4164b8b83197855ecc25caed86be3f4ed216cec7a49cb9d68 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\256.png.exe
| MD5 | caaa614e3b66b2d6f7ac76dc7e81411f |
| SHA1 | 6d9d16e152834d159613b7141937232cc74153b6 |
| SHA256 | 169cf7f2cc949ec4c5742c8f0d9b55458a0ba146cc0093094733c1d7f820c2e7 |
| SHA512 | 22ebcbae8fe6194f6188157889109ccc2e55f8e286ac89e930f9d93df04c31ceebaa5ba532274c2cd4d42e3def197af5ec4e355a4d2b540ba5e47dc2c9e41377 |
C:\Users\Admin\AppData\Local\Temp\YgkU.exe
| MD5 | cbcb813d1fbf5185213967be0837225e |
| SHA1 | c9bb4952378c2a83610c823c635a391a91170e11 |
| SHA256 | d8ea58021f20413aa9266fbf34bac4db37c742ca6d1630a08ab731372fddf82e |
| SHA512 | faf3f79ff823877bb418c2a3ce240a7541fb9dce2949feb85b944166265070d80315ec5a7b9ba5a59a680c1f9a46876cea6491c9289069dc4fe3f6edf8bfe951 |
C:\Users\Admin\AppData\Local\Temp\UAMI.exe
| MD5 | 058247d0d5206029651e73def633472c |
| SHA1 | 5a0cb1dffd7b500740229fc58e93d680c2227b78 |
| SHA256 | 8d68f097057020588d8e6de3e0bd87ea4cdab91ad76b70a05d90447779181021 |
| SHA512 | a279dca6c3d4e3692aab4e1c623261fb9b7ca9deace5a1c7757830da8c50ddbb116341ce894d6142032129ec9403e08c161f2974647b3ce214c1b166906e2610 |
C:\Users\Admin\AppData\Local\Temp\ScwA.exe
| MD5 | 98229b537cb739915192566245e9e656 |
| SHA1 | 3f0b916432fb07abfd70a4013bcc22ee0992b826 |
| SHA256 | 98381066c76b1b83f29992a2239a8562c1d5c9b1616eab3231ab7bef8e89565b |
| SHA512 | c724dc89dfc02390cf32adf94d47ef754536825cb5a59b5bfe066de3f978a29e9223835ea2506a1986457d7a3994fb2b67bf6f2822a69bcb0cfe6e1d92fb11b5 |
C:\Users\Admin\AppData\Local\Temp\GMok.exe
| MD5 | 6f72a5ad74790827b3450a2d7d5e0c48 |
| SHA1 | 0abee5045c02db68154028b84708803c01732e7c |
| SHA256 | 462387a54a0b0652295dab3b735528a52ee651ec093be571e9315e729bd77f4e |
| SHA512 | 5db5f0b5ee72de4cb11b7a585dabfb5193bf8694f6cf6d731b99ee4fbc1b7b32152a138d12e43aff771a5193687ec7417a7664e10a0f5d7cad73a5b1d83b269f |
C:\Users\Admin\AppData\Local\Temp\AYAK.exe
| MD5 | 06355739b62fe00ced6929490fbf5c6c |
| SHA1 | 617ff32c6edfb8248c81105e04972f1aaa29a491 |
| SHA256 | f015c9b76dffc6aa023efa6bdac91a954da9f60c69edcc3f0b272d09a707ca03 |
| SHA512 | 09f57c69ae682d29e1675fc9530db918f651498c6680e0258bf71f236171d5d61eae532ed2f7301a135b974de1f327a9657412b13985f89b0f643ee0261ee774 |
C:\Users\Admin\AppData\Local\Temp\GEsc.exe
| MD5 | e6e784a44bb01bdc8e4391fc02c43c76 |
| SHA1 | 3856b5682147cca7cd2d865eb3e3e50aad17a58a |
| SHA256 | 659e8f6d05e3e3490fb911ec73bb0b82f20434c96e948a4ca555261e05a90a49 |
| SHA512 | a6ad393b9a96c2071a963d228bfbf1f523ea2792727fa795a1a2159a96333b5bc02b79598a4ce5de6b229ec4548d4248de006c32100c4c7476d9a8f0fa8ab1f0 |
C:\Users\Admin\AppData\Local\Temp\WwUq.exe
| MD5 | 13be1d0c5d3cf5de7e1d1689acda64ce |
| SHA1 | 079a6a74e1d70b90d6f78351b2736443ad2ac691 |
| SHA256 | c57554aacff10fb5b5fddb529ae57c25e6d49c4def7629341d3f806fd8094d50 |
| SHA512 | ac7c69d142d00c1ba926992d1e6b9aac739b3013655efe6160b9835071eb93bf0d7233a97985961c1eee958f7a9e10afd58b0f21d0de973ce57a6ede3e0a6ebc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\192.png.exe
| MD5 | 1039bd96d403e27529b507e6dfebd7b2 |
| SHA1 | 34c74c1a72dc6f31cc33fb9acab25432b87c3b8b |
| SHA256 | c8ce30277527a1235b63fa011d1cfc2bbb657124dd8578d1a0c36b6650a2150e |
| SHA512 | 22828071b5afa2c5afe184d69f2afd17836bc9bcfeff119ae3252cd97ded09d09b0a85de98ffe2e5e9323ee0e4af3147f1609ffd166afcb989c128b1de265d0b |
C:\Users\Admin\AppData\Local\Temp\uUow.exe
| MD5 | ccd3d5f4b1616de4b9a0124eef939c2b |
| SHA1 | 822a175bf6ac2b426186f56b2a54a2ddcdb28a4f |
| SHA256 | 893ab76e0b31148809bc2164f7401ab27b4957483f4965b2e0ae576159aac465 |
| SHA512 | eaeb1a515ca21b0f3261ef5d29ea868268d5814ee4a49247668ec1add9cded6394897795b82ddb349581dd5a70b6d311e63321ec38e60122b7cc0f50fdec6ee1 |
C:\Users\Admin\AppData\Local\Temp\UEMi.exe
| MD5 | fd354c2d6ee7f75bef406a474dcbce38 |
| SHA1 | 0ea7ddf5345db5b25cb25fb088137d1712552f2d |
| SHA256 | 2feb502ad92e4123700ec2a5267c448cb075addbd4e083583d7fd6c5a295003b |
| SHA512 | c0e5455b23f98e641ced9e2d74013c1bd440db5a1cbf502aff9a5b71acda3ced4e5adaad26848d44825c91980109f2c2861cf5a0fafd801bda52f17d2dcb18da |
C:\Users\Admin\AppData\Local\Temp\yYsm.exe
| MD5 | 04e999cb842954f36233cf085cb9893a |
| SHA1 | 365b474f4d0508a96aa049b08d78e3fe0af99443 |
| SHA256 | 73480dc35fee10cc1262cfe030463bfe6df85b73fb3d588315a1b3ae49daa57e |
| SHA512 | aa9d19ccd3d6381dfafc5d8e5acc1b7e76b2815dfc7d94d97dfd9fb6d005e0d734964882a38284f4106d4d7074b791711d75d061fe62a0f4b93dda01b8a5255d |
C:\Users\Admin\AppData\Local\Temp\oMEo.exe
| MD5 | 0f672c71bcea5c5132928c1a3766bfed |
| SHA1 | 7d02065188dabaff63ce0b2716c2e001fe6dfa1b |
| SHA256 | 3213a7b3a8d82edb507d949c385bf64adc00189bcc44f4ee1072711efad97cac |
| SHA512 | 198e263fd620cf7e4ca43f592a11a8ca79e6f0a64c001580c9e54f0900be1d1f35a3efd87f51e29874ce20df8799af049aad49cf78f1d7e79a61e22c68155f17 |
C:\Users\Admin\AppData\Local\Temp\iEkW.exe
| MD5 | 269eb452424dc1792735e159768862a1 |
| SHA1 | ac75a9201929f2ac2e967c191ca5f335ad338c27 |
| SHA256 | 7d179f4c50eee2520efbe0223600404615398c3a5cd3f53802fcc6c24e08422b |
| SHA512 | be33c71f3d783eaf51d08eb19783d977b0984fc0dbd0601b236455ced5e11750ece9e436f9de1436fc6daf660ce791b83be32f9c18f1495a246c8d573ddcb29d |
C:\Users\Admin\AppData\Local\Temp\mgMu.exe
| MD5 | cc7846f07c09781934d9dabc7cd86888 |
| SHA1 | c79f7e0c15841fc4b52f9d4c449b60a95a563eb6 |
| SHA256 | 7ea13df782cc4c64795a36f1a8ef75d4aa7d5a82ad8aaef9f61838da17a0c21a |
| SHA512 | a14a7fc55a04c24629372190beb8b019dcc813a3ed6a8ddd742495eb470abefa5336f148f95c3d3cdf06b223be4642ee6e9340ac58c9d1d01a6ac114d39eed7d |
C:\Users\Admin\AppData\Local\Temp\YMAC.exe
| MD5 | ba13e41dcfd3ad49ca4eeede57c692ec |
| SHA1 | b98f16bfd99f1ec1cd6251e6ef1cb92841695e8e |
| SHA256 | 0736fa6475839ccc7a64d7436792aac326edce851b31a17726112cb675d1ce79 |
| SHA512 | 4ae59158fb392288f1dd01278ffe12c1d0b5b0c2b8ea65025015412e179c84b228557ade191d78f8385b5dc08f3c1f6e318c63bd606de1f256172ebcaaa2eb82 |
C:\Users\Admin\AppData\Local\Temp\IEQY.exe
| MD5 | 41d0b1a0d6fdf765edb181383d18526b |
| SHA1 | 776b0407ba558949b5f10d0e65ed1475a17151d1 |
| SHA256 | 9d6f7626ccbf10c45fedccc2c4db121b910b38cfc3d2331e8a5ed32627e6ec3b |
| SHA512 | 060b211fdad93b3e3b35e7e1f10e2cf9fa5516813252da1bdcbb21a47ffd100364b59437f2b8353b11535e937722e5ae5199727cb05489c6734b8e09837b626b |
C:\Users\Admin\AppData\Local\Temp\iokO.exe
| MD5 | 9671673d930249865826ff94fbb8020f |
| SHA1 | b8263f03efad47e74292b01ceb6c75b63f95a88a |
| SHA256 | 5455b5f2c074f54fc9e089779ad52114a3306079143b320293fb174d60403e47 |
| SHA512 | b83ed464cf2c5dfdc2cddcf2c1520d9a737109765e3f6ad99cac3562aee72cff4ee59c2d2003b80adb42a8b3fde609b3d04856d0873607588e78b684edb99317 |
C:\Users\Admin\AppData\Local\Temp\iIkA.exe
| MD5 | 06e9c634b45d5576eea4c1b028f1c95c |
| SHA1 | 5a2d3d693396758cc8d35ea3fc6e6ce8f4133c90 |
| SHA256 | c8318b62d9baa3d0e0a51be67dbe6a9724f81129ebf69dff134d9936bab38507 |
| SHA512 | 9917cc7111ac4c8e6f3fca83deffe67affaed12cc0a7a17909a036a50477f146dcacd32745c8d569718ede273d557ff835df437b08a0a894ff221769b36ccba9 |
C:\Users\Admin\AppData\Local\Temp\UAwy.exe
| MD5 | a2c9107e3b4e85cd08f023948f145717 |
| SHA1 | 64872777e2cb8ee146321a26cec521feed375d29 |
| SHA256 | b7c297d0f5efca1768ae814865d6a0aa9656978193e541d1a9a151aceb4135b0 |
| SHA512 | 023686af10c92800f469ea7cbb973459f902776aaaea1e54d120bd1ea3096d92ef4cd79f82d1bd91c5db50034c3f4d8a7f8ade80a0e324c1d4830641aedb80de |
C:\Users\Admin\AppData\Local\Temp\cIAa.exe
| MD5 | 0e9753f3f1e7082b8235ed2726c7e76b |
| SHA1 | 48d8a2f3e842259bf84932271ed271fac6859913 |
| SHA256 | 7162dbb0695695d50dc2588280337d583ea72cb506c84b80943856728cca989a |
| SHA512 | c503a0ffe20b7684f3abf66d4270e98b6f7b081239760b4ba9b46099f2eaf7c513eaf743c99c45bcf1ff6e834531e415e5045978c702c34b80890ebb5a4da382 |
C:\Users\Admin\AppData\Local\Temp\Wkoc.exe
| MD5 | deee2ca235072b82bf0aff5e90c0bf27 |
| SHA1 | 8cad4a9cc720e648b65685b0faf20de9b6a9d6d5 |
| SHA256 | 030340fd280dec3fa9f76fa36951e81e92c7743d54f0732be3f332d6f851cd20 |
| SHA512 | 1f6f915931500d6ebbc76ceb4319c1fa09c9aeaa8dbca6c23f07e26a50d5a7176a8ef068f4285f6e56d5d6207a60d3d6ed1391395cbf3ddd48b0f91575272c06 |
C:\Users\Admin\AppData\Local\Temp\QEou.exe
| MD5 | 58023fd41b5e9eb552793d7a0e81e174 |
| SHA1 | c566541c7f45767ec6cd54d04d0ee6f536f82758 |
| SHA256 | 0839caa541ab1e8bc05c94513cdc3b8292030c022cb420c718cfd4ab39b6df85 |
| SHA512 | 72d5df06d0bcb42a43d8db00f28e63d20d1ea2a79910fe84ee3f0d84628df9efd7ecfc7a26b082bb0a3b73ef6842bc01fde2177669e2088cf589c8854f41fcb1 |
C:\Users\Admin\AppData\Local\Temp\YwIw.exe
| MD5 | 1fbd972e6fdd0d9480ef6f7ea4fc67fc |
| SHA1 | d4b697c1b99ba70b0aaee8694f2a7c4795320305 |
| SHA256 | 865e14d0ba357f4965d2f4ad24bdee0c8424b4fbb1b82d38733d56956d937c33 |
| SHA512 | 7c51fd1c1988104458b4def24c2099922363dcbd18b131cf2a449c4ba56193634302c34f94c43c341a379559e9ae9aff99caca22777dcabb57e2ab19e4e34ba1 |
C:\Users\Admin\AppData\Local\Temp\oEMs.exe
| MD5 | 34b404ab6fc841f874a6b4ebbceed8dc |
| SHA1 | 88d6400e8c46abd4a360897ffe7fff11bb4e7787 |
| SHA256 | eee8244bd644545e993982fe11cc07b36ee2db8a1c2bdae8b42c43be22e942d6 |
| SHA512 | ca5ed2f13771c44fe9031fe2b775e8ed08feda78dfd85b8521136dafa3bab192a2080b87bd626f9a8cec37a94c16fbb9332bfb57c1b96dacedad6a45fffc57da |
C:\Users\Admin\AppData\Local\Temp\KAYc.exe
| MD5 | 7e662eac832a6c1fdb056a98c00c7eb5 |
| SHA1 | bce91c0af16c8bbdb3e24d6aeeeb27af880de212 |
| SHA256 | 415eedb0c58863cf6f7ce39ee565d39b5d1472e3f72665c8a7599f38adb4087e |
| SHA512 | b9a5efd706c0f6a058328017bf9932bc619064ac2c1e2f373fa04a2f09e8d3c2046a4ceca14fe50d04b838a61d9cb9920aba4b173b6e0770d4388555c9fef63f |
C:\Users\Admin\AppData\Local\Temp\oIUs.exe
| MD5 | 9264ded5a8d7bf3c31c9001c890b459f |
| SHA1 | 4195343cf4ccfe677e0697885c27bd487cd5c5c5 |
| SHA256 | 7b2cd29e3291444f1e99a915597f0a7f77a06a31784b4172a979c7e87f545510 |
| SHA512 | ade69acd2c8e28b112dd65bf8350a7e6deff52dec0c1b78d0b41b5d94aade3f404fa16e60b5384959a69ddeb919677ec2761de38f161fce26e68415d6c04a7a4 |
C:\Users\Admin\AppData\Local\Temp\UAcQ.exe
| MD5 | 4935d210c02fddfd5ec6f2dddc816af0 |
| SHA1 | 428e8c7dc8116c873643e711555b701c5608fa15 |
| SHA256 | 17061a1d80a3c894547d9da98d59188d228f98954abd118a62426679fcb113ac |
| SHA512 | 4466ca24cb9fe19c7f2de92bb48b6ab75d0caf53cea4c1e40fd387d881228725dc32f8547a54644e9d333178362653160db396e3c67b57287fcfbcf52ab5854e |
C:\Users\Admin\AppData\Local\Temp\oEkS.exe
| MD5 | e17e2c1d98a1ab541613c87ef91c4320 |
| SHA1 | 5379d5dac499d035264561df3ce5f9a891b9491e |
| SHA256 | 59602dd4a1050dd84cf76d8359e289bcbe2371e622772d28a0ae7c3d21c08532 |
| SHA512 | b9a27ce5d8d02ce5fdb67d50de32b0f91dda7e2581ab7f9b3142594b530de0bd02ff4116ad021a909a1ce2ec76b79783dea1ea97eecc96e38ce93846a3e05282 |
C:\Users\Admin\AppData\Local\Temp\aMIC.exe
| MD5 | e30f53442e635bca5ef9bd64fa9b327d |
| SHA1 | cc1ccac8462d043e6913dd28f47ab94e4cf78695 |
| SHA256 | 6161378f6a83c68f7077ac84f26fd51543167af7343697a816426b11737a48f8 |
| SHA512 | 2b5b98b766b9a8ef2b4b5f0ec49f4ad7561c1adde95739f2c9776a15153dccf8eea371a6a829a7e5f3b5002b1fe1c51f196601bea6626971b85df45b1246ecbe |
C:\Users\Admin\AppData\Local\Temp\EoYc.exe
| MD5 | 1c67794c925fb5b5fc6343627544dbd2 |
| SHA1 | ffc9ae0fc5781dca5d4d9fe7dabaf116bdb53bd3 |
| SHA256 | f0e8b7605bfb23e5e495c5760d4ee3baaae428ae4ee121327b960470a0350268 |
| SHA512 | 716b26248b3840c37f083c345d58e44a7eaa08645dd07391a1d888f8f17cb33b94b4bf456e9e775321375a77ed6365e6768316724027125b1559aca7e9954415 |
C:\Users\Admin\AppData\Local\Temp\yQcu.exe
| MD5 | 6a5963099ae5f3dcd3bbd9ff059b651d |
| SHA1 | b52dfee2ae6d491241271ec379e0923e64aeaf77 |
| SHA256 | 2f8c17aad7b293cdfa2025dd260894e1b54fc4450a0756f2df09ac1a140c277b |
| SHA512 | 82793467100e61a73713c7282a1bfefaaefc45b40f6a3b427710a3eab76109293d81c9914d3d21c85e9accafc2566b39b76edcae8b75ecc275f1f7657f4fd441 |
C:\Users\Admin\AppData\Local\Temp\WcQy.exe
| MD5 | 30d60ca785c857afad81d3cf8de03d90 |
| SHA1 | 911edeb62cfe73ae40b1c1557ef05b3a2d841c1a |
| SHA256 | b90dcb9c3bec73d8b3a3a7790a8640c272cfaa95d51fe45305275cbaed794322 |
| SHA512 | bea3746859317bd1499bb4ba991b0774f16c511cb51978dffa0b0c0c8b32a787e3028728de14af321bc5ca63e07029cf62fb669a26849166cf6ac6288004e5ea |
C:\Users\Admin\AppData\Local\Temp\WkAo.exe
| MD5 | da4374097fb1ee64bf3bef7118d417fe |
| SHA1 | 61632cc7af90718087fae05d6d3dd9b288940b53 |
| SHA256 | c5cbbc512bba374a66936e8a779ed03607a3a9e9a5b3495718d2efec6ae87915 |
| SHA512 | 4dbf2f5d74909d082f36558af99d60627d8430a928a1489365d54dc2091ed2b22221b2d8885cab576ab26ec65496c33044d8d6c34efb0acd44465b850d4e2175 |
C:\Users\Admin\AppData\Local\Temp\qUkS.ico
| MD5 | f31b7f660ecbc5e170657187cedd7942 |
| SHA1 | 42f5efe966968c2b1f92fadd7c85863956014fb4 |
| SHA256 | 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6 |
| SHA512 | 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ScreenshotOptIn.gif.exe
| MD5 | 071583b30a0db6636b63d108c330b7b7 |
| SHA1 | 705f28c39919093d20ebf391a55c634bab2e3bbc |
| SHA256 | 88c5cdf571feee419c2cde886c2b08d984bf7966b2bdafe58667841986cfada0 |
| SHA512 | 79301210c7faf4df5458fd3b3d6cf18ec742cde0cda13cb716b227cd35854b2f231918e75be34c99891d86446607d1d60474facdb945090011cf94efda162236 |
C:\Users\Admin\AppData\Local\Temp\EAYI.exe
| MD5 | d8c7c5d38cdcdfeb1383b3ce11096a21 |
| SHA1 | e7d8384d14fd58a498d2370de7500669c5a9b0bd |
| SHA256 | 184c0cc9c4fcba453a778b025de31395a7a3c4ff1286bcb094dfcff90d471784 |
| SHA512 | 19db7b4b064a1ec782c9607c8e33673815aaf51416794b20d7370e5587e5e7d9e6b489c23711b33183cfa4e059000d059046142e223f90f3913171b98fc54ee5 |
C:\Users\Admin\AppData\Local\Temp\MAYk.exe
| MD5 | aac92578f033317bf7706a165e4fe557 |
| SHA1 | 260b787688afd260987596caef0ca0c34b53c8f7 |
| SHA256 | 31b18065f9ba4da5810b0d208bc2eb4db4171877ae7b62d325e8aa7789f2a73e |
| SHA512 | 38f1c276747739c0ebcc4e55aa71897a21ad3dc57be8555f088646854c59e8ac68e238c5724bbf10fa7f5cdb4a4da23f67777142999c171fa2c50f11948055d8 |
C:\Users\Admin\AppData\Local\Temp\CAIo.exe
| MD5 | e63419feb4275d596e625aa1d7550080 |
| SHA1 | 198350469beacbaa0d4f04ab40f31834354f4201 |
| SHA256 | e78712bbda19b0663e9d3e9ad870c35b8538885f1bbd553cbc20f93996befb8f |
| SHA512 | a057e3eec8b335e6069b1dc30fe73c8f413e71e96c1bd3d94819b996ad7971a841f5e7d99017d07f08ac6a0696e6c322eb8cc5edff4964f1310d6a7d93d7e123 |
C:\Users\Admin\AppData\Local\Temp\mgAQ.exe
| MD5 | 6c11646c9f2e49f68007b6d0d697af69 |
| SHA1 | 6b50d58f0e7481f1e54e39b67a0757ac871acb95 |
| SHA256 | 8076ad4e1f24c6db6084e54fb331004f78b1ddad3ab0a6580bca109cf12bf400 |
| SHA512 | 562c46b4e79ade98945797c294cbabe709c5646f7756f21dd8c779ba1475297e53a614daeb075aacd1e0aaa5c9efac8688a77912a6710a29dcdb26864809b963 |
C:\Users\Admin\AppData\Local\Temp\ogoq.exe
| MD5 | 7115f6bb22b25d78203ca0f5e6cf7ce3 |
| SHA1 | 302ee32813ebb661acfccb8b65e2eb43bb0464a6 |
| SHA256 | 92f930610a57b6a35b5be7a55c930c33bd9daf2d0e9f2613dd40acd112b2c085 |
| SHA512 | f485bb7a9e860e3e56e3616c4064193159d568fe1f5b546e0252fbcde758aa10b12973202659d41d18548cde585e3a163609a3c5ac1f6fa5a3299dbff9a765de |
C:\Users\Admin\AppData\Local\Temp\Ckgq.exe
| MD5 | 63b049534fb730e772f8b127c569e7b1 |
| SHA1 | fe2ab0822b270630a85f2240486e02d39e3839dd |
| SHA256 | 60678f90fbe348b0442dd258fad801814b87e093100ba3d41a9eeb001ebc7436 |
| SHA512 | 2d226c37ede7d21d5c2524a333013b36f0b0b1a22bd3277e2b221ed81ed777201c9c3ff1c1b20955a6e9a2a42a7590136293af93456c123c2eb0f4f3d8995c55 |
C:\Users\Admin\AppData\Local\Temp\WUIw.exe
| MD5 | 36da4080b2843f0dfa2325d8d02da304 |
| SHA1 | 66f71adfcf5980b5742b0ce10f0f8d4102606519 |
| SHA256 | ef82835b688225727d898bdd060e2d3bf060a0c55f24a427814af723b5be2576 |
| SHA512 | 3f12c7f7482f67abb1a8c5de6875b0829502d3cc7246fe9f3f6a19dd01755fc773f66b5edae7344cdde19ed149a76b2025a943a50e1d66c78947f7ff9d59e86b |
C:\Users\Admin\AppData\Local\Temp\Skws.exe
| MD5 | 0d3cb57ddc9cd4b6be553ad773e9bd9c |
| SHA1 | 78345c54fc5744a4d774399126111a53a13d51a4 |
| SHA256 | 89cc25246672afe958a47cfde89124c384263384bf3dc718ec8a012df6c1aad4 |
| SHA512 | 291738f1fa00329af5d340ee0573280cf607cf0cff428c4021a563acc9d076eac57d963581de343f194e8ebbc683385d790cdc2fdbb5560eca4b1dbcc1e220c9 |
C:\Users\Admin\AppData\Local\Temp\IEUu.exe
| MD5 | 575e9ab711d559d45dc7c415d68472ac |
| SHA1 | 339104855f4aea7353791ee342a1981a245fe247 |
| SHA256 | ac12b5a94398c7d94d6ab6f9b2da7399fb3b3b4c20b7a8f419285e3532729ad5 |
| SHA512 | 0f731e78c8e8bbe4ed9655e6be1ee56beaf95841cd1bc66a1c6bdcb517763e292dbef389fd027657d4ec3ff2aa1a66e95b30ee9de43ec6630eafe78831a32250 |
C:\Users\Admin\AppData\Local\Temp\AEUc.exe
| MD5 | 26ab53427872872a62af282536ac4207 |
| SHA1 | 4012cd37219a9343dde2c29b59ca46721209ce8f |
| SHA256 | c370993a08bfcbd87ab753c913df53c930199b428d5f13e2001131c7179314d1 |
| SHA512 | 3adfcf9a11d266dbf0d6be7cb42c9e6f451fd2ee2af6ba80574d1c4dcdab126053bc3e0b6fd31509b5d22e850d3ff1e76504cb6cb39f33e29de839cbe4bb2ddb |
C:\Users\Admin\AppData\Local\Temp\uIIK.exe
| MD5 | 2613c7aa414aa20c2bd7d89f7742d279 |
| SHA1 | 740801ee61b313f2acead142f108c5bf7ee09f68 |
| SHA256 | 0f466c9f9085bc4311d781fd07b8ee58c520353e1e22237666cad864b228c08e |
| SHA512 | 1194b3875e63f09add2dbd05b3a128d4bd403fe004f6f52b77282373079a8a37cb8d072408cee501dc389fd347be9f187437c1b667ee5a5c73d367dd7f88a0c0 |
C:\Users\Admin\AppData\Local\Temp\ucsM.exe
| MD5 | 1867af1ab1bbcc7b1c905b0433400f29 |
| SHA1 | a1452959cf466c962e319f3591a312b10a8b6113 |
| SHA256 | a6b50eabd465900110976d4b19c2695c3d31b1dd99b56df0f9226907784158f5 |
| SHA512 | 7d70873c0372fd534c41ca5e8b26f153e0e5b8e64c74e229c33f7b85709b6e9064a1c2a7705c940f7f1742aa0825bcd08065d3ca637f5b7170d4d8e766bf848c |
C:\Users\Admin\AppData\Local\Temp\aAEI.exe
| MD5 | 4335f54d8fdac129d2f35aafd0dee1d6 |
| SHA1 | 5d1ea79387e03792e9e969c3f72dd64ddd0067c1 |
| SHA256 | 531c40e55c116e753763a20781ec92366cdaf9f6179ab974b78a3a970f695cb5 |
| SHA512 | 5662863bbc2736e3a76ae17c7773d6fd1b3335f3d8296cdf8ae043ed844b68b3f971cf82dd9d1c2aa5b8403f8fdca764d63b1e3ad012a6455444faea8e84ab8b |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetCache\K4803NMA\th[1].jpg.exe
| MD5 | 8eabcb02ded65086833c78b7b2d02898 |
| SHA1 | 0eaceec4855bb8a8f4c039c1f1747e3096b1a1bf |
| SHA256 | 8e4b50ea7fc7696dd831c492a8be9d084e6b9abc6d7a85edcb0e19c61c68855b |
| SHA512 | bf0b9f31887ece68f1f92bdd57f46734ce4dab81a4a782c4b0525ec75549e8d474669006e445af7696ef168ce82823ae79301471111e7cd7ef911a18a021f1d6 |
C:\Users\Admin\AppData\Local\Temp\WwIs.exe
| MD5 | 403acd1e12cb97db04f986d3250b026b |
| SHA1 | 41d88403ebf3e0bf92f81005f64ec2f7cf89d83d |
| SHA256 | 90c0248eb2c39f57c0a79ba42a12a1d1a409d680318540829a72fd3a8b61573d |
| SHA512 | 58b2ded6ac5c6e5047042ba814fc02037873e8b9646218292f1993ad02f8729996ef149f5487fe3b5b18f359208dea1faa539ec123d114a30f2ed3fa277e66eb |
C:\Windows\SysWOW64\shell32.dll.exe
| MD5 | 26c2da0aca7462aa1d9322c07bdb9fad |
| SHA1 | 644c6c6c4bce1ae8b36f38974a2a1a2aa38bf186 |
| SHA256 | 66c87770a4fd24277b87dc2881b25596d8737840e96a6223c6a182a1031f72cd |
| SHA512 | ca472c9dda942fae6f4f73ed1c0029caec3c3754b666b6fdbc86c16a413a9d1f30ce1eb7aa7a0e8126f1fa5d7f411719987ae22022ec45be2a9938eae5b71296 |
C:\Users\Admin\AppData\Local\Temp\MwES.exe
| MD5 | 1b247392bc01dfe69a6ae0c9c7017138 |
| SHA1 | dbab8f05bcfdd1b7acb2f38ffebc04ccaedade7e |
| SHA256 | dde42abe235992133f6dfc03bb3704414c11ffdf497fff12458b2ebff1c3845b |
| SHA512 | 72759775603b8dd5ea41f836c47c36f95f8ea641538e46fa61a8ac655c845f56d2ce6c38f9b99a164aa76ad293fdc21acbcf69a0b82e7eb179e59737de2e1d13 |
C:\Users\Admin\AppData\Local\Temp\WIkq.exe
| MD5 | d682d97b472760508a44f8fafb7b38dc |
| SHA1 | 0969b62044e68750b1d0829f851974bc8e6284e6 |
| SHA256 | 8a97736abc8ad033af4ee62d6470fd60ad3024cbde97e5c4658970a012ab4bce |
| SHA512 | c29498b0b2d5941a52400458d2572806605e63dfa14ac99b6d8a6a05f7a8841b24715ff379e6a283f56d99173c438cb108e3e6688eb6cc1e6b9c6139d463f2cc |
C:\Users\Admin\AppData\Local\Temp\sYkg.exe
| MD5 | cd391884e1f43fb76ab5e8cc00435d49 |
| SHA1 | 7c056c02a5228bd4249545325a0c76d3579c0d4c |
| SHA256 | d47bbb06cfccca9e43ccc4c8a42308147744d613cd9717952e6b583d42fc4c72 |
| SHA512 | 21ee1d8c57aba93ee98dcd932e501575cfb2b4851aa14cecb060e434c82418b86c898829e87f47b6887a68ade5c162645a5926d7142776783ee8693a44da1e79 |
C:\Users\Admin\AppData\Local\Temp\iAMA.exe
| MD5 | 431c244dd84154e054960ffa03f80ca6 |
| SHA1 | 725c07810866d66b2a158b6bf8a0e6a9771a0332 |
| SHA256 | 9760a9be6dd731c2f071f2f8a16ad2ed4e7c5e1af62625c14fcd0a0c0e51e0d2 |
| SHA512 | 078e15a7f9ad63fb7a130e4ce2444a0a83672bdcc1704e594302a16651f9eaf86361dc0b64ddeb528e4e3e3b49cd90869712e6f1bf3842c7070d23e7d9e32ab7 |
C:\Users\Admin\AppData\Local\Temp\ckgI.exe
| MD5 | d8baae1e26a68e21333b46555beca9db |
| SHA1 | 23ebcceb42a12080d32e8ac94e8146d39290c20f |
| SHA256 | d55b5e395b04a223f7194a1ed0c4c7b26940f498db1530d5a45af7e632d9bcf2 |
| SHA512 | 5ebd6fcdb87ac11bde2f6c3b74671d8bb9a7bf7ecd772eb0aee9e0f49b88f6fdf23c5dad01b518afff9765773ae66ca60009009dab61e9705c5504682ad547f5 |
C:\Users\Admin\Downloads\ResolveAdd.mpg.exe
| MD5 | 875c6165d1646e673691445a5feb4754 |
| SHA1 | dbc150dcd3c8f5f7b4db6b05a014922e9ac97f4f |
| SHA256 | 230c027d609d14c9012cc4e01dd8c0618a04c79c3cc2167753e180dcee5fedf2 |
| SHA512 | ebd3692c3e37418c52fc63c8655d5a29589f3c449017ff0d5e9e595c680bd1d77720d59a01e707d34dab6fcb8f8910aa38ca3a51a5c5d02de28c89cf49146a0a |
C:\Users\Admin\Pictures\InvokePush.bmp.exe
| MD5 | 26e91cbfe891d7119be310eca19c86c2 |
| SHA1 | 20fcb7ed0e8c5f37d5b2ba51c3eecd3ba783310e |
| SHA256 | ec2fe6041584578a4bfa7c19a9254b4f74d36cb6d436b98985cf9971ed6bc637 |
| SHA512 | 53954ada87088ed5a8c5049bec9adb1cebcc8e669689c0e4603139f5f48262e500b17540da9015f5c10b70ba425da0dc4d86d5fe2aedce3f6ddc1ddabf9eb55d |
C:\Users\Admin\AppData\Local\Temp\asIy.exe
| MD5 | e1992b6e239a45511e2c3b29f4fcb485 |
| SHA1 | 1778c2ab08dfbd21ffb4f244971eedb6417aab51 |
| SHA256 | 559d77627b2b5bf55ce6bfbdbc9ceb6568722e1c14520761aa3d4eb7d173e463 |
| SHA512 | c4a120fc5da20ec3d09f50250c62b4ac1510a9d41e51ccad1a4865371aa5b7826be0adfef432c03fe2f839872e0e5e8eac947c2eb60e437da2a473291e4e5e88 |
C:\Users\Admin\AppData\Local\Temp\cgwY.exe
| MD5 | 4346a704cccd9c71dab9ddd6710b5e71 |
| SHA1 | 0a06cc15545c67fb90cba4f213b57a2d42095d68 |
| SHA256 | 1d5b5321de839878a828d52723d73fc2b8a799753db11368899df849249153b5 |
| SHA512 | 64ab4cf20e5ecc5d40a1d9b0ac1ce2217ed4c628b405c3df62af5e90b9cebeb7232958306befdf7ac72b43800da53be3b8c2236baeb9d9f8a552733ac0cffa00 |
C:\Users\Admin\AppData\Local\Temp\KgYq.ico
| MD5 | ace522945d3d0ff3b6d96abef56e1427 |
| SHA1 | d71140c9657fd1b0d6e4ab8484b6cfe544616201 |
| SHA256 | daa05353be57bb7c4de23a63af8aac3f0c45fba8c1b40acac53e33240fbc25cd |
| SHA512 | 8e9c55fa909ff0222024218ff334fd6f3115eccc05c7224f8c63aa9e6f765ff4e90c43f26a7d8855a8a3c9b4183bd9919cb854b448c4055e9b98acef1186d83e |
C:\Users\Admin\AppData\Local\Temp\oQsS.exe
| MD5 | 34c00c155fe40231c461a2f155d68f34 |
| SHA1 | b0354712778c162a8592a059fe620a49181d6a9c |
| SHA256 | d5191fd482597dcea5620fdbf583efc495275cbd203deec187b9e8b176a5cbc4 |
| SHA512 | 528e6a7990140dd04d2afbde6a98077676334076c600585801588b1a8eb90c135d63c3a93f62e3aa63468cc0aebe67ad3279ff4aa7f77367fccfd0f3256d7c55 |
C:\Users\Admin\AppData\Local\Temp\IocA.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\agAC.exe
| MD5 | df9d27b1140eb507bb9a3bb37f998720 |
| SHA1 | 475125fe0beed68bcb1687d5e63dfd4b7982a99e |
| SHA256 | 5f36cdb365b39a3f7b3f441d3a31c5acfc8fd8ff11b166023a301bb87e5b3bb8 |
| SHA512 | 104d4b28275b7413727c0afc9122e67fc2b2aec0f0a2d78a40d76caad2c7515f8a3e7adeebc9eec6cbb05ecb0e3e3f25b2e44abeb8293a233fb4964e4572de7b |
C:\Users\Admin\Pictures\ResumeDeny.jpg.exe
| MD5 | c7663e6103b582e41946126977a511cd |
| SHA1 | 9cdff8a87c2d76ea3a9091d3a4420f9c4726061b |
| SHA256 | 19294096100f474509db3593ba596d86f6d50de0f4ee9305a1964b5bb0ba2b0c |
| SHA512 | 0a1697a2ee7777688b3b656d425fdebc4a3bb01d121ebc8c231bc77548036b62991862bee34824c87651b1a106391fadd128f811b8025e47485d2908d83e31a5 |
C:\Users\Admin\Pictures\UseUnlock.png.exe
| MD5 | d87c6e8ac4473d7505182b63afe4449b |
| SHA1 | 77067e886ec22d9ce835032cc6e23189df9f6305 |
| SHA256 | 09e34b9dc50ae36a868d8dd446ffff4eeddc60fceda06bce8b8b91a823544c72 |
| SHA512 | 5559743814c9f37f532404c441732b48c6e4c419d0069b657ff9216bf2a0213315ac6f487f3445374ec732d53c41fc224ad7af6253b95795e4f9fdc27dfb5645 |
C:\Users\Admin\AppData\Roaming\ShowRepair.mpg.exe
| MD5 | 074d4e44001f17f354abddd609d9b92f |
| SHA1 | 18bccdf22472c570823f0629e55be09e172d78c2 |
| SHA256 | 30bb798514ae65354887da4ee83d284d32fda6222d2e9a7d7b73d2690f152698 |
| SHA512 | 884fac50dc6b65dfeafeea17f0f11cd171c8d39c2d372aecbe1d2bcd26a6753997eb94094231e461bd9fc64d77d13f4385b358433f4e097e08eaf3c0b27efd69 |
C:\Users\Admin\AppData\Local\Temp\IEQA.exe
| MD5 | f5583fe32224b4c7d8452eec7a4f2ed7 |
| SHA1 | d8caf356bbc436015af38f1bde80db89d9e28cb0 |
| SHA256 | 624c832aebfdb98ce9501a8832e19a8459826ea17ad2bc591b038e52cd8b9a17 |
| SHA512 | 18a627d54de906daca7575a9336bf0ccfe1c33bafa0364f5c74a85c745a7f10b04e86565752a4c2936ee384403cc28a6fa6029f3593c04d071fbd4197dd87a36 |
C:\Users\Admin\AppData\Local\Temp\CoQK.exe
| MD5 | c8eac2f7ff28fef90e4c91b42622fe58 |
| SHA1 | 636d8c85e2fbc573a9b41f9b80072ab370eb16a4 |
| SHA256 | d32a80cf5996fefd8d4414d2eb77be8295d2118bb01f623025f2bbd20ba5fbb1 |
| SHA512 | a0ee00b075f29bca83d67f1ac419b2b29a27dd2b63b1ce1d77fae7703838569b26e515381ee00ddb2b9aeff7a2249f0d4d21a6104e994605bbb89a7d687032e7 |
C:\Users\Admin\AppData\Local\Temp\ukYk.exe
| MD5 | 98d55f0a556b3bdbc60d9861a3ef1aaf |
| SHA1 | 09044e6dba65dfc5de415a751f065aaa998c8280 |
| SHA256 | 91e58c9967106b139728b084360c9ef3fc28e6b9baecf428ce30469685a0e145 |
| SHA512 | 3089f31b4423fcf716ec051c4ff0dc0d7a7fca1f699476d7097cc480b75906232b7ca1d88079144c2b9c61fa16061ae63d9814cd6af4f6ef9e253d721f53791c |
C:\Users\Admin\AppData\Local\Temp\ckQS.exe
| MD5 | c01179bb73d8c92729fe8126a54f6543 |
| SHA1 | 78a9737c28fc864983ede7dd182048e80b4a3ebd |
| SHA256 | 6d7db65f33026b657059804a0d97a984e1a3e9b6651f85d5cd7827ddbb72c8b9 |
| SHA512 | d3bb14a362b18cff67c49681dbea8e4a277c0a143ea10a0e4431a3038e44c606eba674927c635369d1516c77a80a13038258ee7eff56ff68e77669b770d7b608 |
C:\Users\Admin\AppData\Local\Temp\owEq.exe
| MD5 | 83ceda5066dd1a989961b4756a90a9bd |
| SHA1 | 7606320f56107d157b585a7a171a9ea4cf2d39be |
| SHA256 | 7d5737b4d6c7502ce15028207a8d2658e578821cc7065fa99d50499181fcb820 |
| SHA512 | baaec16117aa46ba3d46bea1da7912936ecda4b9f9f8056e33d744d65449d7a061dbc48e6e63c727a959299dc64f8a73cd09cda8de582537b9b8c3cbc2ccaae7 |
C:\Users\Admin\AppData\Local\Temp\cMcI.exe
| MD5 | ab78674b41a450c711a49bf156f3db73 |
| SHA1 | c34c6361c48431879f97c51aa7d9569b60b8ad96 |
| SHA256 | f6253eaafc9a9752bebe4dd61985a6e4ccca6494d09234d737e0eb02555a0346 |
| SHA512 | c22ef4a437ab9b0a7d8b2ad5cf379e36553ac2d2724d0d6ed25bdd395ef9d661bae37353510a98615928ca5dfd2287c23b91b6b015d19e78a7b23a97b5e30802 |